Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
OpenID Security Issues Ashish Jain & Andrew Nash & Jeff Hodges,  PayPal  Information Risk Management OpenID Summit 2-Nov-2...
Overview <ul><ul><li>Known security issues with OpenID exist </li></ul></ul><ul><ul><ul><li>Inherent in protocol spec </li...
Protocol Spec Security Issues <ul><ul><li>Browser is de-facto man-in-the-middle  </li></ul></ul><ul><ul><ul><li>messages/a...
Browser as Man-in-the-middle  <ul><ul><li>Messages and assertions flow unencrypted between OP and RP via browser </li></ul...
Session Swapping                (1) <ul><ul><li>An attacker can cause victim browsers to log into RP accounts the attacker...
Session Swapping                (2) <ul><ul><li>Various Possible Consequences... </li></ul></ul><ul><ul><ul><li>&quot;sile...
Browser/HTTP/Web Issues <ul><ul><li>E.g... </li></ul></ul><ul><ul><ul><li>Cross-Site Request Forgery (CSRF) </li></ul></ul...
HTML discovery / Phishing <ul><ul><li>Much already written about this </li></ul></ul><ul><ul><li>Protocol spec is monolith...
End-entity Man-in-the-middle  (RP/OP spoof'g) <ul><ul><li>Where RP and/or OP are &quot;rogue&quot; </li></ul></ul><ul><ul>...
Implementation & deployment practices <ul><ul><li>Overall fairly well addressed in  ICAMOpenID 2.0 Profile  and  Security ...
Various items not mentioned above <ul><ul><li>RP collusion mitigation </li></ul></ul><ul><ul><li>Identifier recycling issu...
End
Upcoming SlideShare
Loading in …5
×

Open ID Security Issues

5,912 views

Published on

OpenID Security Issues presentation for OpenID Summit @ Yahoo (Nov 2009)

Published in: Technology
  • Be the first to comment

Open ID Security Issues

  1. 1. OpenID Security Issues Ashish Jain & Andrew Nash & Jeff Hodges, PayPal Information Risk Management OpenID Summit 2-Nov-2009
  2. 2. Overview <ul><ul><li>Known security issues with OpenID exist </li></ul></ul><ul><ul><ul><li>Inherent in protocol spec </li></ul></ul></ul><ul><ul><ul><li>Due to Browser/HTTP/Web characteristics </li></ul></ul></ul><ul><ul><ul><li>Implementation & deployment practices </li></ul></ul></ul><ul><ul><ul><li>...and combinations thereof... </li></ul></ul></ul><ul><ul><li>This is an attempt to help consolidate the list and agree on approaches as we move forward </li></ul></ul><ul><ul><ul><li>Though, this preso is not comprehensive </li></ul></ul></ul><ul><ul><li>Note: ICAMOpenID 2.0 Profile and Security Best Practices are good start </li></ul></ul><ul><ul><ul><li>address some of following issues </li></ul></ul></ul>
  3. 3. Protocol Spec Security Issues <ul><ul><li>Browser is de-facto man-in-the-middle </li></ul></ul><ul><ul><ul><li>messages/assertions are vulnerable when transiting browser </li></ul></ul></ul><ul><ul><li>Vulnerability to active attackers </li></ul></ul><ul><ul><ul><li>Session Swapping </li></ul></ul></ul><ul><ul><ul><li>Open Redirector issue with checkid_immediate </li></ul></ul></ul><ul><ul><li>Association (shared secret) establishment </li></ul></ul><ul><ul><ul><li>man-in-the-middle vulnerabilities </li></ul></ul></ul><ul><ul><ul><li>(RFC 2631 not properly followed) </li></ul></ul></ul><ul><li>  </li></ul><ul><ul><li>HTML discovery / Phishing </li></ul></ul><ul><ul><li>End-entity Man-in-the-middle (RP/OP spoof'g) </li></ul></ul><ul><ul><li>Protocol mods required to truly address these </li></ul></ul>
  4. 4. Browser as Man-in-the-middle <ul><ul><li>Messages and assertions flow unencrypted between OP and RP via browser </li></ul></ul><ul><ul><li>Thus the browser is interesting entity to attack </li></ul></ul><ul><ul><ul><li>e.g. message and/or assertion alter/copy due to.. </li></ul></ul></ul><ul><ul><ul><ul><li>no message/assertion encryption </li></ul></ul></ul></ul><ul><ul><ul><ul><li>most messages are unsigned </li></ul></ul></ul></ul><ul><ul><li>Protocol messages lack robust linkages  </li></ul></ul><ul><ul><ul><li>to each other and to protocol runs </li></ul></ul></ul><ul><ul><ul><li>thus larger attack surface than if they incorporated such measures </li></ul></ul></ul>
  5. 5. Session Swapping               (1) <ul><ul><li>An attacker can cause victim browsers to log into RP accounts the attacker controls </li></ul></ul><ul><ul><ul><li>&quot;Positive Assertion&quot; is not bound to the browser </li></ul></ul></ul><ul><ul><ul><li>OP authenticates Mallory (M), but M can cause Alice (A)'s browser to send the assertion to RP </li></ul></ul></ul><ul><ul><ul><li>result: A logged-in as M at RP </li></ul></ul></ul><ul><li>  </li></ul>
  6. 6. Session Swapping               (2) <ul><ul><li>Various Possible Consequences... </li></ul></ul><ul><ul><ul><li>&quot;silently&quot; log A into M's account on A's favorite search engine -- M can spy on A's searches </li></ul></ul></ul><ul><ul><ul><li>M trick A into entering her credit card into M's online retail account </li></ul></ul></ul><ul><ul><ul><li>likely other possibilities... </li></ul></ul></ul>
  7. 7. Browser/HTTP/Web Issues <ul><ul><li>E.g... </li></ul></ul><ul><ul><ul><li>Cross-Site Request Forgery (CSRF) </li></ul></ul></ul><ul><ul><ul><li>Cross-Site Scripting (XSS) </li></ul></ul></ul><ul><ul><ul><li>Framing </li></ul></ul></ul><ul><ul><li>Session Swapping one example of former </li></ul></ul><ul><ul><li>XSS/Framing could be used to siphon off assertions </li></ul></ul><ul><ul><ul><li>by exploiting the browser as MITM </li></ul></ul></ul><ul><ul><li>There may be protocol spec and/or profile spec mitigations </li></ul></ul><ul><ul><ul><li>requires investigation </li></ul></ul></ul>
  8. 8. HTML discovery / Phishing <ul><ul><li>Much already written about this </li></ul></ul><ul><ul><li>Protocol spec is monolithic </li></ul></ul><ul><ul><ul><li>OP discovery is not obviously a separate component spec-wise, plus.. </li></ul></ul></ul><ul><ul><ul><li>&quot;HTML-Based discovery MUST be supported by Relying Parties.&quot; </li></ul></ul></ul><ul><ul><li>  Profiles (e.g. ICAM) can mitigate </li></ul></ul><ul><ul><ul><li>E.g. &quot;use only 'directed identity'...&quot; </li></ul></ul></ul>
  9. 9. End-entity Man-in-the-middle (RP/OP spoof'g) <ul><ul><li>Where RP and/or OP are &quot;rogue&quot; </li></ul></ul><ul><ul><ul><li>e.g. RP redirects browser to bogus OP and obtains credentials </li></ul></ul></ul><ul><ul><ul><li>Realm spoofing </li></ul></ul></ul><ul><ul><li>Difficult to address without more formal &quot;trust&quot; mechanisms supported in the protocol </li></ul></ul><ul><ul><li>All Web SSO protocols struggle with this </li></ul></ul>
  10. 10. Implementation & deployment practices <ul><ul><li>Overall fairly well addressed in ICAMOpenID 2.0 Profile and Security Best Practices </li></ul></ul><ul><ul><ul><li>though, profiles & practices such as these don't address various of the prior issues </li></ul></ul></ul><ul><ul><li>But more could be done </li></ul></ul><ul><ul><ul><li>Different use cases may call for different profiles </li></ul></ul></ul><ul><ul><ul><li>Security Best Practices is a 'good start' </li></ul></ul></ul><ul><ul><li>Protocol evolution will affect these </li></ul></ul>
  11. 11. Various items not mentioned above <ul><ul><li>RP collusion mitigation </li></ul></ul><ul><ul><li>Identifier recycling issues </li></ul></ul><ul><ul><li>User privacy w.r.t. OP </li></ul></ul>
  12. 12. End

×