Presentation Material

Abstract

Single sign-on (SSO) systems have gained immense popularity and the backbone of this authentication mechanism is the Security Assertion Markup language or SAML. SAML is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, it allows for Browser based authentication and other authorization use cases such as cross-domain single sign-on between an Identity Provider and a Service Provider. Since SAML assertions act as an identity for the subject or principal whom the Service Provider is going to honor, the veracity of these assertions is critical. The XML signature related attacks such as Signature Exclusion attacks and signature wrapping attack (XSW) had affected most of the common SAML implementations. Also, SAML attributes which go as part of the SAML request and response are used to make critical decisions cross domain, therefore it is imperative their implementation is secure and fuzz testing of these parameters is necessary. In this talk, we will deep dive into the intricacies of SAML protocol security and we will also discuss the approach to asynchronously fuzz SAML assertions to find issues in proprietary SAML implementations.

AI Generated Summary^{may contain errors}

Here is a summary of the content:

Identity and Purpose

• The speaker discusses the importance of securing SAML (Security Assertion Markup Language) implementations.
• SAML assertions can be verified using attributes such as ID, notBefore, and notOnOrAfter, which define the time window for which the assertion is valid.
• The subjectLocality attribute can be used to verify the IP address from where the assertion was sent.

Securing Web Services

• The speaker discusses WS-Security standard, which defines how web services can be made secure.
• SAML tokens can be sent with web service requests to authenticate users.
• To send a token to a SOAP request and response, a security element is included in the WS-Security standard.
• The consumer verifies the token, and XML encryption can be used to encrypt the entire message.

Signature and Integrity

• The speaker emphasizes the importance of protecting the integrity of SAML assertions using digital signatures.
• If an attacker tries to modify the assertion, the signature will not match, and the request will be denied.
• Multiple attributes can be used collectively to identify a user.

Federated Identity

• The service provider maintains a federated identity, which cannot be tampered with or reused.
• Time values such as notBefore and notOnOrAfter must be verified and validated.

SAML Versions and Attacks

• The speaker mentions that SAML 1.1 is an old standard, while SAML 2.0 is more popular.
• Attacks such as signature wrapping attacks, XPath injection attacks, and XML parser attacks can be prevented using the recommendations provided in the SAML specification.
• It’s essential to test and break one’s own SAML implementation to ensure its security.

Overall, the speaker emphasizes the importance of securing SAML implementations, verifying assertions, protecting integrity, and preventing attacks.