Hardening Persona – Improving Federated Web Login

Dietz, Michael; Wallach, Dan S.

doi:10.14722/ndss.2014.23008

Cited by 5 publications

(16 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dietz and Wallach demonstrated a technique to secure BrowserID when specific flaws in TLS are considered that break the confidentiality and integrity of TLS [DW14]. They describe an attack scenario in which the adversary acts as a man-in-the-middle between a browser and an IdP.…”

Section: Related Workmentioning

confidence: 99%

Privacy-preserving Web single sign-on: Formal security analysis and design

Schmitz

2022

It - Information Technology

View full text Add to dashboard Cite

Single sign-on (SSO) systems, such as OpenID and OAuth, allow Web sites to delegate user authentication to third parties, such as Facebook or Google. These systems provide a convenient mechanism for users to log in and ease the burden of user authentication for Web sites. Conversely, by integrating such SSO systems, they become a crucial part of the security of the modern Web. So far, it has been hard to prove if Web standards and protocols actually meet their security goals. SSO systems, in particular, need to satisfy strong security and privacy properties. In this thesis, we develop a new systematic approach to rigorously and formally analyze and verify such strong properties with the Web Infrastructure Model (WIM), the most comprehensive model of the Web infrastructure to date. Our analyses reveal severe vulnerabilities in SSO systems that lead to critical attacks against their security and privacy. We propose fixes and formally verify that our proposals are sufficient to establish security. Our analyses, however, also show that even Mozilla’s proposal for a privacy-preserving SSO system does not meet its unique privacy goal. To fill this gap, we use our novel approach to develop a new SSO system, SPRESSO, and formally prove that our system indeed enjoys strong security and privacy properties.

show abstract

Section: Related Workmentioning

confidence: 99%

Privacy-preserving Web single sign-on: Formal security analysis and design

Schmitz

2022

It - Information Technology

View full text Add to dashboard Cite

show abstract

“…This tool-based analysis did not reveal the identity injection attack, though; privacy properties have not been studied there. Dietz and Wallach demonstrated a technique to secure BrowserID when specific flaws in TLS are considered [12].…”

Section: Related Workmentioning

confidence: 99%

“…An HTTP GET request for the URL http://example.com/show?index=1 is shown in (12), with an Origin header and a body that contains foo, bar . A possible response is shown in (13), which contains an httpOnly cookie with name SID and value n 2 as well as the string representation somescript of the scripting process script −1 (somescript) (which should be an element of S) and its initial state x.…”

Section: B5 Http Messagesmentioning

confidence: 99%

Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web

Fett

Küsters

Schmitz

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. It employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized login, with the intent to respect users' privacy. It can operate in a primary and a secondary identity provider mode. While in the primary mode BrowserID runs with arbitrary identity providers, in the secondary mode there is one identity provider only, namely Mozilla's default identity provider. We recently proposed an expressive general model for the web infrastructure and, based on this web model, analyzed the security of the secondary identity provider mode of BrowserID. The analysis revealed several severe vulnerabilities, which have been fixed by Mozilla. In this paper, we complement our prior work by analyzing the even more complex primary identity provider mode of BrowserID. We do not only study authentication properties as before, but also privacy properties. During our analysis we discovered new and practical attacks that do not apply to the secondary mode: an identity injection attack, which violates a central authentication property of SSO systems, and attacks that break an important privacy promise of BrowserID and which do not seem to be fixable without a major redesign of the system. Interestingly, some of our attacks on privacy make use of a browser side channel that, to the best of our knowledge, has not gained a lot of attention so far. For the authentication bug, we propose a fix and formally prove in a slight extension of our general web model that the fixed system satisfies all the authentication requirements we consider. This constitutes the most complex formal analysis of a web application based on an expressive model of the web infrastructure so far. As another contribution, we identify and prove important security properties of generic web features in the extended web model to facilitate future analysis efforts of web standards and web applications.

show abstract

“…Token Binding [61] (formerly TLS ChannelID [3] and Origin-Bound Certificates [15]) allows cryptographically binding tokens (e.g., session cookies, access tokens sent from IdPs to SPs via the user's browser) to browsers using client-side dynamically generated TLS certificates [29]. Token binding can be applied across different SSO protocols to defend against various token theft attacks (such as session cookie theft or identity assertion reuse), e.g., Dietz et al [16] implement token binding for Mozilla Persona, and FIDO UAF [4] supports it as an optional feature (for backwardscompatibility with platforms that do not yet support token binding).…”

Section: Introductionmentioning

confidence: 99%

Comparative Analysis and Framework Evaluating Web Single Sign-On Systems

Alaca¹,

Oorschot²

2018

Preprint

View full text Add to dashboard Cite

We perform a comprehensive analysis and comparison of 14 web SSO systems proposed and/or deployed within the last decade, including both federated identity and credential/password management schemes. We identify common design properties and use them to develop a taxonomy for SSO schemes, highlighting the associated trade-offs in benefits offered. We develop a framework to evaluate the schemes, in which we identify 14 security, usability, deployability, and privacy benefits. We also discuss how differences in priorities between users, SPs, and IdPs impact the design and deployment of SSO schemes.

show abstract

Hardening Persona – Improving Federated Web Login

Cited by 5 publications

References 13 publications

Privacy-preserving Web single sign-on: Formal security analysis and design

Privacy-preserving Web single sign-on: Formal security analysis and design

Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web

Comparative Analysis and Framework Evaluating Web Single Sign-On Systems

Contact Info

Product

Resources

About