[PDF] Common Flaws of Distributed Identity and Authentication Systems

View - Download Common Flaws of Distributed Identity and Authentication Systems

Previous PDF

Next PDF

Brad Hill, braT@iVecparWnerV.com

Ńebruary 2011

Author's Abstract

This paper presents an informal liVW anT plain-language TiVcuVVionH in WUe VpiriW of the ͞OWASP Top 10",

of some common flawV in TiVWribuWeT auWUenWicaWionH auWUoriYaWion anT iTenWiWy VyVWemV of WUe laVW

fifWeen yearV. TUoVe invenWingH implemenWingH Teploying anT evaluaWing VucU VyVWemV may finT WUe liVW

uVeful in avoiTing Vimilar miVWakeV. NxampleV from WUe liWeraWure and author's personal edžperience are

TiVcuVVeT.

Introduction

To make access to diverse and distributed information resources easier and more secure for users, TiVWribuWeT auWUenWicaWion VyVWemV are now a parW of almoVW every major informaWion WecUnology VyVWemH enabling Vingle-Vign onH iTenWiWy feTeraWionH TelegaWionH maVU-upV anT more. PiTeVpreaT aTopWion of WUeVe VyVWemVH even in enWerpriVe conWexWVH UaV moVWly UappeneT only in WUe laVW TecaTeH anT WUe laVW five yearV Uave Veen many new proWocolV anT implemenWaWionV WargeWing WUe Peb anT

acceleratedH Vo UaV WUe UiVWory of flawV anT errorV grownH buW liWWle aWWempW UaV been maTe Wo caWalog

recurring miVWakeV or anWi-paWWernV in WUe laVW fifWeen yearVH excepW in WUe conWexW of mucU larger WexWbookV on crypWograpUic engineering. TUiV paper aWWempWV Wo proviTeH baVeT on a Vurvey of WUe literature and the author's personal experience examining many such systems, practical advice for recogniYing anT avoiTing WUe moVW common weakneVVeV encounWereT in moTern TiVWribuWeT auWUenWicaWion VyVWemV.

Background

Although the goal of this work is to produce a short and approachable summaryH WUe following paperV

are recommenTeT for all TeVignerV anT implemenWerV of crypWograpUic proWocolVH anT require liWWle Wo no

backgrounT in WUe maWUemaWical formaliVmV of crypWograpUy. TUere are many excellenW paperV on WUe Wopic of TiVWribuWeT auWUenWication; these are merely some of this author's faǀorites. Prudent Engineering Practice for Cryptographic Protocols, Abadi and Needham, 1995 Robustness Principles for Public Key Protocols, Anderson and Needham, 1995 Programming Satan's Computer, Anderson anT NeeTUamH 1995

Ten Risks of PKI͗ What You're not Being Told about Public Key Infrastructure, Ellison and Schneier, 2000

Authentication in Distributed Systems: Theory and Practice, Lampson, Abadi, Burrows and Wobbler, 1992

Ceremony Design and Analysis, NlliVonH 2008

Ńor WUoVe wUo Uave a UigUer Wolerance for noWaWionH WUe following are alVo recommenTeTJ Using encryption for authentication in large networks of computers, Needham and Schroeder, 1978

Trust Relationships in Secure Systems - A MiVWribuWeT AuWUenWicaWion PerVpecWive, Yahalom, Klein and Beth, 1993

A taxonomy of Replay Attacks, Syverson, 1994

Some New Attacks upon Security Protocols, Lowe, 1996 Federated Identity-ÓanagemenW ProWocolV (TranVcripW of MiVcuVVion), Pfitzmann, 2005 Excellent books proviTing a broaT backgrounT on WUe VubjecWV of crypWograpUyH proWocol engineering anT auWUenWicaWion incluTeJ

Cryptography Engineering: Design Principles and Practical Applications, Ferguson, Schneier and Kohno, 2010

Security Engineering: A Guide to Building MepenTable MiVWribuWeT SyVWemV, Anderson, 2008

Network Security: Private Communication in a Public World (2nd NTiWion), Kaufman, Perlman and Speciner, 2002

Unconstrained Delegation

A credential can be delegated if, when you give it Wo VomeboTyH WUey can uVe iW noW juVW Wo auWUenWicaWe

youH buW Wo auWUenWicaWe as youH Wo VomeboTy elVe. TUiV iV a uVeful properWyH buW a TangerouV oneH eVpecially wUen iW iV noW an expliciW requiremenW of WUe VyVWem. TUe uVername anT paVVworT are WUe beVW example of a Telegable creTenWial. TUaW paVVworTV Vuffer from unconVWraineT TelegaWionH noW only wiWUinH buW acroVV VyVWem bounTarieVH UaV VpawneT an enWire

inTuVWry of frauT. Some abiliWy Wo TelegaWe auWUoriWy iV a UigUly TeVirable properWy buW unconVWraineT

TelegaWion placeV Woo mucU WruVW in recipienWV of creTenWialV anT amplifieV WUe conVequenceV of any errorV. In aWWempWing Wo replace paVVworTV wiWU oWUer VecuriWy WokenVH ofWen only Vome of WUe unTeVirable

TelegaWion properWieV are aTTreVVeT. MeVignerV of VyVWemV VUoulT aVkH if a uVer woulT be unwilling Wo

give WUeir paVVworT Wo a parWy wUo wanWV Wo acW on WUeir beUalfJ

Why are they unwilling?

Does my system conVWrain TelegaWion in a way WUaW aTTreVVeV WUeVe concernV? Typical reaVonV a uVer migUW be uncomforWable wiWU TelegaWing WUeir paVVworT migUW incluTeJ Inability to audit or attribute actions Waken on beUalf of a uVer Wo WUe TelegaWeT-Wo parWy. Inability to grant a limited subset of user rights and privileges. Inability to grant access for a limiWeT Wime or limiWeT number of acWionV.

Inability to revoke access.

A good protocol will address all of these concerns, not just provide a password-equivalenW by a TifferenW

name.

Woken iV one wUicUH like WUeir nameVake bearer bonTVH requireV noWUing oWUer WUan WUe inVWrumenW iWVelf

wayV in wUicU WUey may be TiVcloVeT in complex VyVWemV - croVV-ViWe VcripWingH SQL injecWionH confuVeT

TepuWy aWWackV or Vimple informaWion TiVcloVure flawV. TUaW bearer WokenV may Uave an expiraWion TaWe anT can be revokeT allow WUe cuVWomer experience Wo

be beWWer in WUe evenW of a TaWa breacUH buW Wypically only afWer WUe Tamage of an aWWack UaV been Tone.

ConViTer WUaW creTiW carTV numberV are alVo bearer WokenV - WUeir expiraWion perioT anT abiliWy Wo be

revokeT UaV noW maTe WUem any leVV inWereVWing Wo criminalV.

requeVWorV (browVerV)H buW for acWive clienWV VucU aV web VerviceV or ricU mobile appVH WUere iV rarely a

gooT reaVon noW Wo perform key agreemenW anT require UolTer-of-key proof Wo uVe a Woken. TUere are

well-eVWabliVUeT anT VWanTarT mecUaniVmV for Toing Vo anT WUe compuWaWional coVW iV quiWe low for even

WUe leaVW-expenVive moTern UarTware.

Solutions

Best practices to reduce the risks of unconstrained delegation include: Mark authentication artifact wiWU WUeir inWenTeT WargeWH aV wiWU a SAÓL AuTienceReVWricWion or

PS-* ApplieVTo UeaTer.

Indicate in the artifact, or in state aVVociaWeT wiWU WUe arWifacWH WUe VubVeW of reVourceV or privilegeV auWUoriYeTH raWUer WUan Vimply an iTenWiWy. Avoid bearer tokens. Build key exchange / agreement into the protocol and require proof-of- poVVeVVion of WUe key Wo uVe an arWifacWH Wo reTuce riVkV of TiVcloVure in WranViW or from TaWa aW reVW.

Limit the lifetime of authentication artifacts.

Indicate in the artifact anT in applicaWion logV WUe principal being TelegaWeT WoH anT acWing on beUalf ofH WUe ulWimaWe auWUoriYing principal. Unbound CompoViWion of TranVporW anT ÓeVVage SecuriWy A common pattern for modern cryptographic protocols is to attempt to compose the necessary

properWieV of an auWUenWicaWeT excUange uVing boWU WranVporW anT meVVage-level VecuriWy. TUe paWWern

iV expreVVeT moVW clearly in web Vervice VecuriWy binTingV referreT Wo aV ͞midžed mode" or ^uquotesdbs_dbs19.pdfusesText_25

[PDF] cryptographie pdf

[PDF] applied cryptography

[PDF] decors chretiens de sainte sophie

[PDF] basilique sainte-sophie vikidia

[PDF] frise chronologique de sainte sophie

[PDF] chapelle du palais d'aix

[PDF] fonction dune basilique

[PDF] plan de la basilique sainte sophie

[PDF] sainte sophie plan

[PDF] conseiller d'animation sportive salaire

[PDF] fiches ressources eps lycée professionnel

[PDF] conseiller technique sportif salaire

[PDF] programme eps lycée professionnel 2016

[PDF] conseiller d'animation sportive fiche métier

[PDF] conseiller technique sportif fiche métier