Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web

LANCASTER UNIVERSITY LEIPZIG

Text available via DOI:

https://doi.org/10.1007/978-3-319-24174-6_3
Final published version

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review

Published

Standard

Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web. / Fett, Daniel; Küsters, Ralf; Schmitz, Guido.
Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part I. ed. / G. Pernul; P. Y. A. Ryan; E. Weippl. Cham: Springer, 2016. (Lecture Notes in Computer Science; Vol. 9326).

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review

Harvard

Fett, D, Küsters, R & Schmitz, G 2016, Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web. in G Pernul, PYA Ryan & E Weippl (eds), Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9326, Springer, Cham. https://doi.org/10.1007/978-3-319-24174-6_3

APA

Fett, D., Küsters, R., & Schmitz, G. (2016). Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web. In G. Pernul, P. Y. A. Ryan, & E. Weippl (Eds.), Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part I (Lecture Notes in Computer Science; Vol. 9326). Springer. https://doi.org/10.1007/978-3-319-24174-6_3

Vancouver

Fett D, Küsters R, Schmitz G. Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web. In Pernul G, Ryan PYA, Weippl E, editors, Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part I. Cham: Springer. 2016. (Lecture Notes in Computer Science). Epub 2015 Sept 21. doi: 10.1007/978-3-319-24174-6_3

Author

Fett, Daniel ; Küsters, Ralf ; Schmitz, Guido. / Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web. Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part I. editor / G. Pernul ; P. Y. A. Ryan ; E. Weippl. Cham : Springer, 2016. (Lecture Notes in Computer Science).

Bibtex

@inproceedings{6caf8d4c2fd9475e8ef9ec3015b7c54d,

title = "Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web",

abstract = "BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. It employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized login, with the intent to respect users{\textquoteright} privacy. It can operate in a primary and a secondary identity provider mode. While in the primary mode BrowserID runs with arbitrary identity providers, in the secondary mode there is one identity provider only, namely Mozilla{\textquoteright}s default identity provider.We recently proposed an expressive general model for the web infrastructure and, based on this web model, analyzed the security of the secondary identity provider mode of BrowserID. The analysis revealed several severe vulnerabilities, which have been fixed by Mozilla.In this paper, we complement our prior work by analyzing the even more complex primary identity provider mode of BrowserID. We do not only study authentication properties as before, but also privacy properties. During our analysis we discovered new and practical attacks that do not apply to the secondary mode: an identity injection attack, which violates a central authentication property of SSO systems, and attacks that break the privacy promise of BrowserID and which do not seem to be fixable without a major redesign of the system. Interestingly, some of our attacks on privacy make use of a browser side channel that, to the best of our knowledge, has not gained a lot of attention so far.For the authentication bug, we propose a fix and formally prove in a slight extension of our general web model that the fixed system satisfies all the authentication requirements we consider. This constitutes the most complex formal analysis of a web application based on an expressive model of the web infrastructure so far.As another contribution, we identify and prove important security properties of generic web features in the extended web model to facilitate future analysis efforts of web standards and web applications.",

author = "Daniel Fett and Ralf K{\"u}sters and Guido Schmitz",

year = "2016",

month = jan,

day = "13",

doi = "10.1007/978-3-319-24174-6_3",

language = "English",

isbn = "9783319241739",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

editor = "G. Pernul and Ryan, {P. Y. A.} and E. Weippl",

booktitle = "Computer Security -- ESORICS 2015",

}

RIS

TY - GEN

T1 - Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web

AU - Fett, Daniel

AU - Küsters, Ralf

AU - Schmitz, Guido

PY - 2016/1/13

Y1 - 2016/1/13

N2 - BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. It employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized login, with the intent to respect users’ privacy. It can operate in a primary and a secondary identity provider mode. While in the primary mode BrowserID runs with arbitrary identity providers, in the secondary mode there is one identity provider only, namely Mozilla’s default identity provider.We recently proposed an expressive general model for the web infrastructure and, based on this web model, analyzed the security of the secondary identity provider mode of BrowserID. The analysis revealed several severe vulnerabilities, which have been fixed by Mozilla.In this paper, we complement our prior work by analyzing the even more complex primary identity provider mode of BrowserID. We do not only study authentication properties as before, but also privacy properties. During our analysis we discovered new and practical attacks that do not apply to the secondary mode: an identity injection attack, which violates a central authentication property of SSO systems, and attacks that break the privacy promise of BrowserID and which do not seem to be fixable without a major redesign of the system. Interestingly, some of our attacks on privacy make use of a browser side channel that, to the best of our knowledge, has not gained a lot of attention so far.For the authentication bug, we propose a fix and formally prove in a slight extension of our general web model that the fixed system satisfies all the authentication requirements we consider. This constitutes the most complex formal analysis of a web application based on an expressive model of the web infrastructure so far.As another contribution, we identify and prove important security properties of generic web features in the extended web model to facilitate future analysis efforts of web standards and web applications.

AB - BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. It employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized login, with the intent to respect users’ privacy. It can operate in a primary and a secondary identity provider mode. While in the primary mode BrowserID runs with arbitrary identity providers, in the secondary mode there is one identity provider only, namely Mozilla’s default identity provider.We recently proposed an expressive general model for the web infrastructure and, based on this web model, analyzed the security of the secondary identity provider mode of BrowserID. The analysis revealed several severe vulnerabilities, which have been fixed by Mozilla.In this paper, we complement our prior work by analyzing the even more complex primary identity provider mode of BrowserID. We do not only study authentication properties as before, but also privacy properties. During our analysis we discovered new and practical attacks that do not apply to the secondary mode: an identity injection attack, which violates a central authentication property of SSO systems, and attacks that break the privacy promise of BrowserID and which do not seem to be fixable without a major redesign of the system. Interestingly, some of our attacks on privacy make use of a browser side channel that, to the best of our knowledge, has not gained a lot of attention so far.For the authentication bug, we propose a fix and formally prove in a slight extension of our general web model that the fixed system satisfies all the authentication requirements we consider. This constitutes the most complex formal analysis of a web application based on an expressive model of the web infrastructure so far.As another contribution, we identify and prove important security properties of generic web features in the extended web model to facilitate future analysis efforts of web standards and web applications.

U2 - 10.1007/978-3-319-24174-6_3

DO - 10.1007/978-3-319-24174-6_3

M3 - Conference contribution/Paper

SN - 9783319241739

T3 - Lecture Notes in Computer Science

BT - Computer Security -- ESORICS 2015

A2 - Pernul, G.

A2 - Ryan, P. Y. A.

A2 - Weippl, E.

PB - Springer

CY - Cham

ER -

Research

Links

Text available via DOI: