Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Security Analysis of the SAML Single Sign-on Browser/Artifact Profile
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Verifying policy-based security for web services
Proceedings of the 11th ACM conference on Computer and communications security
An advisor for web services security policies
Proceedings of the 2005 workshop on Secure web services
XML signature element wrapping attacks and countermeasures
Proceedings of the 2005 workshop on Secure web services
Tailoring the Dolev-Yao abstraction to web services realities
Proceedings of the 2005 workshop on Secure web services
Towards secure SOAP message exchange in a SOA
Proceedings of the 3rd ACM workshop on Secure web services
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Breaking and fixing the inline approach
Proceedings of the 2007 ACM workshop on Secure web services
Dynamic Security Assertion Markup Language: Simplifying Single Sign-On
IEEE Security and Privacy
The Venn of Identity: Options and Issues in Federated Identity Management
IEEE Security and Privacy
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Analysis of Signature Wrapping Attacks and Countermeasures
ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services
Vulnerable Cloud: SOAP Message Security Validation Revisited
ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services
The curse of namespaces in the domain of XML signature
Proceedings of the 2009 ACM workshop on Secure web services
All your clouds are belong to us: security analysis of cloud management interfaces
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Weakest link attack on single sign-on and its case in SAML v2.0 web SSO
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Using SAML to protect the session initiation protocol (SIP)
IEEE Network: The Magazine of Global Internetworking
Options for integrating eID and SAML
Proceedings of the 2013 ACM workshop on Digital identity management
Language-based defenses against untrusted browser origins
SEC'13 Proceedings of the 22nd USENIX conference on Security
Secure healthcare data sharing among federated health information systems
International Journal of Critical Computer-Based Systems
| Hi-index | 0.00 |
The Security Assertion Markup Language (SAML) is a widely adopted language for making security statements about subjects. It is a critical component for the development of federated identity deployments and Single Sign-On scenarios. In order to protect integrity and authenticity of the exchanged SAML assertions, the XML Signature standard is applied. However, the signature verification algorithm is much more complex than in traditional signature formats like PKCS#7. The integrity protection can thus be successfully circumvented by application of different XML Signature specific attacks, under a weak adversarial model. In this paper we describe an in-depth analysis of 14 major SAML frameworks and show that 11 of them, including Salesforce, Shibboleth, and IBM XS40, have critical XML Signature wrapping (XSW) vulnerabilities. Based on our analysis, we developed an automated penetration testing tool for XSW in SAML frameworks. Its feasibility was proven by additional discovery of a new XSW variant. We propose the first framework to analyze such attacks, which is based on the information flow between two components of the Relying Party. Surprisingly, this analysis also yields efficient and practical countermeasures.