Abstract
Single sign-on (SSO) systems, such as OpenID and OAuth, allow Web sites to delegate user authentication to third parties, such as Facebook or Google. These systems provide a convenient mechanism for users to log in and ease the burden of user authentication for Web sites. Conversely, by integrating such SSO systems, they become a crucial part of the security of the modern Web.
So far, it has been hard to prove if Web standards and protocols actually meet their security goals. SSO systems, in particular, need to satisfy strong security and privacy properties. In this thesis, we develop a new systematic approach to rigorously and formally analyze and verify such strong properties with the Web Infrastructure Model (WIM), the most comprehensive model of the Web infrastructure to date.
Our analyses reveal severe vulnerabilities in SSO systems that lead to critical attacks against their security and privacy. We propose fixes and formally verify that our proposals are sufficient to establish security. Our analyses, however, also show that even Mozilla’s proposal for a privacy-preserving SSO system does not meet its unique privacy goal. To fill this gap, we use our novel approach to develop a new SSO system, SPRESSO, and formally prove that our system indeed enjoys strong security and privacy properties.
Funding source: Deutsche Forschungsgemeinschaft
Award Identifier / Grant number: KU 1434/10-1
Award Identifier / Grant number: KU 1434/10-2
Funding statement: This work was partially supported by the Deutsche Forschungsgemeinschaft (DFG) through Grants KU 1434/10-1 and KU 1434/10-2.
About the author
Dr. Guido Schmitz is a Lecturer in the Information Security Group (ISG) at the Royal Holloway University of London. He graduated from the University of Trier with a Diplom degree in computer science in 2012, and received his Doctorate (summa cum laude) under the guidance of Prof. Dr. Ralf Küsters from the University of Stuttgart in 2019. Guido Schmitz has been a finalist for the CAST/GI Dissertation Award for IT-Security in 2021 as well as for the German IT-Security Award in 2016. Besides his research on formal methods, protocol security, and Web technologies, he also organizes events to inspire others for computer science [13].
References
1. Ben Adida et al. BrowserID Specification. Specifications for Mozilla’s Identity Effort. https://github.com/mozilla/id-specs.Search in Google Scholar
2. Karthikeyan Bhargavan, Abhishek Bichhawat, Quoc Huy Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz, and Tim Würtele. A Tutorial-Style Introduction to DY*. In Protocols, Logic, and Strands: Essays Dedicated to Joshua Guttman on the Occasion of His 66.66 Birthday, volume 13066 of LNCS, pages 77–97. Springer, 2021.10.1007/978-3-030-91631-2_4Search in Google Scholar
3. Karthikeyan Bhargavan, Abhishek Bichhawat, Quoc Huy Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz, and Tim Würtele. An In-Depth Symbolic Security Analysis of the ACME Standard. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS 2021), pages 2601–2617. ACM, 2021.10.1145/3460120.3484588Search in Google Scholar
4. Karthikeyan Bhargavan, Abhishek Bichhawat, Quoc Huy Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz, and Tim Würtele. DY*: A Modular Symbolic Verification Framework for Executable Cryptographic Protocol Code. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P 2021), pages 523–542. IEEE Computer Society, 2021.10.1109/EuroSP51992.2021.00042Search in Google Scholar
5. Quoc Huy Do, Pedram Hosseyni, Ralf Küsters, Guido Schmitz, Nils Wenzler, and Tim Würtele. A Formal Security Analysis of the W3C Web Payment APIs: Attacks and Verification. In 43rd IEEE Symposium on Security and Privacy (S&P 2022). IEEE Computer Society, 2022. To appear.Search in Google Scholar
6. Danny Dolev and Andrew C. Yao. On the Security of Public-Key Protocols. IEEE Transactions on Information Theory, 29(2):198–208, 1983.10.1109/SFCS.1981.32Search in Google Scholar
7. Daniel Fett, Pedram Hosseyni, and Ralf Küsters. An Extensive Formal Security Analysis of the OpenID Financial-grade API. In 2019 IEEE Symposium on Security and Privacy (S&P 2019), volume 1, pages 1054–1072. IEEE Computer Society, 2019.10.1109/SP.2019.00067Search in Google Scholar
8. Daniel Fett, Ralf Küsters, and Guido Schmitz. An Expressive Model for the Web Infrastructure: Definition and Application to the BrowserID SSO System. In 35th IEEE Symposium on Security and Privacy (S&P 2014), pages 673–688. IEEE Computer Society, 2014.10.1109/SP.2014.49Search in Google Scholar
9. Daniel Fett, Ralf Küsters, and Guido Schmitz. Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web. In 20th European Symposium on Research in Computer Security (ESORICS 2015), Proceedings, Part I, pages 43–65. Springer, 2015.10.1007/978-3-319-24174-6_3Search in Google Scholar
10. Daniel Fett, Ralf Küsters, and Guido Schmitz. SPRESSO: A Secure, Privacy-Respecting Single Sign-On System for the Web. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS 2015), pages 1358–1369. ACM, 2015.10.1145/2810103.2813726Search in Google Scholar
11. Daniel Fett, Ralf Küsters, and Guido Schmitz. A Comprehensive Formal Security Analysis of OAuth 2.0. In Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security (CCS 2016), pages 1204–1215. ACM, 2016.10.1145/2976749.2978385Search in Google Scholar
12. Daniel Fett, Ralf Küsters, and Guido Schmitz. The Web SSO Standard OpenID Connect: In-Depth Formal Security Analysis and Security Guidelines. In IEEE 30th Computer Security Foundations Symposium (CSF 2017), pages 189–202. IEEE Computer Society, 2017.10.1109/CSF.2017.20Search in Google Scholar
13. Daniel Fett and Guido Schmitz. Pi and More – eine Veranstaltungsreihe rund um „kleine Computer“. In 46. Jahrestagung der Gesellschaft für Informatik (Informatik 2016), volume P-259 of LNI, pages 1195–1196. GI, 2016.Search in Google Scholar
14. Brad Fitzpatrick, David Recordon, et al. OpenID Authentication 2.0. http://openid.net/specs/openid-authentication-2_0.html.Search in Google Scholar
15. E. Hammer-Lahav (Ed.). The OAuth 1.0 Protocol. RFC 5849 (Informational), 4 2010.10.17487/rfc5849Search in Google Scholar
16. D. Hardt (Ed.). The OAuth 2.0 Authorization Framework. RFC 6749 (Proposed Standard), 10 2012.10.17487/rfc6749Search in Google Scholar
17. Open Web Application Security Project (OWASP). Password storage cheat sheet. https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet.Search in Google Scholar
18. N. Sakimura, J. Bradley, M. Jones, B. de Medeiros, and C. Mortimore. OpenID Connect Core 1.0 incorporating errata set 1. http://openid.net/specs/openid-connect-core-1_0.html.Search in Google Scholar
19. SAML 2.0 Technical Overview. Committee Draft 02. http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html.Search in Google Scholar
20. Guido Schmitz. Privacy-Preserving Web Single Sign-On: Formal Security Analysis and Design. PhD thesis, University of Stuttgart, 2019.Search in Google Scholar
21. Nikhil Swamy, Catalin Hritcu, Chantal Keller, Aseem Rastogi, Antoine Delignat-Lavaud, Simon Forest, Karthikeyan Bhargavan, Cédric Fournet, Pierre-Yves Strub, Markulf Kohlweiss, Jean Karim Zinzindohoue, and Santiago Zanella Béguelin. Dependent types and multi-monadic effects in F*. In ACM Symposium on Principles of Programming Languages (POPL 2016), pages 256–270, 2016.10.1145/2914770.2837655Search in Google Scholar
© 2022 Walter de Gruyter GmbH, Berlin/Boston
