catching pitfalls in authentication implementations (yuchen zhou)
DESCRIPTION
Guest lecture by Yuchen Zhou http://www.rust-class.orgTRANSCRIPT
![Page 1: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/1.jpg)
Catching Pitfalls in Authentication Implementations
Yuchen Zhou(filling in for Prof. David Evans)
![Page 2: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/2.jpg)
Outline
• Authentication, SSL review
• Single Sign-On protocol
• (Part of) My research
![Page 3: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/3.jpg)
University of Virginia cs4414 3
Checks the factors
multiply to produce n
“Trick or Treat?”
“Prove it by factoring n =
2129024631825875754749788201627151749780670396327721627823338321538194 9984056495911366573853021918316783107387995317230889569230873441936471”
”
Problems with this?
3398717423028438554530123627613875835633986495969597423490929302771479
* 6264200187401285096151654948264442219302037178623509019111660653946049
29 October 2013
![Page 4: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/4.jpg)
Authentication (review)
![Page 5: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/5.jpg)
University of Virginia cs4414 5
Checks thatD(x)e mod n =
x
“Trick or Treat?”
Prove it by producing D(x)
for my challenge x
D(x) = xd mod n
29 October 2013
What is the public key? Private key?
I give you x, you give me D(x)
So that D(x)e mod n =
x
![Page 6: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/6.jpg)
University of Virginia cs4414 6
SSL (Secure Sockets Layer)Simplified TLS Handshake Protocol
Client ServerHello
KRCA[Server Identity, KUS]Verify Certificate using KUCA
Check identity matches URL
Generate random K EKUS (K)
Decryptusing KRS
Secure channel using K
29 October 2013
After the handshake, client has KRCA[Server Identity, KUS], what
prevents client from reusing this and impersonating the server?
![Page 7: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/7.jpg)
University of Virginia cs4414 7
SSL (Secure Sockets Layer)Simplified TLS Handshake Protocol
Client ServerHello
KRCA[Server Identity, KUS]Verify Certificate using KUCA
Check identity matches URL
Generate random K EKUS (K)
Decryptusing KRS
Secure channel using K
29 October 2013
The client won’t have KRS, and won’t be able to decrypt for K.
![Page 8: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/8.jpg)
OK, now onto some new stuff…
![Page 9: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/9.jpg)
9
Single Sign-On (SSO) Service
![Page 10: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/10.jpg)
Single Sign-On (SSO) Service
Involves Three parties:• Identity provider
• Relying party
• User
![Page 11: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/11.jpg)
OAuth and Single Sign-On
Major identity providers (IdP) use OAuth as SSO protocol– 2.0 is the most popular version
OAuth specification describes what interface IdPs should provide, and what practice the RP must follow.
![Page 12: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/12.jpg)
A typical OAuth authentication workflow
Identity Provider(e.g., Facebook)
Relying Party(e.g., espn.com)
Redirect
Visit
OAuth Credentials
Confirm credentials
Authenticated
Login Verify login and issue credentials
User (Web Client)
OAuth Credentials
Permission granting
![Page 13: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/13.jpg)
But this is hard to get right!
![Page 14: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/14.jpg)
SSO SDKsNo worries, IdP SDK came to the rescue!
![Page 15: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/15.jpg)
But this is (still) hard to get right!
Even if the developers follow the guides properly, the application could still be
insecure!
![Page 16: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/16.jpg)
16
The requested response type, one of code or token. Defaults to code…
Facebook documentation example
![Page 17: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/17.jpg)
17
Possible implementation
Facebook back end
dialog/oauth…1
access_token3
access_token2
exchange user info
4
user id/email
5
Welcome, Alice!6
Foo App Client
Foo App Server
response_type = access_token
![Page 18: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/18.jpg)
Access_token
CAADxRthhGccBAFtpBpZAyg80NH6defOZCZAiRPAMCUmxlN3nw5ZBfQIK7YZAtKbCBYszbwZAsjLRbvP3CI2W0U0eXLaQhehZCEOu2LF7RzqxiVCGvTiAZCJ4ZCk5CxILfF2QKfSlsUXJ22y0dtJdA8MQO
![Page 19: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/19.jpg)
Exchange User information
Request: https://graph.facebook.com/me?access_token=CAADxRthhGccBAFtpBpZAyg80NH6defOZCZAiRPAMCUmxlN3nw5ZBfQIK7YZAtKbCBYszbwZAsjLRbvP3CI2W0U0eXLaQhehZCEOu2LF7RzqxiVCGvTiAZCJ4ZCk5CxILfF2QKfSlsUXJ22y0dtJdA8MQO
Response: { "id": "100006071110883", "name": "Syxvq Ldfwpk", "first_name": "Syxvq", "last_name": "Ldfwpk", "link": "https://www.facebook.com/syxvq.ldfwpk", "username": "syxvq.ldfwpk“….}
User’s FB ID
![Page 20: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/20.jpg)
20
Possible implementation
Facebook back end
dialog/oauth…1
access_token3
access_token2
exchange user info
4
user id/email
5
Welcome, Alice!6
Foo App Client
MaliciousApp Client
Foo App Server
Possible Attack
access_token3
access_token4
Welcome Alice?!7
exchange user info
5
user id/email
6
response_type = access_token
![Page 21: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/21.jpg)
Key to this pitfall:
Developers don’t understand the difference between authentication
and authorization.
In OAuth protocol, access_token can only be used to authorize, but not
authenticate!
![Page 22: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/22.jpg)
Signed_request to the rescue!
c47YUduADVDyJs4yV6Lvq2V0yxPxSX_rJb-zzhICFRQ.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUIwRGpVaW1TREpRcFdTY3M0Yk1rX2tZNU41SFBhZTZqVmNEdVdpM2ktc1VJaHN4RmtHR2tneEU3UFFVYVBtbXdUV2dzQWg5QUI1RmFzeXVOZkt3NGpGMDE3ZGY2WEEyazB6M3Q2azNYYjFDVGJXQzZJZEtoaDdsRnp4TTExZm8tWGdYblZXbUxibU1fMmJHWDhFVWlxQk1ybVpweUxTUzI0TUw0ZnB6WmhRZjU5SzU4bkY4LS1yT3M3QVI4RG0xb0xaeDduQkRiQVl4bmVqcnhOc0xLZTB2UFhBb2JXaTVHNkxfOU1JS192alg2anZUSzlCcDItbEMyemdveFNFb01BU2g0NzFqUnMwd2JzT29HUW1ZVDVndGRFaWcxNzZMYkt1Q1ZqMDd1a2ZFejlEdU1wX09xSDFIVWFPWlRVNjlwNFZnbVh0Ql9NVzQ3YWlmRGJHSTRYVyIsImlzc3VlZF9hdCI6MTM3OTQyNDgxNCwidXNlcl9pZCI6IjEwMDAwMzkyOTkwNjEzNyJ9 Base64 Encoded, signed by
application’s secret key
Signature
![Page 23: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/23.jpg)
Signed_request to the rescue!
{"algorithm":"HMAC-SHA256","code":"AQB0DjUimSDJQpWScs4bMk_kY5N5HPae6jVcDuWi3i-sUIhsxFkGGkgxE7PQUaPmmwTWgsAh9AB5FasyuNfKw4jF017df6XA2k0z3t6k3Xb1CTbWC6IdKhh7lFzxM11fo-XgXnVWmLbmM_2bGX8EUiqBMrmZpyLSS24ML4fpzZhQf59K58nF8--rOs7AR8Dm1oLZx7nBDbAYxnejrxNsLKe0vPXAobWi5G6L_9MIK_vjX6jvTK9Bp2-lC2zgoxSEoMASh471jRs0wbsOoGQmYT5gtdEig176LbKuCVj07ukfEz9DuMp_OqH1HUaOZTU69p4VgmXtB_MW47aifDbGI4XW","issued_at":1379424814,"user_id":"100003929906137"}
Base64 Decoded
User’s FB ID
![Page 24: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/24.jpg)
Signature provides integrity and identity!• Integrity: signed contents cannot be
changed without invalidating signature.
• Identity: The information is intended for the application which owns this secret.
• Both property can be verified by HMACing the content of the message using secret key and compare the result with the signature.
![Page 25: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/25.jpg)
Signed_request to the rescue??
Signed_requests are used, but signature is never checked!
Signature is checked, but application ignores user_id fields in the message content!
![Page 26: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/26.jpg)
There could be many more like these…
![Page 27: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/27.jpg)
Goal:Systematically find such pitfalls
![Page 28: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/28.jpg)
Modeling and proofs
Everybody likes formal proofs that the system is secure.
Program analysis techniques can automatically prove things IF the program is small.
Modeling helps simplify a large, complex system to a smaller code base that can be formally verified using program analysis techniques.
![Page 29: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/29.jpg)
Modeling: Analogy
Proving the entire car never blows up is hard!
![Page 30: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/30.jpg)
Modeling: Analogy
Proving the entire engine never blows up is hard!
![Page 31: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/31.jpg)
Modeling Analogy
Proving a single fuel injector never blows up is probably easier!
![Page 32: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/32.jpg)
ModelingAdvantages
• Turn complicated system into simpler systems that are amenable to analysis.
• Abstract away irrelevant details.
• Reason modules separately, combine smaller proofs to bigger ones.
Disadvantages
• Model behavior does not necessarily agrees with original system.
• Details abstracted away may come back and ‘haunt’ the model.
• Complicated interactions between modules might be missed.
![Page 33: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/33.jpg)
33
Modeling SSO System
FooAppC
Client SDK
Client runtime
Identity Provider (IdP)
FooAppS
Service SDK
Service runtime
MalApp
C
Mallory
Abstract module subject to dev guideConcrete module with src or documentationBlack-box concrete module Abstract module subject to knowledge pool
![Page 34: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/34.jpg)
34
SDK models
Facebook PHP Source code Boogie PL Model
![Page 35: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/35.jpg)
35
procedure {:inline 1} dialog_oauth(IdPLoggedInUser:User, client_id: AppID, redirect_domain: Web_Domain, scope:Scope, response_type:ResponseType) returns (r:int, Response_data: int)modifies Access_Tokens__TokenValue, Access_Tokens__user_ID, Access_Tokens__Scope;modifies Codes__user_ID,Codes__App_ID,Codes__Scope;modifies …{ var access_token:int, code:int, sr:int; … if (response_type==_Token || response_type==_Signed_Request){ havoc access_token; //it means "access_token := *;" … IdP_Signed_Request_signature[sr]:=ValidIdPSignature; IdP_Signed_Request_oauth_token[sr]:=access_token; IdP_Signed_Request_code[sr]:=code; IdP_Signed_Request_user_ID[sr]:= IdPLoggedInUser; IdP_Signed_Request_app_id[sr]:= client_id; } if (response_type==_Token) { Response_data:=access_token; } else if (response_type==_Code) { Response_data:=code; } else { Response_data:=sr; } r:=200;}
API models
Facebook Dialog API documentation Boogie model
procedure {:inline 1} dialog_oauth(IdPLoggedInUser:User, client_id: AppID, redirect_domain: Web_Domain, scope:Scope, response_type:ResponseType) returns (r:int, Response_data: int)modifies Access_Tokens__TokenValue, Access_Tokens__user_ID, Access_Tokens__Scope;modifies Codes__user_ID,Codes__App_ID,Codes__Scope;modifies …{ var access_token:int, code:int, sr:int; … if (response_type==_Token || response_type==_Signed_Request){ havoc access_token; //it means "access_token := *;" … IdP_Signed_Request_signature[sr]:=ValidIdPSignature; IdP_Signed_Request_oauth_token[sr]:=access_token; IdP_Signed_Request_code[sr]:=code; IdP_Signed_Request_user_ID[sr]:= IdPLoggedInUser; IdP_Signed_Request_app_id[sr]:= client_id; } if (response_type==_Token) { Response_data:=access_token; } else if (response_type==_Code) { Response_data:=code; } else { Response_data:=sr; } r:=200;}
![Page 36: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/36.jpg)
36
Results overviewExplicated three SDKs: (6 months)
Many implicit assumptions were found:
5 cases reported, 4 fixed, 3 bounties (3x).
One case reported;documentation revised.
Paragraph added to OAuth 2.0 standard.
Facebook SSO PHP SDK
Windows 8 SDK for modern apps
Windows Live connect SDK
![Page 37: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/37.jpg)
Automatic scanning applications for these vulnerabilities
![Page 38: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/38.jpg)
Goal
Large-scale study of how secure Facebook SSO has been implemented in popular websites today.
– Need an automatic tool to scan web applications for vulnerabilities.
![Page 39: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/39.jpg)
• access_token misuse• signed_request misuseMisuse
• client_secret appears at client side• OAuth credentials leak via referrer
header• OAuth credentials leak via DOM content
Credentialleakage
![Page 40: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/40.jpg)
Approach
Web server source/binary not visible from client side.
Simulated attacks with traffic and application state monitoring
![Page 41: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/41.jpg)
41
App driver
![Page 42: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/42.jpg)
42
App driver
![Page 43: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/43.jpg)
43
Oracle
Simulated attack result needs to be confirmed– Previous works do this manually, not feasible for
massive testing.– To do this automatically, we need to learn visual
representation of application states.
![Page 44: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/44.jpg)
DEMO time
• Ssoscan.org
• Pick your favorite site, check if it’s secure.
![Page 45: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/45.jpg)
45
Evaluation: Dataset
Top US 20K sites (Quantcast.com) excluding DNS errors, 4xx/5xx response code.
google.comyoutube.comfacebook.commsn.comamazon.comtwitter.comebay.compinterest.comyahoo.combing.commicrosoft.com…
![Page 46: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/46.jpg)
Results overview17 913 valid test sites– 1 700 use Facebook SSO• 12% is vulnerable to misuse attacks• 8.5% potentially leaks credentials• 2.3% does not implement Facebook connect correctly
Not Vulnerable77.4%
Buggy 2.3%
Valid Top ranked sites (17913)
No Facebook SSO, 82.9 %
Timeout/error 7.6%
Facebook SSO, 9.5%
Vulnerable20.3%
1700 Sites using Facebook SSO
![Page 47: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/47.jpg)
Facebook SSO support vs. site ranking
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
% s
uppo
rting
FB
SSO
Site rank percentile (20K)1 10 20 30 40 50 60 70 80 90 100
![Page 48: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/48.jpg)
Misuse vulnerability vs. site ranking
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
% v
ulne
rabl
e
Site rank percentile (20K)1 10 20 30 40 50 60 70 80 90 100
![Page 49: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/49.jpg)
Trends
More popular sites tend to include Facebook SSO more.
However, big and popular websites are just as vulnerable as lower-profiled sites.
![Page 50: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/50.jpg)
Credential leakage vs. Site Ranking
Site rank percentile (20K)
1 10 20 30 40 50 60 70 80 90 100
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
% v
ulne
rabl
e
![Page 51: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/51.jpg)
![Page 52: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/52.jpg)
Credential leakage explained
OAuth credentials appears in the URL bar
http://www.dailymail.co.uk/registration/social/register.html?param__host=www.dailymail.co.uk¶m_code=AQCajy7bQs32zCXgMlcfNMeFA0Y-hRPN06guZI8doD9AfQJn7IDNUTniVnPiSf7cFVUFs4u_lKpHCmXi4XQStbLuPN1ur8ynzVY8zqENn3NK3UEK1S0AXeExzlRfUVCbilOler5YImj2HGak86kGzZcfuby3ATyJsEQTdc1fXmnw_nruVXj-jSiNiEKYuyOXQNfAYGDezZZkQe_81agmv7FxcgS9mUspWrnnHLi1nP_9ZpyBU5dUeMTsPV9qXbp3Vs2_3CcMVzd7Sma0s8A1xR-IH-D_Y9E96mdT_LKKU8lV_T-ZrphLCwYmj9PXXGZ9wrI#_=_
![Page 53: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/53.jpg)
HTTP response body
![Page 54: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/54.jpg)
Referrer header• GET http://tags.crwdcntrl.net/c/991/cc.js?ns=_cc991 HTTP/1.1• Host: tags.crwdcntrl.net• User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0• Accept: */*• Accept-Language: en-US,en;q=0.5• Accept-Encoding: gzip, deflate• Referer: http://www.dailymail.co.uk/registration/social/register.html?
param__host=www.dailymail.co.uk¶m_code=AQCajy7bQs32zCXgMlcfNMeFA0Y-hRPN06guZI8doD9AfQJn7IDNUTniVnPiSf7cFVUFs4u_lKpHCmXi4XQStbLuPN1ur8ynzVY8zqENn3NK3UEK1S0AXeExzlRfUVCbilOler5YImj2HGak86kGzZcfuby3ATyJsEQTdc1fXmnw_nruVXj-jSiNiEKYuyOXQNfAYGDezZZkQe_81agmv7FxcgS9mUspWrnnHLi1nP_9ZpyBU5dUeMTsPV9qXbp3Vs2_3CcMVzd7Sma0s8A1xR-IH-D_Y9E96mdT_LKKU8lV_T-ZrphLCwYmj9PXXGZ9wrI
• Cookie: _cc_aud="ABR4nCXRzyvDcRzH8fdKO0g7iBbWLhoOXFwpTXEZseVHDqKZmdayi2R%2B9N2UclD7Sn5FODj5C%2FwLWhzERRzMyUp%2BXBzxfH0vj96f9%2Bf9fn8%2Bn6%2BZWWw%2B6zXzhCtPR1GLmPnrHHPMEiXHgmZLvUSpU9g8F2dCiz23EP2G6RcYv4BkGEY9kP%2BiZ66LaHEXqg9gvcr%2Bv8w92DY7h7zktvJEmRJRn5r5JmCtAs0BqLmGwA%2BM6RDplHY2wOCkChLMWY0Qxa6gvo1BLWVyI41Qe0cucyL2oNipggc9Tzt1Sb3LyqPmvcGCDzqU8w%2FoSJ8UTLmK3mHjGWay5NJlIndfaKyrN3N3oKAuhQ%2BIH7MY0u8I3UCwCWYvIafjtg5DvKg7HEJ%2FNyzrYnOvf%2FwCWZyKIA%3D%3D"; _cc_cc="ACN4nGNQsDRPTTVNMjRNM0mxMEw0MDY1SU42NjY3sEhMM0wyMzRiAIKgzAK2P1t7qxgYGB1f350VCBJjYNt2bQ8jA8spBob%2FjIwMjEC57se1aALXrdAEHn1FE7jlhSrg%2F%2BUxkHG%2FASQAYjA2AIUFuBN2McFEYcpBstwJO7GKb21pQBi7tWczgrNcThxojSREx7L7uxEcZa63WM3iqm%2FALt56Aas4X0UcVvF2wXc4xA9jFS9YdA6reADvB6ziMnWaWMU5n%2FBjFQcAKcOBgg%3D%3D"; _cc_id=97ee5b15f4d81a0354cc33708af1b612; _cc_dc=0
• Connection: keep-alive
![Page 55: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/55.jpg)
http://bcp.crwdcntrl.net?
![Page 56: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/56.jpg)
Example vulnerable sites
Credential misuse cases:– Some dating website
• Personal information, relationship• Victim’s dates
– Some travel website• Personal information• Itinerary views or even changes
![Page 57: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/57.jpg)
Example vulnerable sites
Credential leakage cases:– Impersonation attacks (same as previous)– Unauthorized access to Facebook account• Post comments• Like pages, etc.
![Page 58: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/58.jpg)
Responses from vendors
20 vendors contacted.– Only got 8 responses– Only 2 are manual responses– 1 fixed as of now
Through a personal connection, we reached another vendor.– After first fix, vulnerability still exists– Second fix solved all issues
![Page 59: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/59.jpg)
Securing web apps is hard
OAuth/SSO
Web apps
LAMP stack
OS
Drivers
Hardware
Relying party serverClient
Third-party server
![Page 60: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/60.jpg)
Securing web apps is hard
Browser extensions/plugins
Browser
OS
Drivers
Hardware
Relying party serverClient
Third-party server
![Page 61: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/61.jpg)
Securing web apps is hard
Web app
LAMP
OS
Drivers
Hardware
Relying party serverClient
Third-party server
![Page 62: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/62.jpg)
OS Security is important!
ASLR
DEPAccess control
Kernel space protection
Firewall
DoS
SSL
![Page 64: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/64.jpg)
Web security (problems)
SSL/TLS security– Traffic manipulation
Cross-site request forgery (CSRF)– Force unsolicited transactions/POSTs
Online social network (OSN)– Fake accounts/comments/likes/tweets/…
Social engineering– Varies
![Page 65: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/65.jpg)
Web privacy (problems)
Third-party JavaScript– Web identity tracking– Behavioral/Contextual Ad targeting
Side channels– Infer user action/information
SSL/TLS security (crypto)– Eavesdropping
![Page 66: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/66.jpg)
Logic vulnerabilities
Lack of checking/sanitization– Buying stuff for nothing (or even negative price!)
Forget to check user against access control list– Get admin rights!
Misuse credentials– Authenticating Bob as Alice
![Page 67: Catching Pitfalls in Authentication Implementations (Yuchen Zhou)](https://reader035.vdocuments.us/reader035/viewer/2022081602/5550d651b4c905f2318b50cf/html5/thumbnails/67.jpg)
Integration type vs vulnerabilities
Integration Type Number of sites % of credential misuse % of credential leakage
All 1700 12% 8.5%
SDK 592 28.9% 3.5%
Widget 136 15.4% 2.2%
Custom code 972 1.3% 12.3%