- Security '12 Home
- Registration Information
- Registration Discounts
- Organizers
- At a Glance
- Calendar
- Technical Sessions
- Workshops
- Hotel & Travel Information
- Poster Session
- Rump Session
- Birds-of-a-Feather Sessions
- Sponsors
- Activities
- Students
- Questions?
- For Participants
- Help Promote
- Call for Papers
- Past Proceedings
sponsors
usenix conference policies
On Breaking SAML: Be Whoever You Want to Be
Juraj Somorovsky, Ruhr-University Bochum; Andreas Mayer, Adolf Würth GmbH & Co. KG; Jörg Schwenk, Marco Kampmann, and Meiko Jensen, Ruhr-University Bochum
The Security Assertion Markup Language (SAML) is a widely adopted language for making security statements about subjects. It is a critical component for the development of federated identity deployments and Single Sign-On scenarios. In order to protect integrity and authenticity of the exchanged SAML assertions, the XML Signature standard is applied. However, the signature verification algorithm is much more complex than in traditional signature formats like PKCS#7. The integrity protection can thus be successfully circumvented by application of different XML Signature specific attacks, under a weak adversarial model.
In this paper we describe an in-depth analysis of 14 major SAML frameworks and show that 11 of them, including Salesforce, Shibboleth, and IBM XS40, have critical XML Signature wrapping (XSW) vulnerabilities. Based on our analysis, we developed an automated penetration testing tool for XSW in SAML frameworks. Its feasibility was proven by additional discovery of a new XSW variant. We propose the first framework to analyze such attacks, which is based on the information flow between two components of the Relying Party. Surprisingly, this analysis also yields efficient and practical countermeasures.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Juraj Somorovsky and Andreas Mayer and J{\"o}rg Schwenk and Marco Kampmann and Meiko Jensen},
title = {On Breaking {SAML}: Be Whoever You Want to Be},
booktitle = {21st USENIX Security Symposium (USENIX Security 12)},
year = {2012},
isbn = {978-931971-95-9},
address = {Bellevue, WA},
pages = {397--412},
url = {https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/somorovsky},
publisher = {USENIX Association},
month = aug
}
connect with us