270 likes | 286 Views
SINGLE SIGN ON AND SECURITY. By Mwamini Naggayi CS 795 MW. Outline. Introduction What is single sign on? Protocols Purpose Benefits Risk Conclusion Demos (Not available) References. Introduction.
E N D
SINGLE SIGN ON AND SECURITY By Mwamini Naggayi CS 795 MW
Outline • Introduction • What is single sign on? • Protocols • Purpose • Benefits • Risk • Conclusion • Demos (Not available) • References Single Sign On & Security
Introduction • As computer systems increases to support business processes, users and system administrators are faced with an increasingly complicated interface to accomplish their job functions. Users typically have to sign-on to multiple systems, with an equivalent number of sign-on dialogues, each of which may involve different usernames and authentication information. • System administrators are also faced with managing user accounts within each of the multiple systems to be accessed in a co-coordinated manner in order to maintain the integrity of security policy enforcement. This legacy approach to user sign-on to multiple systems is illustrated below: Single Sign On & Security
Legacy Approach :User Sign-on to Multiple Systems Single Sign On & Security
Legacy Approach: User Sign-on to Multiple Systems • Those components act as independent domains in the sense that end-user has to identify and authenticate himself independently to each of the domains s/he wishes to interact with • To invoke the services of a secondary domain end user is required to perform a Secondary Domain Sign-on • From the management perspective the legacy approach requires independent management of each domain and the use of multiple user account management interfaces Single Sign On & Security
What is single sign on? • Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where s/he has access permission, without the need to enter multiple passwords. • The user needs to authenticate only once and the authenticated identity is securely carried across the network to access resources on behalf of the user. Single Sign On & Security
Purpose of single sign on • Develop applications to provide a common, single end-user sign-on interface for an enterprise • The development of applications for the co-coordinated management of multiple “user account management information bases” maintained by an enterprise. • Users only need to remember one username and password, and authentication can be provided for multiple services. Single Sign On & Security
Protocols: Single sign on • Kerberos is a computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. • Kerberos single sign-on is possible because all of the services are under the same administrative control. There is a centralized database containing keys that are shared with each service, and tickets can be issued, encrypted under the keys of the target services. Single Sign On & Security
Protocols: Single sign on • Passport protocol makes Single sign-on on the web sites possible gaining authenticated access to multiple and independent web services • Passport is a protocol that enables users to sign onto many different merchants' web pages by authenticating themselves only once to a common server Single Sign On & Security
How Passport works • Passport model: has three entities: the client at a web browser, the merchant store, and the Passport login server. • Login server maintains authentication and customer profile information for the client and gives the merchant access to this information when permitted by the client • Passport divides client data into profile info and the wallet, that contains credit card info • Passport's protocols are designed to enable the secure transfer of the profile and wallet info between the Passport server and the merchants. Single Sign On & Security
How Passport works Single Sign On & Security
Benefits: Single sign-on • Reduction in the time taken by users in sign-on operations to individual domains. • Improved security through the reduced need for a user to handle and remember multiple sets of authentication information. • Reduction in time taken, and improved response, by system administrators in adding and removing users to the system or modifying their access rights. • Single sign-on reduces human error, a major component of systems failure. Single Sign On & Security
Benefits of single sign-on • Improved security through the enhanced ability of system administrators to maintain the integrity of user account configuration including the ability to inhibit or remove an individual user’s access to all system resources in a co-coordinated and consistent manner. Single Sign On & Security
Single User Sign-On To Multiple Services Single Sign On & Security
Single User Sign-On To Multiple Services The information supplied by the end-user as part of the Primary Domain Sign-On procedure may be used in support of secondary domain sign-on in several ways: • Directly: the information supplied by the user is passed to a secondary domain as part of a secondary sign-on. • Indirectly: the information supplied by the user is used to retrieve other user identification and user credential information stored within the a single sign-on management information base. The retrieved information is then used as the basis for a secondary domain sign-on operation. • Immediately: to establish a session with a secondary domain as part of the initial session establishment. This implies that application clients are automatically invoked and communications established at the time of the primary sign-on operation. • Temporarily: stored or cached and used at the time a request for the secondary domain services is made by the end-user. Single Sign On & Security
Risks: Single Sign on • The secondary domains have to trust the primary domain to: • correctly assert the identity and authentication credentials of the end user, protect the authentication credentials used to verify the end user identity to the secondary domain from unauthorized use. • The authentication credentials have to be protected when transferred between the primary and secondary domains against threats arising from interception or eavesdropping leading to possible impersonating attacks. • Single sign-on highly desirable but difficult to implement. Single Sign On & Security
Risk: Single sign on • When security is compromised, single sign on allows access to firewalls, systems, etc. • Passport uses the existing web technologies to the best of its abilities. Unfortunately, the resulting implementing protocol poses several risks to the user • User interface confusion: Merchant site that uses Passport displays a Passport sign-out icon which is supposed to remove Passport cookies but a user may only sign-out in one account and not passport account. • Passport establishes a centralized service trusted by all others to make authoritative decisions about the authenticity of a user. Compromise of this central service would be particularly disastrous since service maintains consumer profile info on all registered users Single Sign On & Security
Risk: Single sign on • Passport system is too dependant on cookies. Passport cookies, are used as proofs of authentication and its lifetimes are determined only by the lifetime of the web browser and the (encrypted) time window in the cookie. If a user forget to logout on a public machine, a Passport account could leave valid authentication tokens behind on the machine for any user to recover. • In Passport, where cookies stand in for tickets, possession of the cookie is all that is necessary to impersonate the valid user of that cookie. No further proof is required which is dangerous on public machine. At least in Kerberos, the client must send an authenticator that proves knowledge of the key inside the ticket. Single Sign On & Security
Conclusion • The best way to protect your interests is to ensure that any SSO software offered by any company provides some level of guarantee to meet the needs of the organization security. • The need for tools to help users manage authentication and personal information across a variety of sites are increasingly critical. Passport is an ambitious attempt to meet those needs and requires no changes to existing browsers and servers. However, the system carries significant risks to users Single Sign On & Security
Site one Public pages Default.aspx Web config Secure folder httpsPage.aspx login.aspx Site two Public Pages default.aspx Web config Secure folder httpsPage.aspx Demo: Two Site files Single Sign On & Security
Demos: Default page on slide site 1 Single Sign On & Security
Demos: Web config site one <authentication mode="Forms"> <forms loginUrl="Secure\login.aspx” protection="All" requireSSL="true“ timeout="10“ name="FormsAuthCookie" path="/FormsAuth“ slidingExpiration="true" /> </authentication> <!-- For SSO Test --> <machineKey validationKey="C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E34 00267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE" decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1"/> <!-- The restricted folder is for authenticated and SSL access only. --> <location path="Secure" > <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> Single Sign On & Security
Site one: default.aspx.cs private void SecureButton_Click(object sender, System.EventArgs e) { UriBuilder uri = new UriBuilder( Uri.UriSchemeHttps, Request.Url.Host ); uri.Path = Path.Combine( Request.ApplicationPath , "Secure/httpsPage.aspx" ); Response.Redirect( uri.ToString() ); } Single Sign On & Security
Secure folder One: Login.aspx.cs private void Page_Load(object sender, System.EventArgs e) { try { // For different domains, should use the cookie domain HttpCookie formsCookie = FormsAuthentication.GetAuthCookie( UserId.Text, false ); formsCookie.Domain = "localhost.com"; Response.AppendCookie( formsCookie ); Response.Redirect( FormsAuthentication.GetRedirectUrl( UserId.Text, false ) ); FormsAuthentication.RedirectFromLoginPage( UserId.Text, false ); } } private void LoginButton_Click(object sender, System.EventArgs e) { UriBuilder uri = new UriBuilder( Uri.UriSchemeHttp, Request.Url.Host ); uri.Path = Path.Combine( Request.ApplicationPath , "default.aspx" ); Response.Redirect( uri.ToString() ); } Single Sign On & Security
Secure folder one: httpsPage.aspx.cs private void LogoutButton_Click(object sender, System.EventArgs e) { System.Web.Security.FormsAuthentication.SignOut(); HttpCookie formsCookie = Request.Cookies[ FormsAuthentication.FormsCookieName ]; formsCookie.Domain = "localhost.com"; formsCookie.Expires = DateTime.Now.AddDays(-1); Response.Cookies.Add(formsCookie); Response.Redirect( Request.Url.ToString() ); } private void BackButton_Click(object sender, System.EventArgs e) { UriBuilder uri = new UriBuilder( Uri.UriSchemeHttp, Request.Url.Host ); uri.Path = Path.Combine( Request.ApplicationPath , "default.aspx" ); Response.Redirect( uri.ToString() ); } private void SiteTwoButton_Click(object sender, System.EventArgs e) { Response.Redirect( "https://localhost/FormsAuth2/Secure/httpsPage.aspx" ); } Single Sign On & Security
Demos: Web config first site private void LinkButton1_Click(object sender, System.EventArgs e) { UriBuilder uri = new UriBuilder( Uri.UriSchemeHttps, Request.Url.Host ); uri.Path = Path.Combine( Request.ApplicationPath , "Secure/httpsPage.aspx" ); Response.Redirect( uri.ToString() ); } Single Sign On & Security
References • http://www.opengroup.org/security/sso/ • http://www.enterasys.com/solutions/secure-networks/single_sign-on/ • http://www.scmagazine.com/us/grouptest/details/2a136ba7-b164-4346-974e-1afcc4d628e2/single+sign-on+2005/ • http://www.imprivata.com/content3208.html • http://avirubin.com/passport.html • http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx • http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/singlesignon.asp Single Sign On & Security