Security analysis of eIDAS - the cross-country authentication scheme in europe
Abstract
In 2014, the European Commission released the eIDAS regulation to target the compatibility of cross-country electronic services within the European Union. eIDAS (electronic IDentification, Authentication, and Trust Services) defines implementation standards and technologies for electronic signatures, digital certificates, Single Sign-On (SSO), and trust services. It is based on well-established standards, such as SAML, to achieve high security and compatibility between EU countries.
In this paper, we present the first security study of authentication schemes used in eID services. Our security analysis shows that 7 of the 15 European eID services were vulnerable to XML-based attacks which enabled efficient Denial-of-Service (DoS) and Server Side Request Forgery (SSRF) attacks. On 5 of the 15 eID services, we were even able to exfiltrate locally stored files and send these files to an arbitrary domain. To support the developers and security teams of eID services, we implemented a Burp Suite extension to execute fully-automated or semi-automated tests. Additionally, we summarize best practices related to eID-based authentication and SSO in general.
References
[1]
ARMANDO, A., CARBONE, R., COMPAGNA, L., CUELLAR, J., PELLEGRINO, G., AND SORNIOTTI, A. From multiple credentials to browser-based single sign-on: Are we more secure? In IFIP International Information Security Conference (2011), Springer Berlin Heidelberg, pp. 68-79.
[2]
ARMANDO, A., CARBONE, R., COMPAGNA, L., CUELLAR, J., AND TOBARRA, L. Formal analysis of saml 2.0 web browser single sign-on: Breaking the saml-based single sign-on for google apps. In Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering (New York, NY, USA, 2008), FMSE '08, ACM, pp. 1-10.
[3]
AVIRAM, N., SCHINZEL, S., SOMOROVSKY, J., HENINGER, N., DANKEL, M., STEUBE, J., VALENTA, L., ADRIAN, D., HALDERMAN, J. A., DUKHOVNI, V., KÄSPER, E., COHNEY, S., ENGELS, S., PAAR, C., AND SHAVITT, Y. DROWN: Breaking TLS Using SSLv2. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, Aug. 2016), pp. 689-706.
[4]
BARTH, A., JACKSON, C., AND MITCHELL, J. C. Robust defenses for cross-site request forgery. In Proceedings of the 15th ACM conference on Computer and communications security (2008), ACM, pp. 75-88.
[5]
BATES, D., BARTH, A., AND JACKSON, C. Regular expressions considered harmful in client-side XSS filters. In Proceedings of the 19th international conference on World wide web (New York, NY, USA, 2010), WWW '10, ACM, pp. 91-100.
[6]
BLEICHENBACHER, D. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In Advances in Cryptology - CRYPTO '98, vol. 1462 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 1998.
[7]
BÖCK, H., SOMOROVSKY, J., AND YOUNG, C. Return of bleichenbacher?s oracle threat (robot).
[8]
BÖCK, H., ZAUNER, A., DEVLIN, S., SOMOROVSKY, J., AND JOVANOVIC, P. Noncedisrespecting adversaries: Practical forgery attacks on gcm in tls. IACR Cryptology ePrint Archive 2016 (2016), 475.
[9]
BRAY, T., PAOLI, J., SPERBERG-MCQUEEN, C. M., MALER, E., AND YERGEAU, F. Extensible Markup Language (XML) 1.0 (Fifth Edition). W3C Recommendation (2008).
[10]
BSI. Technical guideline tr-03130 eid-server. part 1: Functional specification, Oct. 2017.
[11]
BSI. Technische richtlinie tr-02102-1: Kryptographische verfahren: Empfehlungen und schlüssellängen, Jan. 2018.
[12]
CANTOR, S., KEMP, J., PHILPOTT, R., AND MALER, E. Assertions and protocols for the oasis security assertion markup language (saml) v2.0, Mar. 2005.
[13]
COMMISSION, E. eidas-node security considerations, version 1.0, 2018.
[14]
DIERKS, T., AND RESCORLA, E. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Aug. 2008. Updated by RFCs 5746, 5878, 6176, 7465, 7507, 7568, 7627, 7685, 7905, 7919.
[15]
EASTLAKE, D., REAGLE, J., HIRSCH, F., ROESSLER, T., IMAMURA, T., DILLAWAY, B., SIMON, E., YIU, K., AND NYSTRÖM, M. XML Encryption Syntax and Processing 1.1. W3C Candidate Recommendation (2012). http://www.w3.org/TR/2012/WD-xmlenc-core1-20121018.
[16]
EASTLAKE, D., REAGLE, J., SOLO, D., HIRSCH, F., AND ROESSLER, T. XML Signature Syntax and Processing (Second Edition). W3C Recommendation, June 2008. http://www.w3.org/TR/xmldsig-core/.
[17]
EASTLAKE, D., REAGLE, J., SOLO, D., HIRSCH, F., AND ROESSLER, T. XML Signature Syntax and Processing (Second Edition). W3C Recommendation (2008).
[18]
(EU), C. C. E. eidas - cryptographic requirements for the interoperability framework - tls and saml. https://ec.europa.eu/cefdigital/wiki/download/attachments/46992719/eidas_-_crypto_requirements_for_the_eidas_interoperability_framework_v1.0.pdf, 2015. Last accessed: 24.5.2018.
[19]
(EU), C. C. E. eidas - interoperability architecture version 1.00. https://ec.europa.eu/cefdigital/wiki/download/attachments/46992719/eidas_interoperability_architecture_v1.00.pdf, 2015. Last accessed: 24.5.2018.
[20]
(EU), C. C. E. F. eidas saml message format - version 1.0. https://ec.europa.eu/cefdigital/wiki/download/attachments/46992719/eidas_message_format_v1.0.pdf, 2015. Last accessed: 24.5.2018.
[21]
GROSS, T. Security analysis of the saml single sign-on browser/artifact profile. In Computer Security Applications Conference, 2003. Proceedings. 19th Annual (2003), IEEE, pp. 298-307.
[22]
GROSS, T., AND PFITZMANN, B. Saml artifact information flow revisited. In In IEEE Workshop on Web Services Security (WSSS) (2006), pp. 84-100.
[23]
GUPTA, S., AND GUPTA, B. B. Cross-site scripting (xss) attacks and defense mechanisms: classification and state-of-the-art. International Journal of System Assurance Engineering and Management 8, 1 (Jan 2017), 512-530.
[24]
HEIDERICH, M., SCHWENK, J., FROSCH, T., MAGAZINIUS, J., AND YANG, E. Z. mxss attacks: Attacking well-secured web-applications by using innerhtml mutations. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (New York, NY, USA, 2013), CCS '13, ACM, pp. 777-788.
[25]
HIRSCH, F., SOLO, D., REAGLE, J., EASTLAKE, D., AND ROESSLER, T. XML Signature Syntax and Processing (Second Edition). W3C recommendation, W3C, June 2008.
[26]
JAGER, T., PATERSON, K. G., AND SOMOROVSKY, J. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. In Network and Distributed System Security Symposium (NDSS) (February 2013).
[27]
JAGER, T., SCHINZEL, S., AND SOMOROVSKY, J. Bleichenbacher's attack strikes again: Breaking pkcs#1 v1.5 in xml encryption. In ESORICS (2012), pp. 752-769.
[28]
JAGER, T., SCHWENK, J., AND SOMOROVSKY, J. Practical Invalid Curve Attacks on TLS-ECDH. 20th European Symposium on Research in Computer Security (ESORICS) (2015).
[29]
JAGER, T., AND SOMOROVSKY, J. How To Break XML Encryption. In The 18th ACM Conference on Computer and Communications Security (CCS) (Oct. 2011).
[30]
KAKAVAS, I. The road to hell is paved with saml assertions, 2016.
[31]
KAKAVAS, I. The road to your codebase is paved with forged assertions, 2017.
[32]
KLEIN, A. Klein: Multiple vendors xml parser (and soap/web- services server) denial of service attack using dtd., 2002.
[33]
LEKIES, S., KOTOWICZ, K., GROSS, S., VELA NAVA, E. A., AND JOHNS, M. Code-reuse attacks for the web: Breaking cross-site scripting mitigations via script gadgets. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017), ACM, pp. 1709-1723.
[34]
LI, W., AND MITCHELL, C. J. Security issues in oauth 2.0 sso implementations. In International Conference on Information Security (2014), Springer, pp. 529-541.
[35]
LI, W., AND MITCHELL, C. J. Analysing the security of google's implementation of openid connect. In Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9721 (New York, NY, USA, 2016), DIMVA 2016, Springer-Verlag New York, Inc., pp. 357-376.
[36]
LUDWIG, K. Duo finds saml vulnerabilities affecting multiple implementations, February 2018.
[37]
MAINKA, C., MLADENOV, V., FELDMANN, F., KRAUTWALD, J., AND SCHWENK, J. Your software at my service: Security analysis of SaaS single sign-on solutions in the cloud. In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security (2014), CCSW '14.
[38]
MARSH, J., ORCHARD, D., AND VEILLARD, D. Xml inclusions (xinclude). W3C, version 1 (2006).
[39]
MAYER, A., NIEMIETZ, M., MLADENOV, V., AND SCHWENK, J. Guardians of the clouds: When identity providers fail. In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security (New York, NY, USA, 2014), CCSW '14, ACM, pp. 105-116.
[40]
MCINTOSH, M., AND AUSTEL, P. XML Signature Element Wrapping Attacks and Countermeasures. In SWS '05: Proceedings of the 2005 workshop on Secure web services (New York, NY, USA, 2005), ACM Press, pp. 20-27.
[41]
MELICHER, W., DAS, A., SHARIF, M., BAUER, L., AND JIA, L. Riding out domsday: Towards detecting and preventing dom cross-site scripting. Network and Distributed Systems Security (NDSS) Symposium 2018 (2018).
[42]
MEYER, C. 20 Years of SSL/TLS Research : An Analysis of the Internet's Security Foundation. PhD thesis, Ruhr-University Bochum, Feb. 2014.
[43]
MÖLLER, B., DUONG, T., AND KOTOWICZ, K. This poodle bites: exploiting the ssl 3.0 fallback. Security Advisory (2014).
[44]
MOZILLA. Content-security-policy - http | mdn, 2018.
[45]
OWASP. Content security policy cheat sheet, 2015.
[46]
OWASP. Saml security cheat sheet, 2017.
[47]
OWASP. Clickjacking defense cheat sheet, April 2018.
[48]
OWASP. Content security policy scanner, April 2018.
[49]
OWASP. Owasp secure headers project, April 2018.
[50]
OWASP. Samesite, 2018.
[51]
OWASP. Session management cheat sheet, April 2018.
[52]
OWASP. Tls cheat sheet, April 2018.
[53]
OWASP. Xml external entity (xxe) prevention cheat sheet, 2018.
[54]
PARLIAMENT, E., AND UNION, T. C. O. T. E. Regulation (eu) no 910/2014 of the european parliament and of the council. http://eur-lex.europa.eu/legalcontent/EN/TXT/PDF/?uri=CELEX:32014R0910&from=EN, 2014.
[55]
PORTSWIGGER. Burpsuite, April 2018.
[56]
REDTEAM. Truncation of saml attributes in shibboleth 2, January 2018.
[57]
RIKU, ANTTI, MATTI, AND MEHTA. Heartbleed, cve-2014-0160, 2015. http://heartbleed.com/.
[58]
SANSO, A. Slack saml authentication bypass, October 2017.
[59]
SCALZI, G. Content-security-policy: Misconfiguration and bypasses, 2016.
[60]
SCOTT CANTOR, FREDERICK HIRSCH, J. K. R. P. E. M. Bindings for the oasis security assertion markup language (saml) v2.0, March 2005.
[61]
SHEFFER, Y., HOLZ, R., AND SAINT-ANDRE, P. Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (Informational), Feb. 2015.
[62]
SOMOROVSKY, J. On the Insecurity of XML Security (Doctoral dissertation). Ruhr University Bochum, Germany, July 2013.
[63]
SOMOROVSKY, J., HEIDERICH, M., JENSEN, M., SCHWENK, J., GRUSCHKA, N., AND IACONO, L. L. All your clouds are belong to us - security analysis of cloud management interfaces. In The ACM Cloud Computing Security Workshop (CCSW) (Oct. 2011).
[64]
SOMOROVSKY, J., MAYER, A., SCHWENK, J., KAMPMANN, M., AND JENSEN, M. On breaking saml: Be whoever you want to be. In In Proceedings of the 21. USENIX Security Symposium (Bellevue, WA, Aug. 2012).
[65]
SPÄTH, C. Security implications of dtd attacks against a wide range of XML parsers. Master, Ruhr-University Bochum, Oktober 2015.
[66]
SPÄTH, C., MAINKA, C., MLADENOV, V., AND SCHWENK, J. Sok: Xml parser vulnerabilities. In 10th USENIX Workshop on Offensive Technologies (WOOT 16), Austin, TX (2016).
[67]
STONE, P. Next generation clickjacking, April 2010.
[68]
STUTTARD, D., AND PINTO, M. The web application hacker's handbook: Finding and exploiting security flaws. John Wiley & Sons, 2011.
[69]
SULLIVAN, B. Security briefs - xml denial of service attacks and defenses. https://msdn.microsoft.com/enus/magazine/ee335713.aspx, November 2009. Last accessed: 20.5.2018.
[70]
TIMOTHY D. MORGAN, O. A. I. Xml schema, dtd, and entity attacks. Tech. rep., VSR, May 2014.
[71]
VAUDENAY, S. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS... In Advances in Cryptology - EUROCRYPT 2002, vol. 2332 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg, Apr. 2002.
[72]
W3AF. Web application attack and audit framework (w3af), April 2018.
[73]
WEICHSELBAUM, L. Csp evaluator, 2016.
[74]
WEICHSELBAUM, L., SPAGNUOLO, M., LEKIES, S., AND JANC, A. Csp is dead, long live csp! on the insecurity of whitelists and the future of content security policy. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (Vienna, Austria, 2016).
[75]
WICHERS, D. Owasp top ten project. Tech. rep., OWASP, Sept. 2015.
[76]
ZALEWSKI, M. The tangled Web: A guide to securing modern web applications. No Starch Press, 2012.
Recommendations
Security Analysis of the Pomykala-Barabasz Scheme
In 2006, Pomykala and Barabasz [Fundamenta Informaticae 69 (2006) 411-425] proposed an elliptic curve based threshold proxy signature scheme which requires shorter cryptographic keys. They claimed that their scheme satisfies the secrecy, the proxy ...
Security Analysis of the Pomykala-Barabasz Scheme
In 2006, Pomykala and Barabasz [Fundamenta Informaticae 69 (2006) 411-425] proposed an elliptic curve based threshold proxy signature scheme which requires shorter cryptographic keys. They claimed that their scheme satisfies the secrecy, the proxy ...
Security analysis of an identity-based strongly unforgeable signature scheme
Identity-based signature (IBS) is a specific type of public-key signature (PKS) where any identity string ID can be used for the public key of a user. Although an IBS scheme can be constructed from any PKS scheme by using the certificate paradigm, it is ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
USENIX Association
United States
Publication History
Published: 13 August 2018
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 12 Nov 2024