WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring (original) (raw)
Related papers
IAEME PUBLICATION, 2022
The OAuth protocol has emerged as a vital component within contemporary web applications, facilitating the secure authentication and authorization of users for thirdparty services. Nonetheless, the widespread adoption of OAuth has heightened concerns regarding potential security vulnerabilities. This research endeavors to conduct a thorough security evaluation of the OAuth protocol as implemented in modern web applications, aiming to both identify and mitigate these risks. By scrutinizing the OAuth 2.0 specification in the context of contemporary systems-centric attacks, this study reveals vulnerabilities such as redirect_uri validation weaknesses that leave Identity Providers susceptible to redirect confusion and brute-force attacks on OAuth client_credentials grant types. Furthermore, it delves into the misuse of the scope parameter, demonstrating its potential for enabling unauthorized access. Through the presentation of end-to-end attack scenarios, which amalgamate various attack techniques with prevalent web application vulnerabilities, this research elucidates the possibility of complete compromise in the secure delegated access promised by OAuth 2.0. Moreover, the study includes the development of a laboratory environment tailored for a common OAuth scenario, intended to aid developers and security researchers in simulating exploitation and fostering a deeper understanding of the associated risks.
Provably Sound Browser-Based Enforcement of Web Session Integrity
2014 IEEE 27th Computer Security Foundations Symposium, 2014
Enforcing protection at the browser side has recently become a popular approach for securing web authentication. Though interesting, existing attempts in the literature only address specific classes of attacks, and thus fall short of providing robust foundations to reason on web authentication security. In this paper we provide such foundations, by introducing a novel notion of web session integrity, which allows us to capture many existing attacks and spot some new ones. We then propose FF + , a securityenhanced model of a web browser that provides a fullfledged and provably sound enforcement of web session integrity. We leverage our theory to develop SESSINT, a prototype extension for Google Chrome implementing the security mechanisms formalized in FF + . SESSINT provides a level of security very close to FF + , while keeping an eye at usability and user experience.
Universally Composable Security Analysis of OAuth v2. 0
2011
This paper defines an ideal functionality for delegation of web access to a third-party where the authentication mechanism is password-based. We give a universally-composable (UC) realization of this ideal functionality assuming the availability of an SSL-...
Surviving the Web: A Journey into Web Session Security
In this paper we survey the most common attacks against web sessions, i.e., attacks which target honest web browser users establishing an authenticated session with a trusted web application. We then review existing security solutions which prevent or mitigate the different attacks, by evaluating them along four different axes: protection, usability, compatibility and ease of deployment. We also assess several defensive solutions which aim at providing robust safeguards against multiple attacks. Based on this survey, we identify five guidelines that, to different extents, have been taken into account by the designers of the different proposals we reviewed. We believe that these guidelines can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way.
Formal analysis of Facebook Connect single sign-on authentication protocol
SOFSEM
We present a formal analysis of the authentication protocol of Facebook Connect, the Single Sign-On service offered by the Facebook Platform which allows Facebook users to login to affiliated sites. Formal specification and verification have been carried out using the specification language HLPSL and AVISPA, a state-of-the-art verification tool for security protocols. AVISPA has revealed two security flaws, one of which (previously unheard of, up to our knowledge) allows an intruder to impersonate a user at a service provider affiliated with Facebook. To address this problem, we propose a modification of the protocol, by adding a message authentication mechanism; this protocol has been verified with AVISPA to be safe from the masquerade attack. Finally, we sketch a JavaScript implementation of the modified protocol.
WebMC for Browser Based Protocol Verification
ComputaciĆ³n y Sistemas, 2017
A browser based protocol is the chief security component of a safety critical web application, such as e-banking. Accordingly, browser based protocols need to be thoroughly verified in order to guarantee they are up to comply with key security properties. To this end, we have developed WebMC, a model checker especially designed to consider web standards, with the aim of analyzing browser based protocol execution, as encompassed by the interactions of a typical user, a browser, and active attacker playing the role of the network, and one or more servers. In this paper, we shall show how to use WebMC in the design and the development of browser based protocols. Our tool has been successfully validated: WebMC has been able to reproduce a number of the verification results found in the literature, but fully automatically.
Formal analysis of SAML 2.0 web browser single sign-on
Proceedings of the 6th ACM workshop on Formal methods in security engineering - FMSE '08, 2008
Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which clients sign in the system once and yet are able to access to services offered by different companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile is the emerging standard in this context. In this paper we provide formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications). We have mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols. SATMC has revealed a severe security flaw in the protocol used by Google that allows a dishonest service provider to impersonate a user at another service provider. We have also reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications. This security flaw of the SAML-based SSO for Google Applications was previously unknown.
Enhancing Session Security on Browser with Disposable Credentials using OTC
International Journal for Research in Applied Science and Engineering Technology, 2020
Many web applications are vulnerable to session hijacking attacks due to the insecure use of cookies for session management. The most recommended defense against this threat is to completely replace HTTP with HTTPS. However, this approach presents several challenges (e.g., performance and compatibility concerns) and therefore, has not been widely adopted. In this paper, "One-Time Cookies" (OTC), an HTTP session authentication protocol for improving session hijacking features, easy to deploy and resistant to session hijacking. OTC's security relies on the use of disposable credentials based on a modified browsers name. Experiments demonstrate the ability to maintain session integrity with a throughput improvement over HTTPS and a performance approximately similar to a cookie-based approach, Here I have Created web configuration page based on that it will fetch IP address, After that based on each session OTC will be generated, In doing so, I demonstrate that one-time cookies can significantly improve the security of web sessions with minimal changes to current infrastructure and browser page.
Secure Web Browsing with the OP Web Browser
2008 IEEE Symposium on Security and Privacy (sp 2008), 2008
Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we design and implement a new browser, called the OP web browser, that attempts to improve the state-of-the-art in browser security. Our overall design approach is to combine operating system design principles with formal methods to design a more secure web browser by drawing on the expertise of both communities. Our overall design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce our new browser security features. To show the utility of our browser architecture, we design and implement three novel security features. First, we develop novel and flexible security policies that allows us to include plugins within our security framework. Our policy removes the burden of security from plugin writers, and gives plugins the flexibility to use innovative network architectures to deliver content while still maintaining the confidentiality and integrity of our browser, even if attackers compromise the plugin. Second, we use formal methods to prove that the address bar displayed within our browser user interface always shows the correct address for the current web page. Third, we design and implement a browserlevel information-flow tracking system to enable post-mortem analysis of browser-based attacks. If an attacker is able to compromise our browser, we highlight the subset of total activity that is causally related to the attack, thus allowing users and system administrators to determine easily which web site lead to the compromise and to assess the damage of a successful attack. To evaluate our design, we implemented OP and tested both performance and filesystem impact. To test performance, we measure latency to verify OP's performance penalty from security features are be minimal from a users perspective. Our experiments show that on average the speed of the OP browser is comparable to Firefox and the audit log occupies around 80KB per page on average.
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)
2021
The authorization request in OAuth 2.0 described in RFC 6749 utilizes query parameter serialization, which means that Authorization Request parameters are encoded in the URI of the request and sent through user agents such as web browsers. While it is easy to implement, it means that (a) the communication through the user agents are not integrity protected and thus the parameters can be tainted, and (b) the source of the communication is not authenticated. Because of these weaknesses, several attacks to the protocol have now been put forward. This document introduces the ability to send request parameters in a JSON Web Token (JWT) instead, which allows the request to be signed with JSON Web Signature (JWS) and encrypted with JSON Web Encryption (JWE) so that the integrity, source authentication and confidentiality property of the Authorization Request is attained. The request can be sent by value or by reference. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts.