AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations

Ideally, security protocol implementations should be formally verified before they are deployed. However, this is not true in practice. Numerous high-profile vulnerabilities have been found in web authentication protocol implementations, especially in single-sign on (SSO) protocols implementations recently. Much of the prior work on authentication protocol verification has focused on theoretical foundations and building scalable verification tools for checking manually-crafted specifications [17, 18, 44]. In this paper, we address a complementary problem of automatically extracting specifications from implementations. We propose AUTHSCAN, an end-to-end platform to automatically recover authentication protocol specifications from their implementations. AUTHSCAN finds a total of 7 security vulnerabilities using off-the-shelf verification tools in specifications it recovers, which include SSO protocol implementations and custom web authentication logic of web sites with millions of users.

[1]  Kirstie Hawkey,et al.  Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures , 2012, Computers & security.

[2]  Martín Abadi,et al.  A Calculus for Cryptographic Protocols: The spi Calculus , 1999, Inf. Comput..

[3]  Cas J. F. Cremers,et al.  The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols , 2008, CAV.

[4]  Guofei Gu,et al.  TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[6]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[7]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[8]  XiaoFeng Wang,et al.  InteGuard: Toward Automatic Protection of Third-Party Web Service Integrations , 2013, NDSS.

[9]  P. Saxena,et al.  The Emperor ’ s New APIs : On the ( In ) Secure Usage of New Client-side Primitives , 2010 .

[10]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[11]  Jun Sun,et al.  PAT: Towards Flexible Verification under Fairness , 2009, CAV.

[12]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[13]  Thomas Groß Security analysis of the SAML single sign-on browser/artifact profile , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[14]  Dawn Xiaodong Song Athena: a new efficient automatic checker for security protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[15]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[16]  Dawn Xiaodong Song,et al.  Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[17]  Avik Chaudhuri,et al.  Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[18]  XiaoFeng Wang,et al.  Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services , 2012, 2012 IEEE Symposium on Security and Privacy.

[19]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[20]  Jörg Schwenk,et al.  On Breaking SAML: Be Whoever You Want to Be , 2012, USENIX Security Symposium.

[21]  Steve Hanna,et al.  FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.

[22]  Giorgio Delzanno,et al.  Automatic Verification of Time Sensitive Cryptographic Protocols , 2004, TACAS.

[23]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[24]  Caterina Urban,et al.  Formal analysis of Facebook Connect Single Sign-On authentication protocol , 2010 .

[25]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[26]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[27]  Bruno Blanchet,et al.  Computationally Sound Mechanized Proofs of Correspondence Assertions , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[28]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[29]  Andy Chou,et al.  A simple method for extracting models from protocol code , 2001, Proceedings 28th Annual International Symposium on Computer Architecture.

[30]  Martín Abadi,et al.  A semantics for a logic of authentication (extended abstract) , 1991, PODC '91.

[31]  Hanne Riis Nielson,et al.  Using static analysis to validate the SAML single sign-on protocol , 2005, WITS '05.

[32]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[33]  Jan Jürjens,et al.  Extracting and verifying cryptographic models from C protocol code by symbolic execution , 2011, CCS '11.