Abstract
Microsoft has designed a user-centric identity metasystem encompassing a suite of various protocols for identity management. CardSpace is based on open standards, so that various applications can make use of the identity metasystem, including, for example, Microsoft Internet Explorer or Firefox (with some add-on). We therefore expect Microsoft’s identity metasystem to become widely deployed on the Internet and a popular target to attack. We examine the security of CardSpace against today’s Internet threats and identify risks and attacks. The browser-based CardSpace protocol does not prevent against replay of security tokens. Users can be impersonated and are potential victims of identity theft. We demonstrate the practicability of the flaw by presenting a proof of concept attack. Finally, we suggest several areas of improvement.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Nanda, A.: A technical reference for the information card profile v1.0 (2006)
Liberty Alliance Project: Liberty Phase 2 final specifications (2003)
Kaler, C. (ed.): A.N.: Web Services Federation Language (WS-Federation), Version 1.0, BEA and IBM and Microsoft and RSA Security and VeriSign (2003)
OASIS Standard: Security assertion markup language, SAML (2002), http://www.oasis-open.org/committees/security/docs/
Cantor, S., Erdos, M.: Shibboleth-architecture draft v05 (2002)
Microsoft Corporation: .NET Passport documentation, in particular Technical Overview, and SDK 2.1 Documentation (started 1999) (2001)
Kormann, D., Rubin, A.: Risks of the passport single signon protocol. Computer Networks 33(1-6), 51–58 (2000)
Groß, T.: Security analysis of the SAML single sign-on browser/artifact profile. In: ACSAC 2003. IEEE Computer Society, Los Alamitos (2003)
Groß, T., Pfitzmann, B.: SAML artifact information flow revisited. In: Workshop on Web Services Security. IEEE Computer Society, Los Alamitos (2006)
Pfitzmann, B., Waidner, M.: Analysis of liberty single-sign-on with enabled clients. IEEE Internet Computing 7(6), 38–44 (2003)
Bertocci, V., Garrett Serack, C.B.: Understanding windows cardspace, pp. 224–247. Addison-Wesley, Reading (2007)
Personal communication with participants of dagstuhl seminar 09141 on web application security (March 2009)
Kaminsky, D.: It’s the end of the cache as we know it (2008), http://www.doxpara.com/DMK_BO2K8.ppt
Zuchlinski, G.: The anatomy of cross site scripting (2003)
Jovanovic, N., Kirda, E., Kruegel, C.: Preventing cross site request forgery attacks. In: Securecomm and Workshops, pp. 1–10 (2006)
Kirda, E., Krügel, C., Vigna, G., Jovanovic, N.: Noxes: a client-side solution for mitigating cross-site scripting attacks, pp. 330–337. ACM, New York (2006)
Stamm, S., Ramzan, Z., Jakobsson, M.: Drive-by pharming. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 495–506. Springer, Heidelberg (2007)
Jackson, C., Barth, A., Bortz, A., Shao, W., Boneh, D.: Protecting browsers from dns rebinding attacks. In: CCS 2007, pp. 421–431. ACM, New York (2007)
Karlof, C., Shankar, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: CCS 2007, pp. 58–71. ACM, New York (2007)
Akritidis, P., Chin, W.Y., Lam, V.T., Sidiroglou, S., Anagnostakis, K.G.: Proximity breeds danger: emerging threats in metro-area wireless networks. In: SS 2007, pp. 1–16. USENIX Association (2007)
Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.R., Schwenk, J.: Universally composable security analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 313–327. Springer, Heidelberg (2008)
Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for md5 and the creation of a rogue ca certificate. In: Crypto 2009. Springer, Heidelberg (to appear, 2009)
Dhamija, R., Tygar, J.D., Hearst, M.A.: Why phishing works. In: CHI, pp. 581–590. ACM, New York (2006)
Schechter, S., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: Symposium on Security and Privacy, pp. 51–65. IEEE Computer Society, Los Alamitos (2007)
Herzberg, A.: Why Johnny can’t surf (safely)? attacks and defenses for web users. Elsevier Computers & Security 28(1-2), 63–71 (2009)
Jackson, C., Simon, D.R., Tan, D.S., Barth, A.: An evaluation of extended validation and picture-in-picture phishing attacks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 281–293. Springer, Heidelberg (2007)
Jackson, C., Barth, A.: Beware of finer-grained origins. In: W2SP 2008 (2008)
Oppliger, R., Hauser, R., Basin, D.: Ssl/tls session-aware user authentication. Computer 41(3), 59–65 (2008)
Rescorla, E.: Keying material extractors for transport layer security (tls). IEFT Internet-Draft (2008)
Dierks, T., Allen, C.: RFC2246, The tls protocol version 1.0 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gajek, S., Schwenk, J., Steiner, M., Xuan, C. (2009). Risks of the CardSpace Protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-04474-8_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04473-1
Online ISBN: 978-3-642-04474-8
eBook Packages: Computer ScienceComputer Science (R0)