Achin Kulshrestha

Paper Title

O'Dea Assertions-Untwining the Security of the SAML protocol.

Abstract

Single sign-on (SSO) systems have gained immense popularity and the backbone of this authentication mechanism is the Security Assertion Markup language or SAML. SAML is an XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, it allows for Browser based authentication and other authorization use cases such as cross-domain single sign-on between an Identity Provider and a Service Provider. Since SAML assertions act as an identity for the subject or principal whom the Service Provider is going to honor, the veracity of these assertions is critical. The XML signature related attacks such as Signature Exclusion attacks and signature wrapping attack (XSW) had affected most of the common SAML implementations. Also, SAML attributes which go as part of the SAML request and response are used to make critical decisions cross domain, therefore it is imperative their implementation is secure and fuzz testing of these parameters is necessary. In this talk, we will deep dive into the intricacies of SAML protocol security and we will also discuss the approach to asynchronously fuzz SAML assertions to find issues in proprietary SAML implementations.

Speaker Bio

Achin Kulshrestha works as a Senior Security Researcher helping product teams develop secure software using innovative methods to detect loopholes and anticipate vulnerabilities through design review, threat modeling, and auditing of code. His interest in security gained momentum after his college research on Wireless honeypots got him a Microsoft scholarship award and it has been a love affair ever since. Achin's current areas of research include protocol reverse engineering, cryptography and Browser Security. In addition, he performs vulnerability research, currently focusing on vulnerability discovery using fuzzing techniques.