Formal Analysis of A Single Sign-on Protocol Implementation for Android
By: Quanqi Ye, Guangdong Bai, Kailong Wang, Jin Song Dong
Single Sign On (SSO)
LumiNUS
TalentConnect
NUSync
EduRec
Google "VAFS NUS"
Roles
Client
Service Provider (SP)
Identity Provider (iDP)
Authentication vs Authorization
SSO Implementations
EduRec Login
SAML
- Security Assertion Markup Language
- XML Assertions
- Authentication
Workflow
LumiNUS Login
OAuth
- Open Authorization (not Authentication)
- Implementation not specified by RFC 6749
- More widely used than SAML
Workflow
NUS OpenID
Open ID Connect
- Authentication protocol
- JWT Token
- Scopes
Combined Workflow
Paper Discussion
Mobile vs Web
- No real-time malware detection
- No Same Origin Policy (SOP) implementation
Assumptions
- Facebook iDP servers are trusted
- Crypto communication algorithms are secure
- Android OS is not compromised
Facebook SDK -> Protocol -> Proverif
Formal Analysis
- Protocol Extraction
- Protocol Modelling
- Protocol Verification & Vulnerability Analysis
Protocol Extraction
- Static Source Code Analysis
- Capturing Network Traffic
- Protocol Semantics Inference
Challenges
- Partial availability of source code
- Undocumented semantics
Solution
- Black box analysis of server
- White box analysis of client
Protocol Modelling
- Intermediate form
- Security properties
Protocol Verification & Vulnerability Analysis
Attackers
Results
Future Work
- Machine learning aided source code analysis
- Other devices, other SSO implementations
- Additional Biometric authentication
CS2309 Presentation
By Aadit Kamat
CS2309 Presentation
This is my presentation for CS2309 (CS Research Methodology) which discusses the paper "Formal Implementation of a Single Sign On Protocol Implementation for Android" by Quanqi Ye et.al. in an ICECSS Conference in 2015
