publications | Christian Mainka

IT security conferences, the most important publication medium in my area, use the CORE ranking. Top-tier conferences are ranked A* (filter). You can find my citation profiles below.

Total: 46. Peer Reviewed: 31. Rank A*: 11. Awarded: 3.

2024

EuroS&P
SoK: SSO-MONITOR — The Current State and Future Research Directions in Single Sign-On Security Measurements

Louis Jannett, Maximilian Westers, Tobias Wich, Christian Mainka, Andreas Mayer, and Vladislav Mladenov

In European Symposium on Security and Privacy (Euro S&P), Vienna, Austria, accepted papers: 45/208 = 22%, Jul 2024

Abs Bib PDF Code Website

Single Sign-On (SSO) with OAuth 2.0 and OpenID Connect 1.0 is essential for user authentication and authorization on the Internet. Billions of users rely on SSO services provided by Google, Facebook, and Apple. For large-scale measurements on the security of SSO, researchers need to reliably detect SSO implementations in the wild. In this paper, we survey the current state of 36 SSO measurement tools from prior work and discover gaps leading to blind spots in the SSO landscape that hinder the community from improving large-scale research. We observe unreliable measurements and a lack of reproducibility, making comparisons between studies difficult, if not impossible. We fill these gaps with SSO-Monitor, our open-source, modular, and highly extensible framework for large-scale SSO landscape and security measurements. SSO-Monitor achieves a high accuracy of 93% and, compared to prior tools, significantly improves the reliability of SSO measurements by 19%. It continuously takes snapshots of SSO implementations on the top 1M websites to compose an SSO archive that is reproducible by design. Therefore, it passively monitors the SSO flows and provides an extensive set of landscape and security insights on sso-monitor.me. Our SSO archive allows researchers to conduct comprehensive measurements over time and even beyond the scope of SSO. We use the data in our SSO archive to measure the security of 89k SSO authentication flows on the top 1M websites. Thereby, we discover 33k violations of the OAuth Security Best Current Practices and 339 severe security vulnerabilities. They include 30 username and password leaks and 28 token leaks that enable full account takeovers.
@inproceedings{jannettSoKSSOMONITORCurrent2024, title = {{{SoK}}: {{SSO-MONITOR}} — {{The Current State}} and {{Future Research Directions}} in {{Single Sign-On Security Measurements}}}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Jannett, Louis and Westers, Maximilian and Wich, Tobias and Mainka, Christian and Mayer, Andreas and Mladenov, Vladislav}, date = {2024-07-08}, publisher = {IEEE}, location = {Vienna, Austria}, url = {https://eurosp2024.ieee-security.org/program.html#paper192}, eventtitle = {{{EuroS}}\&{{P}}}, month = jul, }

2023

CCS
Finding All Cross-Site Needles in the DOM Stack: A Comprehensive Methodology for the Automatic XS-Leak Detection in Web Browsers

Dominik Noß, Lukas Knittel, Christian Mainka, Marcus Niemietz, and Jörg Schwenk

In ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, accepted papers: 234/1222 = 19%, Nov 2023

Abs Bib PDF Code Website

Cross-Site Leaks (XS-Leaks) are a class of vulnerabilities that allow a web attacker to infer user state from a target web application cross-origin. Fixing XS-Leaks is a cat-and-mouse game: once a published vulnerability is fixed, a variant is discovered. To end this game, we propose a methodology to find all leak techniques for a given state-dependent resource and a set of inclusion method. We translate a website’s DOM at runtime into a directed graph. We execute this translation twice, once for each state. The outputs are two slightly different graphs. We then get the set of all leak techniques by computing these two graphs’ differences. The remaining nodes and edges differ between the two states, and the corresponding DOM properties and objects can be observed cross-origin. We implemented AutoLeak, our open-source solution for automatically detecting known and yet unknown XS-Leaks in web browsers and websites. For our systematic study, we focus on XS-Leak test cases for web browsers with detectable differences induced by HTTP headers. We created and evaluated a total of 151776 test cases in Chrome, Firefox, and Safari. AutoLeak executed them automatically without human interaction and identified up to 8403 leak techniques per test case. On top, AutoLeak’s systematic evaluation uncovers 5 novel classes of XS-Leaks based on leak techniques that allow detecting novel HTTP headers cross-origin. We show the applicability of our methodology on 24 web sites in the Tranco Top 50 and uncovered XS-Leaks in 20 of them.
@inproceedings{nossFindingAllCrossSite2023, title = {Finding {{All Cross-Site Needles}} in the {{DOM Stack}}: {{A Comprehensive Methodology}} for the {{Automatic XS-Leak Detection}} in {{Web Browsers}}}, booktitle = {{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}}, author = {Noß, Dominik and Knittel, Lukas and Mainka, Christian and Niemietz, Marcus and Schwenk, Jörg}, date = {2023-11}, publisher = {ACM Press}, location = {Copenhagen, Denmark}, url = {https://www.sigsac.org/ccs/CCS2023/}, eventtitle = {{{CCS}}}, langid = {english}, month = nov }
USENIX
Every Signature Is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures

Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk

In USENIX Security Symposium, Anaheim, CA, USA, accepted papers: 419/1444 = 29%, Aug 2023

Abs Bib PDF Video Code Slides

Microsoft Office is one of the most widely used applications for office documents. For documents of prime importance, such as contracts and invoices, the content can be signed to guarantee authenticity and integrity. Since 2019, security researchers have uncovered attacks against the integrity protection in other office standards like PDF and ODF. Since Microsoft Office documents rely on different specifications and processing rules, the existing attacks are not applicable.
@inproceedings{rohlmannEverySignatureBroken2023, title = {Every {{Signature}} Is {{Broken}}: {{On}} the {{Insecurity}} of {{Microsoft Office}}’s {{OOXML Signatures}}}, booktitle = {{{USENIX Security Symposium}}}, author = {Rohlmann, Simon and Mladenov, Vladislav and Mainka, Christian and Hirschberger, Daniel and Schwenk, Jörg}, date = {2023-08-09}, pages = {18}, publisher = {USENIX Association}, location = {Anaheim, CA, USA}, url = {https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann}, eventtitle = {{{USENIX}}}, langid = {english}, month = aug, }

2022

CCS
DISTINCT: Identity Theft Using In-Browser Communications in Dual-Window Single Sign-On

Louis Jannett, Vladislav Mladenov, Christian Mainka, and Jörg Schwenk

In ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA, accepted papers: 218/971 = 22%, Nov 2022

Abs DOI Bib PDF Code Website

Single Sign-On (SSO) protocols like OAuth 2.0 and OpenID Connect 1.0 are cornerstones of modern web security, and have received much academic attention. Users sign in at a trusted Identity Provider (IdP) that subsequently allows many Service Providers (SPs) to verify the users’ identities. Previous research concentrated on the standardized — called textbook SSO in this paper — authentication flows, which rely on HTTP redirects to transfer identity tokens between the SP and IdP. However, modern web applications like single page apps may not be able to execute the textbook flow because they lose the local state in case of HTTP redirects. By using novel browser technologies, such as postMessage, developers designed and implemented SSO protocols that were neither documented nor analyzed thoroughly. We call them dual-window SSO flows.
@inproceedings{jannettDISTINCTIdentityTheft2022, title = {{{DISTINCT}}: {{Identity Theft}} Using {{In-Browser Communications}} in {{Dual-Window Single Sign-On}}}, booktitle = {{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}}, author = {Jannett, Louis and Mladenov, Vladislav and Mainka, Christian and Schwenk, Jörg}, date = {2022-11-15}, pages = {15}, publisher = {ACM Press}, location = {Los Angeles, CA, USA}, doi = {10.1145/3548606.3560692}, url = {https://distinct-sso.com/}, eventtitle = {{{CCS}}}, langid = {english}, month = nov, }
USENIX
Oops... Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures

Simon Rohlmann, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In USENIX Security Symposium, Boston, MA, USA, accepted papers: 256/1492 = 17%, Aug 2022

Awarded Abs Bib PDF Code Slides

Awarded with the 2nd place on the Cyber Security Awareness Week (CSAW), Applied Research Competition.

OpenDocument is one of the major standards for interoperable office documents. Supported by office suites like Apache OpenOffice, LibreOffice, and Microsoft Office, the OpenDocument Format (ODF) is available for text processing, spreadsheets, and presentations on all major desktop and mobile operating systems. When it comes to governmental and business use cases, OpenDocument signatures can protect the integrity of a document’s content, for example, for contracts, amendments, or bills. Moreover OpenDocument signatures also protect document’s macros. Since the risks of using macros in documents is well-known, modern office applications only enable their execution if a trusted entity signs the macro code. Thus, the security of ODF documents often depends on the correct signature verification. In this paper, we conduct the first comprehensive analysis of OpenDocument signatures and reveal numerous severe threats. We identified five new attacks and evaluated them against 16 office applications on Windows, macOS, Linux, iOS, Android, and two online services. Our investigation revealed 12 out of 18 applications to be vulnerable for macro code execution, although the application only executes macros signed by trusted entities. For 17 of 18 applications, we could spoof the content in a signed ODF document while keeping the signature valid and trusted. Finally, we showed that attackers possessing a signed ODF could alter and forge the signature creation time in 16 of 18 applications. Our research was acknowledged by Microsoft, Apache OpenOffice, and LibreOffice during the coordinated disclosure.
@inproceedings{rohlmannOopsCodeExecution2022, title = {Oops... {{Code Execution}} and {{Content Spoofing}}: {{The First Comprehensive Analysis}} of {{OpenDocument Signatures}}}, booktitle = {{{USENIX Security Symposium}}}, author = {Rohlmann, Simon and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2022-08-10}, pages = {18}, publisher = {USENIX Association}, location = {Boston, MA, USA}, url = {https://www.usenix.org/conference/usenixsecurity22/presentation/rohlmann}, urldate = {2022-05-12}, addendum = {2nd place in the Applied Research Competition (CSAW)}, eventtitle = {{{USENIX}}}, langid = {english}, month = aug, }

2021

CCS
XSinator.Com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers

Lukas Knittel, Christian Mainka, Marcus Niemietz, Dominik Noß, and Jörg Schwenk

In ACM SIGSAC Conference on Computer and Communications Security, Seoul, South Korea (Virtual Conference), accepted papers: 196/879 = 22%, Nov 2021

Awarded Abs DOI Bib PDF Code Website

Awarded with the ACM CCS Best Paper Award.

Cross-Site Leaks (XS-Leaks) describe a client-side bug that allows an attacker to collect side-channel information from a cross-origin HTTP resource. They are a significant threat to Internet privacy since simply visiting a web page may reveal if the victim is a drug addict or leak a sexual orientation. Numerous different attack vectors, as well as mitigation strategies, have been proposed, but a clear and systematic understanding of XS-Leak’ root causes is still missing. Recently, Sudhodanan et al. gave a first overview of XS-Leak at NDSS 2020. We build on their work by presenting the first formal model for XS-Leaks. Our comprehensive analysis of known XSLeaks reveals that all of them fit into this new model. With the help of this formal approach, we (1) systematically searched for new XS-Leak attack classes, (2) implemented XSinator.com, a tool to automatically evaluate if a given web browser is vulnerable to XSLeaks, and (3) systematically evaluated mitigations for XS-Leaks. We found 14 new attack classes, evaluated the resilience of 56 different browser/OS combinations against a total of 34 XS-Leaks, and propose a completely novel methodology to mitigate XS-Leaks.
@inproceedings{knittelXSinatorComFormal2021, title = {{{XSinator}}.Com: {{From}} a {{Formal Model}} to the {{Automatic Evaluation}} of {{Cross-Site Leaks}} in {{Web Browsers}}}, booktitle = {{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}}, author = {Knittel, Lukas and Mainka, Christian and Niemietz, Marcus and Noß, Dominik and Schwenk, Jörg}, date = {2021-11-15}, publisher = {ACM Press}, location = {Seoul, South Korea (Virtual Conference)}, doi = {10.1145/3460120.3484739}, url = {https://dl.acm.org/doi/10.1145/3460120.3484739}, urldate = {2020-12-08}, addendum = {ACM CCS Best Paper Award,}, eventtitle = {{{CCS}}}, langid = {english}, month = nov, }
NDSS
Shadow Attacks: Hiding and Replacing Content in Signed PDFs

Christian Mainka, Vladislav Mladenov, and Simon Rohlmann

In Network and Distributed System Security Symposium, Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021

Abs DOI Bib PDF Video Code

The Portable Document Format, better known as PDF, is one of the most widely used document formats worldwide, and in order to ensure information confidentiality, this file format supports document encryption. In this paper, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels which are based on standard compliant PDF properties. We evaluated our attacks on 27 widely used PDF viewers and found all of them to be vulnerable. We responsibly disclosed the vulnerabilities and supported the vendors in fixing the issues.
@inproceedings{mainkaShadowAttacksHiding2021, title = {Shadow {{Attacks}}: {{Hiding}} and {{Replacing Content}} in {{Signed PDFs}}}, booktitle = {Network and {{Distributed System Security Symposium}}}, author = {Mainka, Christian and Mladenov, Vladislav and Rohlmann, Simon}, date = {2021-02-21}, publisher = {Internet Society}, location = {Virtual Conference}, doi = {10.14722/ndss.2021.24117}, url = {https://www.ndss-symposium.org/ndss-paper/shadow-attacks-hiding-and-replacing-content-in-signed-pdfs/}, eventtitle = {{{NDSS}}}, month = feb, }
NDSS
Processing Dangerous Paths - On Security and Privacy of the Portable Document Format

Jens Müller, Dominik Noß, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In Network and Distributed System Security Symposium, Virtual Conference, accepted papers: 87/573 = 15%, Feb 2021

Abs DOI Bib PDF Video Code Website

PDF is the de-facto standard for document exchange. It is common to open PDF files from potentially untrusted sources such as email attachments or downloaded from the Internet. In this work, we perform an in-depth analysis of the capabilities of malicious PDF documents. Instead of focusing on implementation bugs, we abuse legitimate features of the PDF standard itself by systematically identifying dangerous paths in the PDF file structure. These dangerous paths lead to attacks that we categorize into four generic classes: (1) Denial-ofService attacks affecting the host that processes the document. (2) Information disclosure attacks leaking personal data out of the victim’s computer. (3) Data manipulation on the victim’s system. (4) Code execution on the victim’s machine. An evaluation of 28 popular PDF processing applications shows that 26 of them are vulnerable at least one attack. Finally, we propose a methodology to protect against attacks based on PDF features systematically.
@inproceedings{mullerProcessingDangerousPaths2021, title = {Processing {{Dangerous Paths}} - {{On Security}} and {{Privacy}} of the {{Portable Document Format}}}, booktitle = {Network and {{Distributed System Security Symposium}}}, author = {Müller, Jens and Noß, Dominik and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2021-02-21}, publisher = {Internet Society}, location = {Virtual Conference}, doi = {10.14722/ndss.2021.23109}, url = {https://www.ndss-symposium.org/ndss-paper/processing-dangerous-paths-on-security-and-privacy-of-the-portable-document-format/}, eventtitle = {{{NDSS}}}, month = feb, }
S&P
Breaking the Specification: PDF Certification

Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jörg Schwenk

In IEEE Symposium on Security and Privacy (S&P), Virtual Conference, accepted papers: 115/952 = 12%, May 2021

Abs DOI Bib PDF Code Website

The Portable Document Format (PDF) is the defacto standard for document exchange. The PDF specification defines two different types of digital signatures to guarantee the authenticity and integrity of documents: approval signatures and certification signatures. Approval signatures testify one specific state of the PDF document. Their security has been investigated at CCS’19. Certification signatures are more powerful and flexible. They cover more complex workflows, such as signing contracts by multiple parties. To achieve this goal, users can make specific changes to a signed document without invalidating the signature. This paper presents the first comprehensive security evaluation on certification signatures in PDFs. We describe two novel attack classes – Evil Annotation and Sneaky Signature attacks which abuse flaws in the current PDF specification. Both attack classes allow an attacker to significantly alter a certified document’s visible content without raising any warnings. Our practical evaluation shows that an attacker could change the visible content in 15 of 26 viewer applications by using Evil Annotation attacks and in 8 applications using Sneaky Signature by using PDF specification compliant exploits. We improved both attacks’ stealthiness with applications’ implementation issues and found only two applications secure to all attacks. On top, we show how to gain high privileged JavaScript execution in Adobe. We responsibly disclosed these issues and supported the vendors to fix the vulnerabilities. We also propose concrete countermeasures and improvements to the current specification to fix the issues.
@inproceedings{rohlmannBreakingSpecificationPDF2021, title = {Breaking the {{Specification}}: {{PDF Certification}}}, booktitle = {{{IEEE Symposium}} on {{Security}} and {{Privacy}} ({{S}}\&{{P}})}, author = {Rohlmann, Simon and Mladenov, Vladislav and Mainka, Christian and Schwenk, Jörg}, date = {2021-05}, pages = {1485--1501}, publisher = {IEEE Computer Society}, location = {Virtual Conference}, issn = {2375-1207}, doi = {10.1109/SP40001.2021.00110}, url = {https://doi.ieeecomputersociety.org/10.1109/SP40001.2021.00110}, eventtitle = {S\&{{P}}}, month = may }

2020

WOOT
Office Document Security and Privacy

Jens Müller, Fabian Ising, Christian Mainka, Vladislav Mladenov, and Sebastian Schinzel

In USENIX Workshop on Offensive Technologies (WOOT), Virtual Conference, accepted papers: 12/36 = 33%, May 2020

Abs DOI Bib

OOXML and ODF are the de facto standard data formats for word processing, spreadsheets, and presentations. Both are XML-based, feature-rich container formats dating back to the early 2000s. In this work, we present a systematic analysis of the capabilities of malicious office documents. Instead of focusing on implementation bugs, we abuse legitimate features of the OOXML and ODF specifications. We categorize our attacks into five classes: (1) Denial-of-Service attacks affecting the host on which the document is processed. (2) Invasion of privacy attacks that track the usage of the document. (3) Information disclosure attacks exfiltrating personal data out of the victim’s computer. (4) Data manipulation on the victim’s system. (5) Code execution on the victim’s machine. We evaluated the reference implementations – Microsoft Office and LibreOffice – and found both of them to be vulnerable to each tested class of attacks. Finally, we propose mitigation strategies to counter these attacks.
@inproceedings{mullerOfficeDocumentSecurity2020, title = {Office {{Document Security}} and {{Privacy}}}, booktitle = {{{USENIX}} Workshop on Offensive Technologies ({{WOOT}})}, author = {Müller, Jens and Ising, Fabian and Mainka, Christian and Mladenov, Vladislav and Schinzel, Sebastian}, date = {2020}, pages = {13}, location = {Virtual Conference}, doi = {10.5555/3488877.3488889}, url = {https://dl.acm.org/doi/10.5555/3488877.3488889}, eventtitle = {{{WOOT}}}, langid = {english}, }

2019

CCS
1 Trillion Dollar Refund: How To Spoof PDF Signatures

Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe, and Jörg Schwenk

In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019

Awarded Abs DOI Bib PDF Website

Awarded with the Best Paper Award on the Cyber Security Awareness Week (CSAW), Applied Research Competition.

The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. To guarantee the authenticity and integrity of documents, digital signatures are used. Several public and private services ranging from governments, public enterprises, banks, and payment services rely on the security of PDF signatures. In this paper, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce three novel attack classes which bypass the cryptographic protection of digitally signed PDF files allowing an attacker to spoof the content of a signed PDF. We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and widely used applications such as Adobe Reader DC and Foxit. We additionally evaluated eight online validation services and found six to be vulnerable. A possible explanation for these results could be the absence of a standard algorithm to verify PDF signatures – each client verifies signatures differently, and attacks can be tailored to these differences. We, therefore, propose the standardization of a secure verification algorithm, which we describe in this paper.
@inproceedings{mladenovTrillionDollarRefund2019, title = {1 {{Trillion Dollar Refund}}: {{How To Spoof PDF Signatures}}}, booktitle = {{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}}, author = {Mladenov, Vladislav and Mainka, Christian and {Karsten Meyer zu Selhausen} and Grothe, Martin and Schwenk, Jörg}, date = {2019-11-06}, pages = {1--14}, publisher = {ACM Press}, location = {London, United Kingdom}, doi = {10.1145/3319535.3339812}, url = {https://dl.acm.org/doi/10.1145/3319535.3339812}, urldate = {2020-12-08}, addendum = {CSAW Best Paper Award}, eventtitle = {{{CCS}}}, langid = {english}, month = nov, }
CCS
Practical Decryption exFiltration: Breaking PDF Encryption

Jens Müller, Fabian Ising, Vladislav Mladenov, Christian Mainka, Sebastian Schinzel, and Jörg Schwenk

In ACM SIGSAC Conference on Computer and Communications Security, London, United Kingdom, accepted papers: 149/933 = 16%, Nov 2019

Abs DOI Bib PDF Website

The Portable Document Format, better known as PDF, is one of the most widely used document formats worldwide, and in order to ensure information confidentiality, this file format supports document encryption. In this paper, we analyze PDF encryption and show two novel techniques for breaking the confidentiality of encrypted documents. First, we abuse the PDF feature of partially encrypted documents to wrap the encrypted part of the document within attacker-controlled content and therefore, exfiltrate the plaintext once the document is opened by a legitimate user. Second, we abuse a flaw in the PDF encryption specification to arbitrarily manipulate encrypted content. The only requirement is that a single block of known plaintext is needed, and we show that this is fulfilled by design. Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels which are based on standard compliant PDF properties. We evaluated our attacks on 27 widely used PDF viewers and found all of them to be vulnerable. We responsibly disclosed the vulnerabilities and supported the vendors in fixing the issues.
@inproceedings{mullerPracticalDecryptionExFiltration2019, title = {Practical {{Decryption exFiltration}}: {{Breaking PDF Encryption}}}, booktitle = {{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}}, author = {Müller, Jens and Ising, Fabian and Mladenov, Vladislav and Mainka, Christian and Schinzel, Sebastian and Schwenk, Jörg}, date = {2019-11-06}, pages = {15--29}, publisher = {ACM Press}, location = {London, United Kingdom}, doi = {10.1145/3319535.3354214}, url = {https://dl.acm.org/doi/10.1145/3319535.3354214}, urldate = {2020-12-08}, eventtitle = {{{CCS}}}, langid = {english}, month = nov, }

2018

EuroS&P
More Is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema

Paul Rösler, Christian Mainka, and Jörg Schwenk

In European Symposium on Security and Privacy (Euro S&P), London, United Kingdom, accepted papers: 33/144 = 23%, Nov 2018

Abs DOI Bib

Secure instant messaging is utilized in two variants: one-to-one communication and group communication. While the first variant has received much attention lately (Frosch et al., EuroS&P16; Cohn-Gordon et al., EuroS&P17; Kobeissi et al., EuroS&P17), little is known about the cryptographic mechanisms and security guarantees of secure group communication in instant messaging. To approach an investigation of group instant messaging protocols, we first provide a comprehensive and realistic security model. This model combines security and reliability goals from various related literature to capture relevant properties for communication in dynamic groups. Thereby the definitions consider their satisfiability with respect to the instant delivery of messages. To show its applicability, we analyze three widely used real-world protocols: Signal, WhatsApp, and Threema. Since these protocols and their implementations are mostly undocumented for the public and two out of three applications among them are closed source, we describe the group protocols employed in Signal, WhatsApp, and Threema. By applying our model, we reveal several shortcomings with respect to the security definition. Therefore we propose generic countermeasures to enhance the protocols regarding the required security and reliability goals. Our systematic analysis reveals that (1) the communications’ integrity – represented by the integrity of all exchanged messages – and (2) the groups’ closeness – represented by the members’ ability of managing the group – are not end-to-end protected. We additionally show that strong security properties, such as Future Secrecy which is a core part of the one-to-one communication in the Signal protocol, do not hold for its group communication.
@inproceedings{roslerMoreLessEndtoend2018, title = {More Is Less: {{On}} the End-to-End Security of Group Chats in Signal, {{WhatsApp}}, and Threema}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Rösler, Paul and Mainka, Christian and Schwenk, Jörg}, date = {2018}, pages = {415--429}, publisher = {IEEE}, location = {London, United Kingdom}, doi = {10.1109/eurosp.2018.00036}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2018.00036}, eventtitle = {{{EuroS}}\&{{P}}}, }

2017

ROOTS
On the (in-)Security of JavaScript Object Signing and Encryption

Dennis Detering, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In ROOTS: Proceedings of the 1st Reversing and Offensive-Oriented Trends Symposium, accepted papers: 8/13 = 62%, Nov 2017

Abs DOI Bib

JavaScript Object Notation (JSON) has evolved to the de-facto standard file format in the web used for application configuration, cross- and same-origin data exchange, as well as in Single SignOn (SSO) protocols such as OpenID Connect. To protect integrity, authenticity, and confidentiality of sensitive data, JavaScript Object Signing and Encryption (JOSE) was created to apply cryptographic mechanisms directly in JSON messages. We investigate the security of JOSE and present different applicable attacks on several popular libraries. We introduce JOSEPH (JavaScript Object Signing and Encryption Pentesting Helper) our newly developed Burp Suite extension, which automatically performs security analysis on targeted applications. JOSEPH’s automatic vulnerability detection ranges from executing simple signature exclusion or signature faking techniques, which neglect JSON message integrity, up to highly complex cryptographic Bleichenbacher attacks, breaking the confidentiality of encrypted JSON messages. We found severe vulnerabilities in six popular JOSE libraries. We responsibly disclosed all weaknesses to the developers and helped them to provide fixes.
@inproceedings{deteringSecurityJavaScriptObject2017, title = {On the (in-)Security of {{JavaScript Object Signing}} and {{Encryption}}}, booktitle = {{{ROOTS}}: {{Proceedings}} of the 1st Reversing and Offensive-Oriented Trends Symposium}, author = {Detering, Dennis and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2017-11}, doi = {10.1145/3150376.3150379}, url = {https://dl.acm.org/doi/10.1145/3150376.3150379}, eventtitle = {{{ROOTS}}}, month = nov }
AsiaCCS
SECRET: On the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor

Dennis Felsch, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In ACM Asia Conference on Computer and Communications Security (ASIACCS), Abu Dhabi, UAE, accepted papers: 71/359 = 20%, Apr 2017

Abs DOI Bib Code

Real-time editing tools like Google Docs, Microsoft Office Online, or Etherpad have changed the way of collaboration. Many of these tools are based on Operational Transforms (OT), which guarantee that the views of different clients onto a document remain consistent over time. Usually, documents and operations are exposed to the server in plaintext – and thus to administrators, governments, and potentially cyber criminals. Therefore, it is highly desirable to work collaboratively on encrypted documents. Previous implementations do not unleash the full potential of this idea: They either require large storage, network, and computation overhead, are not real-time collaborative, or do not take the structure of the document into account. The latter simplifies the approach since only OT algorithms for byte sequences are required, but the resulting ciphertexts are almost four times the size of the corresponding plaintexts. We present SECRET, the first secure, efficient, and collaborative real-time editor. In contrast to all previous works, SECRET is the first tool that (1.) allows the encryption of whole documents or arbitrary sub-parts thereof, (2.) uses a novel combination of tree-based OT with a structure preserving encryption, and (3.) requires only a modern browser without any extra software installation or browser extension. We evaluate our implementation and show that its encryption overhead is three times smaller in comparison to all previous approaches. SECRET can even be used by multiple users in a low-bandwidth scenario. The source code of SECRET is published on GitHub as an open-source project: https://github.com/RUB-NDS/SECRET/
@inproceedings{felschSECRETFeasibilitySecure2017, title = {{{SECRET}}: {{On}} the Feasibility of a Secure, Efficient, and Collaborative Real-Time Web Editor}, booktitle = {{{ACM Asia Conference}} on {{Computer}} and {{Communications Security}} ({{ASIACCS}})}, author = {Felsch, Dennis and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2017-04}, publisher = {ACM Press}, location = {Abu Dhabi, UAE}, doi = {10.1145/3052973.3052982}, url = {https://dl.acm.org/doi/10.1145/3052973.3052982}, eventtitle = {{{AsiaCCS}}}, howpublished = {In Submission: AsiaCCS 2017}, month = apr }
EuroS&P
SoK: Single Sign-On Security – An Evaluation of OpenID Connect

Christian Mainka, Vladislav Mladenov, Tobias Wich, and Jörg Schwenk

In European Symposium on Security and Privacy (Euro S&P), Parice, France, accepted papers: 38/194 = 20%, Apr 2017

Abs DOI Bib Code

OpenID Connect is the OAuth 2.0-based replacement for OpenID 2.0 (OpenID) and one of the most important Single Sign-On (SSO) protocols used for delegated authentication. It is used by companies like Amazon, Google, Microsoft, and PayPal. In this paper, we systematically analyze wellknown attacks on SSO protocols and adapt these on OpenID Connect. We additionally introduce two novel attacks on OpenID Connect, Identity Provider Confusion and Malicious Endpoints Attack abusing lacks in the current specification and breaking the security goals of the protocol. We communicated these attacks in 2014 with the authors of the OpenID Connect specification and helped to develop a fix (currently an RFC Draft). We categorize the described attacks in two classes: Single-Phase Attacks abusing a lack of a single security check and Cross-Phase Attacks requiring a complex attack setup and manipulating multiple messages distributed across the whole protocol workflow. We provide an evaluation of officially referenced OpenID Connect libraries and find 75% of them vulnerable to at least one Single-Phase Attack. All libraries are susceptible Cross-Phase Attacks which is not surprising since the attacks abuse a logic flaw in the protocol and not an implementation error. We reported the found vulnerabilities to the developers and helped them to fix the issues. We address the existing problems in a Practical Offensive Evaluation of Single Sign-On Services (PrOfESSOS). PrOfESSOS is our open source implementation for fully automated Evaluation-as-a-Service for SSO. PrOfESSOS introduces a generic approach to improve the security of OpenID Connect implementations by systematically detecting vulnerabilities. In collaboration with the IETF OAuth and OpenID Connect working group, we integrate PrOfESSOS into the OpenID Connect certification process.
@inproceedings{mainkaSoKSingleSignOn2017, title = {{{SoK}}: {{Single Sign-On Security}} – {{An Evaluation}} of {{OpenID}} Connect}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Mainka, Christian and Mladenov, Vladislav and Wich, Tobias and Schwenk, Jörg}, date = {2017-04}, publisher = {IEEE}, location = {Parice, France}, doi = {10.1109/EuroSP.2017.32}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2017.32}, eventtitle = {{{EuroS}}\&{{P}}}, month = apr }
USENIX
Same-Origin Policy: Evaluation in Modern Browsers

Jörg Schwenk, Marcus Niemietz, and Christian Mainka

In USENIX Security Symposium, Vancouver, BC, Canada, accepted papers: 85/572 = 15%, Apr 2017

Abs DOI Bib PDF Video Code Slides Website

The term Same-Origin Policy (SOP) is used to denote a complex set of rules which governs the interaction of different Web Origins within a web application. A subset of these SOP rules controls the interaction between the host document and an embedded document, and this subset is the target of our research (SOP-DOM). In contrast to other important concepts like Web Origins (RFC 6454) or the Document Object Model (DOM), there is no formal specification of the SOP-DOM. In an empirical study, we ran 544 different test cases on each of the 10 major web browsers. We show that in addition to Web Origins, access rights granted by SOPDOM depend on at least three attributes: the type of the embedding element (EE), the sandbox, and CORS attributes. We also show that due to the lack of a formal specification, different browser behaviors could be detected in approximately 23% of our test cases. The issues discovered in Internet Explorer and Edge are also acknowledged by Microsoft (MSRC Case 32703). We discuss our findings in terms of read, write, and execute rights in different access control models.
@inproceedings{schwenkSameoriginPolicyEvaluation2017, title = {Same-Origin Policy: {{Evaluation}} in Modern Browsers}, booktitle = {{{USENIX Security Symposium}}}, author = {Schwenk, Jörg and Niemietz, Marcus and Mainka, Christian}, date = {2017}, pages = {713--727}, publisher = {USENIX Association}, location = {Vancouver, BC, Canada}, doi = {10.5555/3241189.3241245}, url = {https://dl.acm.org/doi/10.5555/3241189.3241245}, eventtitle = {{{USENIX}}}, }

2016

EuroS&P
How Secure Is TextSecure?

Tilman Frosch, Christian Mainka, Christoph Bader, Florian Bergsma, Jörg Schwenk, and Thorsten Holz

In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Mar 2016

Abs DOI Bib

Instant Messaging has gained popularity by users for both private and business communication as low-cost short message replacement on mobile devices. However, until recently, most mobile messaging apps did not protect confidentiality or integrity of the messages. Press releases about mass surveillance performed by intelligence services such as NSA and GCHQ motivated many people to use alternative messaging solutions to preserve the security and privacy of their communication on the Internet. Initially fueled by Facebook’s acquisition of the hugely popular mobile messaging app WHATSAPP, alternatives claiming to provide secure communication experienced a significant increase of new users. A messaging app that claims to provide secure instant messaging and has attracted a lot of attention is TEXTSECURE. Besides numerous direct installations, its protocol is part of Android’s most popular aftermarket firmware CYANOGENMOD. TEXTSECURE’s successor Signal continues to use the underlying protocol for text messaging. In this paper, we present the first complete description of TEXTSECURE’s complex cryptographic protocol, provide a security analysis of its three main components (key exchange, key derivation and authenticated encryption), and discuss the main security claims of TEXTSECURE. Furthermore, we formally prove that—if key registration is assumed to be secure—TEXTSECURE’s push messaging can indeed achieve most of the claimed security goals.
@inproceedings{froschHowSecureTextSecure2016, title = {How Secure Is {{TextSecure}}?}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Frosch, Tilman and Mainka, Christian and Bader, Christoph and Bergsma, Florian and Schwenk, Jörg and Holz, Thorsten}, date = {2016-03}, publisher = {IEEE}, location = {Saarbrücken, Germany}, doi = {10.1109/EuroSP.2016.41}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2016.41}, eventtitle = {{{EuroS}}\&{{P}}}, month = mar }
WOOT
How to Break Microsoft Rights Management Services

Martin Grothe, Christian Mainka, Paul Rösler, and Jörg Schwenk

In USENIX Workshop on Offensive Technologies (WOOT), Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016

Abs DOI Bib Code

Rights Management Services (RMS) are used to enforce access control in a distributed environment, and to cryptographically protect companies’ assets by restricting access rights, for example, to view-only, edit, print, etc., on a per-document basis. One of the most prominent RMS implementations is Microsoft RMS. It can be found in Active Directory (AD) and Azure. Previous research concentrated on generic weaknesses of RMS, but did not present attacks on real world systems. We provide a security analysis of Microsoft RMS and present two working attacks: (1.) We completely remove the RMS protection of a Word document on which we only have a view-only permission, without having the right to edit it. This shows that in contrast to claims made by Microsoft, Microsoft RMS can only be used to enforce all-or-nothing access. (2.) We extend this attack to be stealthy in the following sense: We show how to modify the content of an RMS write-protected Word document issued by our victim. The resulting document still claims to be write protected, and that the modified content was generated by the victim. We show that these attacks are not limited to local instances of Microsoft AD, and can be extended to Azure RMS and Office 365. We responsibly disclosed our findings to Microsoft. They acknowledged our findings (MSRC Case 33210).
@inproceedings{grotheHowBreakMicrosoft2016, title = {How to Break {{Microsoft Rights Management Services}}}, booktitle = {{{USENIX}} Workshop on Offensive Technologies ({{WOOT}})}, author = {Grothe, Martin and Mainka, Christian and Rösler, Paul and Schwenk, Jörg}, date = {2016-08}, publisher = {USENIX Association}, location = {Austin, TX, USA}, doi = {10.5555/3027019.3027022}, url = {https://dl.acm.org/doi/10.5555/3027019.3027022}, eventtitle = {{{WOOT}}}, month = aug }
ARES
Your Cloud in My Company: Modern Rights Management Services Revisited

Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, and Jörg Schwenk

In International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria, accepted papers: 21/85 = 25%, Aug 2016

Abs DOI Bib

We provide a security analysis of modern Enterprise Rights Management (ERM) solutions and reveal security threats. We first take a look on Microsoft Azure, and discuss severe attack surfaces that companies enabling Azure in their own trusted infrastructure have to take care of. In addition, we analyze Tresorit, one of the most frequently used End-to-End encrypted cloud storage systems. Tresorit can use Azure and its Rights Management Services (RMS) module as an additional security layer: a user should be able to either trust Tresorit or Azure. Our systematic evaluation reveals a serious breach to their security architecture: we show that the whole security of Tresorit RMS relies on Tresorit being trusted, independent of trusting Azure.
@inproceedings{grotheYourCloudMy2016, title = {Your Cloud in My Company: {{Modern}} Rights Management Services Revisited}, booktitle = {International Conference on Availability, Reliability and Security ({{ARES}})}, author = {Grothe, Martin and Rösler, Paul and Jupke, Johanna and Kaiser, Jan and Mainka, Christian and Schwenk, Jörg}, date = {2016-08}, location = {Salzburg, Austria}, doi = {10.1109/ARES.2016.69}, url = {https://doi.ieeecomputersociety.org/10.1109/ARES.2016.69}, eventtitle = {{{ARES}}}, month = aug }
EuroS&P
Do Not Trust Me: Using Malicious IdPs for Analyzing and Attacking Single Sign-On

Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In European Symposium on Security and Privacy (Euro S&P), Saarbrücken, Germany, accepted papers: 29/169 = 17%, Aug 2016

Abs DOI Bib Code

Single Sign-On (SSO) systems simplify login procedures by using an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for centralized SSO systems like Kerberos, where each SP explicitly specifies which single IdP it trusts. However, a typical use case for SPs like Salesforce is that each customer is allowed to configure his own IdP. A malicious IdP should however only be able to compromise the security of those accounts on the SP for which it was configured. If different accounts can be compromised, this must be considered as a serious attack. Additionally, in open systems like OpenID and OpenID Connect, the IdP for each customer account is dynamically detected in a discovery phase. Our research goal was to test if this phase can be used to trick a SP into using a malicious IdP for legitimate user accounts. Thus, by introducing a malicious IdP we evaluate in detail the popular and widely deployed SSO protocol OpenID. We found two novel classes of attacks, ID Spoofing (IDS) and Key Confusion (KC), on OpenID, which were not covered by previous research. Both attack classes allow compromising the security of all accounts on a vulnerable SP, even if those accounts were not allowed to use the malicious IdP. As a result, we were able to compromise 12 out the most popular 17 existing OpenID implementations, including Sourceforge, Drupal, ownCloud and JIRA. We developed an open source tool OpenID Attacker, which enables the fully automated and fine granular testing of OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues. One year after our reports, we have evaluated 70 online websites. Some of them have upgraded their libraries and were safe from our attacks, but 26% were still vulnerable.
@inproceedings{mainkaNotTrustMe2016, title = {Do Not Trust Me: {{Using}} Malicious {{IdPs}} for Analyzing and Attacking Single Sign-On}, booktitle = {European {{Symposium}} on {{Security}} and {{Privacy}} ({{Euro S}}\&{{P}})}, author = {Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2016}, pages = {321--336}, publisher = {IEEE}, location = {Saarbrücken, Germany}, doi = {10.1109/eurosp.2016.33}, url = {https://doi.ieeecomputersociety.org/10.1109/EuroSP.2016.33}, eventtitle = {{{EuroS}}\&{{P}}}, organization = {IEEE}, }
WOOT
SoK: XML Parser Vulnerabilities

Christopher Späth, Christian Mainka, Vladislav Mladenov, and Jörg Schwenk

In USENIX Workshop on Offensive Technologies (WOOT), Austin, TX, USA, accepted papers: 21/44 = 47%, Aug 2016

Abs DOI Bib

The Extensible Markup Language (XML) has become a widely used data structure for web services, SingleSign On, and various desktop applications. The core of the entire XML processing is the XML parser. Attacks on XML parsers, such as the Billion Laughs and the XML External Entity (XXE) Attack are known since 2002. Nevertheless even experienced companies such as Google, and Facebook were recently affected by such vulnerabilities. In this paper we systematically analyze known attacks on XML parsers and deal with challenges and solutions of them. Moreover, as a result of our in-depth analysis we found three novel attacks. We conducted a large-scale analysis of 30 different XML parsers of six different programming languages. We created an evaluation framework that applies different variants of 17 XML parser attacks and executed a total of 1459 attack vectors to provide a valuable insight into a parser’s configuration. We found vulnerabilities in 66 % of the default configuration of all tested parses. In addition, we comprehensively inspected parser features to prevent the attacks, show their unexpected side effects, and propose secure configurations.
@inproceedings{spathSoKXMLParser2016, title = {{{SoK}}: {{XML}} Parser Vulnerabilities}, booktitle = {{{USENIX}} Workshop on Offensive Technologies ({{WOOT}})}, author = {Späth, Christopher and Mainka, Christian and Mladenov, Vladislav and Schwenk, Jörg}, date = {2016-08}, location = {Austin, TX, USA}, doi = {10.5555/3027019.3027032}, url = {https://dl.acm.org/doi/10.5555/3027019.3027032}, eventtitle = {{{WOOT}}}, month = aug }

2015

QASA
AdIDoS – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services

Christian Altmeier, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk

In International Workshop on Quantitative Aspects of Security Assurance (QASA), Vienna, Austria, Sep 2015

Abs DOI Bib Code

Denial-of-Service (DoS) attacks aim to affect availability of applications. They can be executed using several techniques. Most of them are based upon a huge computing power that is used to send a large amount of messages to attacked applications, e.g. web services. Web services apply parsing technologies to process incoming XML messages. This enlarges the amount of attack vectors since attackers get new possibilities to abuse specific parser features and complex parsing techniques. Therefore, web service applications apply various countermeasures, including message length or XML element restrictions. These countermeasures make validations of web service robustness against DoS attacks complex and error prone. In this paper, we present a novel adaptive and intelligent approach for testing web services. Our algorithm systematically increases the attack strength and evaluates its impact on a given web serice, using a blackbox approach based on server response times. This allows one to automatically detect message size limits or element count restrictions. We prove the practicability of our approach by implementing a new WS-Attacker plugin and detecting new DoS vulnerabilities in widely used web service implementations.
@inproceedings{altmeierAdIDoSAdaptiveIntelligent2015, title = {{{AdIDoS}} – Adaptive and Intelligent Fully-Automatic Detection of Denial-of-Service Weaknesses in Web Services}, booktitle = {International Workshop on Quantitative Aspects of Security Assurance ({{QASA}})}, author = {Altmeier, Christian and Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, date = {2015-09}, publisher = {ESORICS}, location = {Vienna, Austria}, doi = {10.1007/978-3-319-29883-2_5}, url = {https://dl.acm.org/doi/10.1007/978-3-319-29883-2_5}, eventtitle = {{{QASA}}}, month = sep }
WOOT
How to Break XML Encryption – Automatically

Dennis Kupser, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk

In USENIX Workshop on Offensive Technologies (WOOT), Washington, D.C., USA, accepted papers: 20/57 = 35%, Aug 2015

Abs Bib Code

In the recent years, XML Encryption became a target of several new attacks. These attacks belong to the family of adaptive chosen-ciphertext attacks, and allow an adversary to decrypt symmetric and asymmetric XML ciphertexts, without knowing the secret keys. In order to protect XML Encryption implementations, the World Wide Web Consortium (W3C) published an updated version of the standard. Unfortunately, most of the current XML Encryption implementations do not support the newest XML Encryption specification and offer different XML Security configurations to protect confidentiality of the exchanged messages. Resulting from the attack complexity, evaluation of the security configuration correctness becomes tedious and error prone. Validation of the applied countermeasures can typically be made with numerous XML messages provoking incorrect behavior by decrypting XML content. Up to now, this validation was only manually possible. In this paper, we systematically analyze the chosenciphertext attacks on XML Encryption and design an algorithm to perform a vulnerability scan on arbitrary encrypted XML messages. The algorithm can automatically detect a vulnerability and exploit it to retrieve the plaintext of a message protected by XML Encryption. To assess practicability of our approach, we implemented an open source attack plugin for Web Service attacking tool called WS-Attacker. With the plugin, we discovered new security problems in four out of five analyzed Web Service implementations, including IBM Datapower or Apache CXF.
@inproceedings{kupserHowBreakXML2015, title = {How to Break {{XML Encryption}} – {{Automatically}}}, booktitle = {{{USENIX}} Workshop on Offensive Technologies ({{WOOT}})}, author = {Kupser, Dennis and Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, date = {2015-08}, publisher = {USENIX Association}, location = {Washington, D.C., USA}, url = {https://www.usenix.org/conference/woot15/workshop-program/presentation/kupser}, eventtitle = {{{WOOT}}}, month = aug }
OIS
Automatic Recognition, Processing and Attacking of Single Sign-on Protocols with Burp Suite

Christian Mainka, Vladislav Mladenov, Tim Guenther, and Jörg Schwenk

In Open Identity Summit, Nov 2015

Abs Bib Code

SAML, Mozilla BrowserID, OpenID, OpenID Connect, Facebook Connect, Microsoft Account, OAuth — today’s web applications are supporting a large set of Single Sign-On (SSO) solutions. Some of them have common properties and behavior, others are completely different. This paper will give an overview of modern SSO protocols. We classify them into two groups and show how to distinguish them from each other. We provide EsPReSSO, an open source Burpsuite plugin that identifies SSO protocols automatically in a browser’s HTTP traffic and helps penetration testers and security auditors to manipulate SSO flows easily.
@inproceedings{mainkaAutomaticRecognitionProcessing2015, title = {Automatic Recognition, Processing and Attacking of Single Sign-on Protocols with Burp Suite}, booktitle = {Open Identity Summit}, author = {Mainka, Christian and Mladenov, Vladislav and Guenther, Tim and Schwenk, Jörg}, date = {2015-11}, eventtitle = {{{OIS}}}, month = nov }
SIOT
Not so Smart: On Smart TV Apps

Marcus Niemietz, Juraj Somorovsky, Christian Mainka, and Jörg Schwenk

In International Workshop on Secure Internet of Things (SIoT), Vienna, Austria, Nov 2015

Abs DOI Bib

One of the main characteristics of Smart TVs are apps. Apps extend the Smart TV behavior with various functionalities, ranging from usage of social networks or payed streaming services, to buying articles on Ebay. These actions demand usage of critical data like authentication tokens and passwords, and thus raise a question on new attack scenarios and general security of Smart TV apps. In this paper, we investigate attack models for Smart TVs and their apps, and systematically analyze security of Smart TV devices. We point out that some popular apps, including Facebook, Ebay or Watchever, send login data over unencrypted channels. Even worse, we show that an arbitrary app installed on devices of the market share leader Samsung can gain access to the credentials of a Samsung Single Sign-On account. Therefore, such an app can hijack a complete user account including all his devices like smartphones and tablets connected with it. Based on our findings, we provide recommendations that are of general importance and applicable to areas beyond Smart TVs.
@inproceedings{niemietzNotSmartSmart2015, title = {Not so Smart: {{On}} Smart {{TV}} Apps}, booktitle = {International Workshop on Secure Internet of Things ({{SIoT}})}, author = {Niemietz, Marcus and Somorovsky, Juraj and Mainka, Christian and Schwenk, Jörg}, date = {2015}, pages = {72--81}, publisher = {IEEE Computer Society}, location = {Vienna, Austria}, doi = {10.1109/siot.2015.13}, url = {https://dl.acm.org/doi/10.1109/SIOT.2015.13}, eventtitle = {{{SIOT}}}, organization = {IEEE}, }

2014

CCSW
Your Software at My Service: Security Analysis of SaaS Single Sign-on Solutions in the Cloud

Christian Mainka, Vladislav Mladenov, Florian Feldmann, Julian Krautwald, and Jörg Schwenk

In Proceedings of the 6th Edition of the ACM Workshop on Cloud Computing Security, Scottsdale, Arizona, USA, Oct 2014

Abs DOI Bib

Software-as-a-Service (SaaS) is typically defined as a rental model for using a complex software product, running on a centralized computing platform, using a thin client (most frequently a web browser). As such, it is one of the major categories of Cloud Computing, besides IaaS and PaaS. While there are many economic benefits in using SaaS, each company must nevertheless enforce control over its own data processed in the Cloud. One of the most important building blocks of such an enforcement scheme is Identity Management (IdM), whereat the industry standard for IdM is SAML, the Security Assertion Markup Language. In this paper, we study the security of the SAML implementations of 22 SaaS Cloud Providers (SaaS-CPs) and show that 90% of them can be broken, resulting in company data exposure to attackers on the Internet. The detected vulnerabilities are exploited by a wide variety of attack techniques, ranging from classical web attacks to problems specific to XML processing.
@inproceedings{mainkaYourSoftwareMy2014, title = {Your Software at My Service: {{Security}} Analysis of {{SaaS}} Single Sign-on Solutions in the Cloud}, booktitle = {Proceedings of the 6th Edition of the {{ACM}} Workshop on Cloud Computing Security}, author = {Mainka, Christian and Mladenov, Vladislav and Feldmann, Florian and Krautwald, Julian and Schwenk, Jörg}, date = {2014-10}, location = {Scottsdale, Arizona, USA}, doi = {10.1145/2664168.2664172}, url = {https://dl.acm.org/doi/10.1145/2664168.2664172}, acmid = {2664172}, eventtitle = {{{CCSW}}}, pagetotal = {12}, month = oct }

2013

ZEUS
A New Approach for WS-Policy Intersection Using Partial Ordered Sets

Abeer Elsafie, Christian Mainka, and Jörg Schwenk

In Services and Their Composition (ZEUS), Rostock, Germany, Feb 2013

Abs Bib

WS-Policy is a framework that can be used to describe assertions for web services message exchange. In the context of Service Oriented Architectures and Clouds, where web services are belonging to, machine-to-machine communication is one of its core ideas. When those machines try to apply WS-Policy, mainly two events can occur: First, the machine-exchanged policies have common assertions – there is an intersection. Second, there is no direct intersection and the participants must reach an agreement by minimal adjustments to the policies. This paper introduces a new approach for reaching intersection by computing adjustments to the policies using partial ordering.
@inproceedings{elsafieNewApproachWSPolicy2013, title = {A New Approach for {{WS-Policy}} Intersection Using Partial Ordered Sets}, booktitle = {Services and Their Composition ({{ZEUS}})}, author = {Elsafie, Abeer and Mainka, Christian and Schwenk, Jörg}, date = {2013-02}, series = {{{CEUR}} Workshop Proceedings}, volume = {1029}, pages = {45--48}, publisher = {CEUR-WS.org}, location = {Rostock, Germany}, eventtitle = {{{ZEUS}}}, month = feb }
ICWS
A New Approach towards DoS Penetration Testing on Web Services

Andreas Falkenberg, Christian Mainka, Juraj Somorovsky, and Jörg Schwenk

In International Conference on Web Services (ICWS), Santa Clara, CA, USA, accepted papers: 91/479 = 19%, Jun 2013

Abs DOI Bib

SOAP-based Web services is a middleware technology marketed as the solution to easy data exchange between heterogeneous IT architectures. The large number of scenarios, in which this technology is used, has introduced demands for new extensions raising its complexity. However, this has also introduced a large variety of new attacks. In this paper, we investigate an automatic evaluation of Web service specific Denial of Service (DoS) attacks. We present a new fully automated plugin for the WS-Attacker penetration testing tool implementing major DoS attacks. Our tool determines the attack success without having physical access to the target machine, using a novel blackbox approach. We give an overview of our design decisions and present the evaluation results using common Web service frameworks and systems.
@inproceedings{falkenbergNewApproachDoS2013, title = {A New Approach towards {{DoS}} Penetration Testing on Web Services}, booktitle = {International Conference on Web Services ({{ICWS}})}, author = {Falkenberg, Andreas and Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, date = {2013-06}, pages = {491--498}, publisher = {IEEE}, location = {Santa Clara, CA, USA}, doi = {10.1109/ICWS.2013.72}, url = {https://dl.acm.org/doi/10.1109/ICWS.2013.72}, added-at = {2013-11-06T00:00:00.000+0100}, ee = {http://doi.ieeecomputersociety.org/10.1109/ICWS.2013.72}, eventtitle = {{{ICWS}}}, interhash = {965d5d82b3c79f96a7992362481d1cc5}, intrahash = {63d306b64ea638a8abc1d4e51ca7d63e}, month = jun }

2012

SERVICES
Penetration Testing Tool for Web Services Security

Christian Mainka, Juraj Somorovsky, and Jörg Schwenk

In World Congress on Services (SERVICES), Honolulu, HI, USA, Jun 2012

Abs DOI Bib Code

XML Encryption and XML Signature are fundamental security standards forming the core for many applications which require to process XML-based data. Due to the increased usage of XML in distributed systems and platforms such as in SOA and Cloud settings, the demand for robust and effective security mechanisms increased as well. Recent research work discovered, however, substantial vulnerabilities in these standards as well as in the vast majority of the available implementations. Amongst them, the so-called XML Signature Wrapping attack belongs to the most relevant ones. With the many possible instances of this attack type, it is feasible to annul security systems relying on XML Signature and to gain access to protected resources as has been successfully demonstrated lately for various Cloud infrastructures and services. This paper contributes a comprehensive approach to robust and effective XML Signatures for SOAP-based Web Services. An architecture is proposed, which integrates the required enhancements to ensure a fail-safe and robust signature generation and verification. Following this architecture, a hardened XML Signature library has been implemented. The obtained evaluation results show that the developed concept and library provide the targeted robustness against all kinds of known XML Signature Wrapping attacks. Furthermore the empirical results underline, that these security merits are obtained at low efficiency and performance costs as well as remain compliant with the underlying standards.
@inproceedings{mainkaPenetrationTestingTool2012, title = {Penetration Testing Tool for Web Services Security}, booktitle = {World Congress on Services ({{SERVICES}})}, author = {Mainka, Christian and Somorovsky, Juraj and Schwenk, Jörg}, date = {2012-06}, location = {Honolulu, HI, USA}, doi = {10.1109/services.2012.7}, url = {https://dl.acm.org/doi/10.1109/SERVICES.2012.7}, eventtitle = {{{SERVICES}}}, month = jun }
CLOSER
XSpRES: Robust and Effective XML Signatures for Web Services

Christian Mainka, Meiko Jensen, Luigi Lo Iacono, and Jörg Schwenk

In International Conference on Cloud Computing and Services Science (CLOSER), Porto, Portugal, accepted papers: 15/145 = 10%, Apr 2012

Abs Bib

XML Encryption and XML Signature are fundamental security standards forming the core for many applications which require to process XML-based data. Due to the increased usage of XML in distributed systems and platforms such as in SOA and Cloud settings, the demand for robust and effective security mechanisms increased as well. Recent research work discovered, however, substantial vulnerabilities in these standards as well as in the vast majority of the available implementations. Amongst them, the so-called XML Signature Wrapping attack belongs to the most relevant ones. With the many possible instances of this attack type, it is feasible to annul security systems relying on XML Signature and to gain access to protected resources as has been successfully demonstrated lately for various Cloud infrastructures and services. This paper contributes a comprehensive approach to robust and effective XML Signatures for SOAP-based Web Services. An architecture is proposed, which integrates the required enhancements to ensure a fail-safe and robust signature generation and verification. Following this architecture, a hardened XML Signature library has been implemented. The obtained evaluation results show that the developed concept and library provide the targeted robustness against all kinds of known XML Signature Wrapping attacks. Furthermore the empirical results underline, that these security merits are obtained at low efficiency and performance costs as well as remain compliant with the underlying standards.
@inproceedings{mainkaXSpRESRobustEffective2012a, title = {{{XSpRES}}: {{Robust}} and {{Effective XML Signatures}} for {{Web Services}}}, booktitle = {International Conference on Cloud Computing and Services Science ({{CLOSER}})}, author = {Mainka, Christian and Jensen, Meiko and Iacono, Luigi Lo and Schwenk, Jörg}, date = {2012-04}, pages = {187--197}, location = {Porto, Portugal}, url = {https://www.researchgate.net/publication/267407051_XSpRES_Robust_and_effective_XML_signatures_for_Web_Services}, eventtitle = {{{CLOSER}}}, month = apr }