 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / April 2005Hijacking an SCT
What prevents someone from intercepting a message to a web service, extracting the SCT from it and then using the SCT to sign and encrypt their own malicious messages to the service? My understanding is that SCT is just a bunch of bytes (created by the STS) that the client just sticks in the header each time they makes a request. Is the SCT somehow encrypted into the message so that even if someone intercepted the message it would be difficult to get the SCT out? Here is a (contrived) scenario: Good guy "A" sends an RST message to an STS and gets back an SCT (in the RSTR). Then A starts to do some shopping at a web service provider's site, but is interrupted by a phone call before he's done. Meanwhile Bad guy "B" has monitored this conversation, extracted the SCT from the headers and then, after A leaves, uses that token to make some malicious calls to the web service (e.g. changed A's shipping address, ordered some products and then had them shipped to the new address.) Thanks for any insight. SCTs basically work around two things: and asymmetric key and a symmetric key. The symmetric key is the shared secret. I think it is 10 random bytes (but could be more.) It is generated by the client and sent to the server in the request msg. However it is encrypted with the asymmetric RSA public key first. This means that only the owner of the RSA private key can decrypt it. The RSA private key owner is the server your sending the request to. Now the server can decrypt the symmetric key, create a SCT with the key and cache it. The server sends back the SCT ID which the client will use to create its' own SCT using the same ID and the symmetric key it generated at first. Now both sides have a SCT with the same ID and symmetric key. The asymmetric key is now not needed any longer and only the shared symmetric key is used from now on for this SCT. Client can encrypt and/or sign tokens and soap bodies with the SCT which uses the shared symmetric key to do the encryption (i.e. Rijndale, etc). Only the SCT ID is sent in the clear so the server can look it up in cache and decrypt the soap message elements using the shared key. The SCT ID is not helpful to anyone else on the "wire" as they don't have the symmetric key and can not generate it as it was only sent encrypted the first time using RSA during the SCT request/reply. So man-in-the-middle is not possible. To break it, you would need to break RSA or AES encryption. Or somehow break X509 cert chain verification from the client side to inject your own RSA public key and inject your own box in the middle of the client and server. None of which is really that possible or practical today, so I think it is pretty secure. I would not say impossible, as most anything is possible given the time and resources. SCT also has an option to allow the server to contribute entropy to the symmetric shared key. So both the server and client makeup the shared key. I am unclear how much this would actually add to the security because to break single entropy from the client would still require one to break RSA. So if you could break RSA from the client, I would think you could break RSA from the server. However it does toss more walls into the mix, so I guess it probably useful. If your interested, I did a SCT generator in c# which allows you to use TCP channel (or http) and use only RSA public key on client side without needing certs. I assume MS does something very similar but instead uses public key from the negotiated (and validated) cert. This uses the public key from the SN assembly. http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!303.entry -- William Stacey [MVP] > What prevents someone from intercepting a message to a web service, > extracting the SCT from it and then using the SCT to sign and encrypt their [quoted text clipped - 16 lines] > > Thanks for any insight. William, Thanks for your reply! I was pleasantly surprised to see it, as I had just finished reading your Jan 24th blog "Create SecurityContextTokens without x509 Certs". I was puzzled before reading your blog but now I understand that it is the client that creates the symmetric key and hands it off to the server in the RST. And once the key is established at both ends only the SCT-id needs to be passed. The thing that is troubling me now is that I would like to deploy these web services on a web farm. I've seen, somewhere, that you can have the STS on a machine different from web services' machine but if the SCT is cached on STS how does the Web Service machine access this information? TIA When the soap msg comes in you look for the SCT (you probably need to override some SCT server side method) and then look in cache, if not in cache, look in shared DB table. If not in DB - fail. If in DB, cache it on that machine. (Note any machine can hand out SCTs as long as they export that GetSCT method) Eventually all machines in the farm will have a cached copy of SCT if requests hit all machines at some point. There is a couple articles out their on caching SCT with a DB for web farms. I have not did this myself yet as I have not needed it. It looks pretty straight forward however. Don't have the link handy, but a google should turn them up. Let me know other question on the protocol. Cheers.  SignatureWilliam Stacey [MVP] > William, > [quoted text clipped - 11 lines] > > TIA Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.