Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


End of Bibblio RCM includes -->
11:35 AM
Connect Directly

A New Approach to Securing Authentication Systems' Core Secrets

Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.

BLACK HAT USA 2021 – Advanced persistent threat (APT) groups have long sought credentials to access, move laterally throughout, and persist in target networks. Defenders have attempted to mitigate the risk with multifactor authentication (MFA), which, while effective in most cases, can fall short of protecting the most lucrative data.

This was the crux of Black Hat USA briefing "MFA-ing the Un-MFA-ble: Protecting Auth Systems' Core Secrets," presented today by ZenGo CTO Tal Be'ery and cryptography researcher Matan Hamilis, who demonstrated a new approach to protecting the "golden secrets" at the core of most modern authentication systems.

These secrets, such as KRBTGT for Kerberos or a private key for Security Assertion Markup Language (SAML), are used to cryptographically secure the provision of access tokens and protect their integrity. This makes them a hot target for attackers: When one of these secrets is captured, it allows the holder to issue more golden access tokens offline to take over a system.

But what is SAML? Each modern corporate environment contains many different Web services served by many different vendors, explained Be'ery. Each service has its own form of authentication, which causes problems for defenders: There is no single sign-on, several passwords that employees may forget or reuse, and different forms of MFA for each tool.

With SAML, user management is shifted from the service provider (SP) to an identity provider (IdP), and authentication and directory are decoupled from the service. Instead of worrying about dozens of different apps and their authentication measures, admins configure the IdP to verify all employees' identities. The SP and IdP only communicate with each other with a key pair: The IdP signs with the private key, and the SP verifies with the public key.

A Golden SAML attack occurs when the attackers steal a private key from the identity provider and become a "rogue IdP," Be'ery said. This allows them to generate arbitrary access SAML tokens offline, within the attackers' environment. Doing this would let attackers access a system as any user, in any role, while bypassing security policies and MFA. They could also slip past access monitoring, if access is only monitored by the identity provider, Be'ery said.

The security community saw this technique in the SolarWinds attack, which also marked the first publicly known use of Golden SAML in the wild, he noted. "It seems like every year has its flagship breach; security incident, and this was Sunburst," said Be'ery.

SAML is a persistence technique, and ZenGo's team aimed to solve the problem of Golden SAML and the offline use of the IdP private key. Attackers have a time-limited access to IdP but get a long-term "offline" access to the target's assets.

As a solution reference, Be'ery pointed to MFA, which has largely solved the use of passwords as a persistence mechanism. He used four principles to outline why MFA is a good solution: The password is no longer a single point of failure, the extra factors are different (i.e., "not two passwords"), more factors can be added if needed, and the added factor continues to rotate.

There are issues that prevent defenders from using MFA to protect golden secrets, said Be'ery, such as backward compatibility and lack of orthogonal additional factors. Attackers using Golden SAML can forge an identity with a stolen certificate, so they don't need to know someone's password or other authentication factors.

Could hardware security modules (HSMs) be used to address Golden SAML? In theory, HSMs can sign and prevent direct access to a private key; however, Be'ery then used the same standards he used to evaluate MFA. With HSMs, the private key is still a single point of failure, HSM systems must be continuously updated, and it doesn't scale. "We had gone from software to hardware, but what's next … harder-ware?" Be'ery quipped. Further, he added, HSMs are not short-lived.

Creating A Solution

Be'ery proposed a solution to solving the problem: "What if we can have multiple signers?" he said. In this solution, each token must be signed by multiple parties that are orthogonal; for example, a customer network and another third party. However, it requires changing the signers, which requires changing the standard and getting service providers on board, he noted.

The ZenGo approach involves the Threshold Signature Scheme (TSS), in which a private key is created in a distributed manner and signing is done in a distributed manner. The public key and signature verification remain the same; only the IdP as the signer needs to be updated.

Because the private key is distributed, it's no longer a single point of failure. With distributed protocols, back-and-forth messages are exchanged between parties. In key generation, each party creates a "Share" or their own secret, and using these Shares, parties sign together. The signature looks the same, and it's harder for attackers to steal because they would have to compromise both parties to do so.

"We're not creating the key in one single place and then splitting it and sending it to multiple parties. … This wouldn't help," Be'ery said.

Be'ery applied the same standards he used for MFA to the TSS approach: The private key is decentralized, each share resides in a different environment, and the number of parties is scalable. If two isn't enough, three can be used — or dozens more. Shares can also be rotated without changing the main secret.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file