OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: Artifact binding -- Most effective binding against DOS attacks

In reality, I think that the artifact profile will have limited, if any, impact on DOS attacks.   The IDP still has a AuthnRequest entry point for SSO requests and must process the request as necessary and thus that interface could still be used for enabling a DOS attack by flooding the IdP with bazillions of AuthnRequests long before you ever get to the stage of artifact dereference. 


At first glance one might think that the artifact profile will save the IdP from having to generate the signed Assertion since attackers are not trusted SPs.  However, a) in a DOS attack the IdP usually won’t be generating an assertion anyway since the logins will typically fail, and b) if the attacker does have good credentials (so the IdP would end up creating a good authn session and have to generate assertions at some point), they could still get the assertions to be generated by doing an indirect DOS attack using a multitude of good SPs and driving the IdP attack through those SPs (the attacker essentially initiates Authn sessions at the SPs causing the SPs to flood the IdP with authnRequests & artifact resolutions).


So, from a DOS point of view, I think it doesn’t make a difference.


Of course, there are many other good reasons to use the artifact profile.




From: giorgi moniava [mailto:giorgimoniava@yahoo.com]
Sent: Monday, June 30, 2008 3:48 AM
To: saml-dev@lists.oasis-open.org; Cahill, Conor P
Subject: Artifact binding -- Most effective binding against DOS attacks


Hi all.

Just wanted to ask your opinion about following statement. I think that
artifact based binding has the highest chances to be effectively secured
against DOS attacks. Since, when an IdP received an artifact, which comes
from an malicious SP, and tries to contat her in order to retrieve the corresponding
message using SOAP binding, she will use SSL/TLS with bilateral authentication,
clearly, if she looks up the identitied of the available parties then, requests from
malicious SPs will be blocked (i.e. IdP wont receive SAML 2.0 messages from
them, just artifacts). With POST and GET bindings, IdP is forced to process
a SAML 2.0 message before she can take any action for protecting against DOS.
Does what I wrote make sense?




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]