Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

IdentifierTypeThreatMitigation
STO_1

Information Disclosure

Attack on network :

For memcached/database (whatever the number of nodes) or Ehcache/JBoss cache (on multinodes), data are transfered between nodes using TCP.

These data can be intercepted and scanned to know which TGT is linked to which identity.

Is there a network solution to secure data ?

Should we encrypt data ? All data ? Just the key so that an attacker can find profiles but cannot find the profile given the TGT or ST ?Add an entry to the hardening guide to indicate that single node CAS deployments should prefer to use Ehcache since the communication between CAS and Ehcache will be internal to the JVM. Also, disk persistence should preferably turned off to avoid saving the sensitive data to the disk.

Add an entry to the hardening guide to indicate that the ehcache/jboss replication or the external database/memcached should either be restricted to a private network, or else run over SSL/TLS to protected the data.

Encryption/hashing scheme:

  • TGT should have a hashed TGTID other aspects of the TGT should be encrypted with the TGT.
  • ST should have a hashed STID other aspects of the TGT shoudl be copied to the ST and encrypted with the ST.
  • This will not allow back-channel SLO to work on ticket expiration (see CAS-686)
STO_2Information Disclosure

Attack on disk :

For database/Ehcache cache storage on disk, an attacker can read the content of the stored files and find the identities and their associated TGT.

Should we really use Ehcache to store data on disks : not really performant and secure ?

For database, some encryption mechanism can be enabled on disk stored data.

STO_3SpoofingThe attacker can generate false data and send them to the storage system.Use hash / cryptographic algorithm to prevent attackers from being able to forge keys and store data.

...