Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web

  • Daniel Fett
  • Ralf KüstersEmail author
  • Guido Schmitz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9326)


BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. It employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized login, with the intent to respect users’ privacy. It can operate in a primary and a secondary identity provider mode. While in the primary mode BrowserID runs with arbitrary identity providers, in the secondary mode there is one identity provider only, namely Mozilla’s default identity provider.

We recently proposed an expressive general model for the web infrastructure and, based on this web model, analyzed the security of the secondary identity provider mode of BrowserID. The analysis revealed several severe vulnerabilities, which have been fixed by Mozilla.

In this paper, we complement our prior work by analyzing the even more complex primary identity provider mode of BrowserID. We do not only study authentication properties as before, but also privacy properties. During our analysis we discovered new and practical attacks that do not apply to the secondary mode: an identity injection attack, which violates a central authentication property of SSO systems, and attacks that break the privacy promise of BrowserID and which do not seem to be fixable without a major redesign of the system. Interestingly, some of our attacks on privacy make use of a browser side channel that, to the best of our knowledge, has not gained a lot of attention so far.

For the authentication bug, we propose a fix and formally prove in a slight extension of our general web model that the fixed system satisfies all the authentication requirements we consider. This constitutes the most complex formal analysis of a web application based on an expressive model of the web infrastructure so far.

As another contribution, we identify and prove important security properties of generic web features in the extended web model to facilitate future analysis efforts of web standards and web applications.

Supplementary material


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL 2001, pp. 104–115. ACM Press (2001)Google Scholar
  2. 2.
    Akhawe, D., Barth, A., Lam, P.E., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: CSF 2010, pp. 290–304. IEEE Computer Society (2010)Google Scholar
  3. 3.
    Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, M.L.: Formal analysis of SAML 2.0 Web browser single sign-on: breaking the SAML-based single sign-on for Google Apps. In: FMSE 2008, pp. 1–10. ACM (2008)Google Scholar
  4. 4.
    Bai, G., Lei, J., Meng, G., Venkatraman, S.S., Saxena, P., Sun, J., Liu, Y., Dong, J.S.: AUTHSCAN: automatic extraction of web authentication protocols from implementations. In: NDSS 2013. The Internet Society (2013)Google Scholar
  5. 5.
    Bamberg, W., et al.: Persona FAQ. Mozilla Developer Network Wiki. Accessed 29 September 2013
  6. 6.
    Bansal, C., Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Keys to the cloud: formal analysis and concrete attacks on encrypted web storage. In: Basin, D., Mitchell, J.C. (eds.) POST 2013. LNCS, vol. 7796, pp. 126–146. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  7. 7.
    Bansal, C., Bhargavan, K., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. In: CSF 2012, pp. 247–262. IEEE Computer Society (2012)Google Scholar
  8. 8.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW-14, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  9. 9.
    Bugzilla@Mozilla. Bug 1064254 - Identity Injection Attack on Persona by Malicious IdP, September 2014. (access restricted)
  10. 10.
    Bugzilla@Mozilla. Bug 1120255 - Privacy leak in Persona, January 2015. (access restricted)
  11. 11.
    Chari, S., Jutla, C.S., Roy, A.: Universally Composable Security Analysis of OAuth v2.0. IACR Cryptology ePrint Archive, 2011:526 (2011)Google Scholar
  12. 12.
    Dietz, M., Wallach, D.S.: Hardening persona - improving federated web login. In: NDSS 2014. The Internet Society (2014)Google Scholar
  13. 13.
    Fett, D., Küsters, R., Schmitz, G.: An expressive model for the web infrastructure: definition and application to the BrowserID SSO System. In: S&P 2014, pp. 673–688. IEEE Computer Society (2014)Google Scholar
  14. 14.
    Fett, D., Küsters, R., Schmitz, G.: Analyzing the BrowserID SSO system with primary identity providers using an expressive model of the web. Technical report (2014).
  15. 15.
    HTML5, W3C Recommendation, 28 October 2014Google Scholar
  16. 16.
    Jackson, D.: Alloy: a new technology for software modelling. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, p. 20. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  17. 17.
    Kerschbaum, F.: Simple cross-site attack prevention. In: SecureComm 2007, pp. 464–472. IEEE Computer Society (2007)Google Scholar
  18. 18.
    Kumar, A.: A lightweight formal approach for analyzing security of web protocols. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 192–211. Springer, Heidelberg (2014) Google Scholar
  19. 19.
    Mills, C.: Introducing BrowserID: a better way to sign in. Identity at Mozilla, 14 July 2011.
  20. 20.
    Mozilla Identity Team: BrowserID Source Code. BrowserID Repository.
  21. 21.
    Mozilla Identity Team: Persona.
  22. 22.
    Mozilla Identity Team: Persona. Mozilla developer network. Accessed 15 October 2014
  23. 23.
    Somorovsky, J., Mayer, A., Schwenk, J., Kampmann, M., Jensen, M.: On breaking SAML: be whoever you want to be. In: USENIX Security 2012, pp. 397–412. USENIX Association (2012)Google Scholar
  24. 24.
    Sun, S.-T., Beznosov, K.: The devil is in the (implementation) details: an empirical analysis of OAuth SSO systems. In: CCS 2012, pp. 378–390. ACM (2012)Google Scholar
  25. 25.
    Sun, S.-T., Hawkey, K., Beznosov, K.: Systematically breaking and fixing OpenID security: formal analysis, semi-automated empirical evaluation, and practical countermeasures. Comput. Secur. 31(4), 465–483 (2012)CrossRefGoogle Scholar
  26. 26.
    Wang, R., Chen, S., Wang, X.: Signing me onto your accounts through Facebook and Google: a traffic-guided security study of commercially deployed single-sign-on web services. In: S&P 2012, pp. 365–379. IEEE Computer Society (2012)Google Scholar
  27. 27.
    Web Storage - W3C Recommendation, 30 July 2013.

Copyright information

© Springer International Publishing Switzerland 2015

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  1. 1.University of TrierTrierGermany

Personalised recommendations