Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web

BrowserID is a complex, real-world Single Sign-On (SSO) System for web applications recently developed by Mozilla. This open source system employs new HTML5 features (such as web messaging and web storage) and cryptographic assertions to provide decentralized and federated login, with the intent to respect users' privacy. It can operate in two modes, the primary identity provider mode and the secondary identity provider mode. While in the primary mode BrowserID runs with arbitrary identity providers, in the secondary mode there is one identity provider only, namely Mozilla's default identity provider. In prior work, we have proposed an expressive general model for the web infrastructure and based on this model, we analyzed the security of the secondary identity provider mode of BrowserID. The analysis revealed several severe vulnerabilities. In this paper, we complement our prior work by analyzing the even more complex primary identity provider mode of BrowserID. During the proof, we discovered a new practical and interesting identity injection attack, which violates a central security property of SSO systems. This attack cannot be carried out in the secondary mode. We propose a fix and prove that the fixed system satisfies all security requirements we consider. The security analysis performed in this paper constitutes the most complex formal analysis of a web application based on an expressive model of the web infrastructure. The model that we employ is in fact the most comprehensive such model. Another contribution of this work, besides the analysis of BrowserID, is that we identify and prove important security properties of generic web features in our model. These properties will facilitate future analysis efforts of web standards and web applications using the model.