MFA-ing the Un-MFA-ble - Protecting Auth Systems' Core Secrets

Explore a Black Hat conference talk that delves into protecting authentication systems' core secrets from compromise. Learn about the vulnerabilities of "Golden Secrets" in multi-factor authentication (MFA) systems and discover innovative approaches to mitigate these risks. Examine the SunBurst APT attack, understand SAML token mechanics, and explore hardware-based solutions like HSMs. Dive into advanced concepts such as Threshold Signature Schemes (TSS) and their application in enhancing SAML security. Gain insights into distributed EC-DLP and witness a practical demonstration of TSS SAML flow, equipping you with knowledge to strengthen authentication systems against sophisticated attacks.

Intro
black hat USA 2021
SunBurst: Breach of the year
SunBurst APT
Persistence: APT VS. APT
Persistence in practice
What is SAML
Service Provider (SP)
Identity Provider (IP)
SAML token example
Back to Service Provider
SAML is all about decoupling
Golden SAML: In high level
Problem definition
MFA as a good solution reference
Hardware based solution
HSM for SAML: Scorecard
What if we can have multiple signers?
Threshold Signature Scheme (TSS)
Tribute to Dan Kaminsky
EC-DLP as a billiards game
Distributed EC-DLP: Doubles' billiards game
Threshold Signatures (TSS): 1 becomes 2
TSS SAML flow: In high level
TSS for SAML: Scorecard
Demo Architecture - Setup Phase
Demo Architecture - Signing Phase