Paper 2024/828

Post-quantum XML and SAML Single Sign-On

Johannes Müller, University of Lorraine
Jan Oupický, University of Luxembourg
Abstract

Extensible Markup Language (XML) is one of the most popular serialization languages. Since many security protocols are built using XML, it also provides cryptographic functionality. A central framework in this area is the Security Assertion Markup Language (SAML). This standard is one of the most widely used options for implementing Single Sign-On (SSO), which allows users to authenticate to different service providers using the credentials from a single identity provider. Like all other security protocols currently in use, the security and privacy of XML-based frameworks such as SAML is threatened by the development of increasingly powerful quantum computers. In fact, future attackers with access to scalable quantum computers will be able to break the currently used cryptographic building blocks and thus undermine the security of the SAML SSO to illegally access sensitive private information. Post-quantum cryptography algorithms have been developed to protect against such quantum attackers. While many security protocols have been migrated into the quantum age by using post-quantum cryptography, no such solutions for XML and the security protocols based on it have been developed, let alone tested. We make the following contributions to fill this gap. We have designed post-quantum solutions for the cryptographic building blocks in XML and integrated them into the SAML SSO protocol. We implemented our solutions in the OpenSAML, Apache Santuario, and BouncyCastle libraries and extensively tested their performance for various post-quantum instantiations. As a result, we have created a comprehensive and solid foundation for post-quantum XML and post-quantum SAML SSO migration.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. PETS 2024
DOI
10.56553/popets-2024-0128
Keywords
XMLSAMLpost-quantumSSOsingle sign-on
Contact author(s)
johannes mueller @ loria fr
jan oupicky @ uni lu
History
2024-07-24: revised
2024-05-27: received
See all versions
Short URL
https://ia.cr/2024/828
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/828,
      author = {Johannes Müller and Jan Oupický},
      title = {Post-quantum {XML} and {SAML} Single Sign-On},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/828},
      year = {2024},
      doi = {10.56553/popets-2024-0128},
      url = {https://eprint.iacr.org/2024/828}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.