Tuesday, March 1, 2016

Blockchain and SAML


Emperor's new clothes Blockchain and SAML provides an interesting use-case where the increased integrity can be used to strengthen probability and/or to provide a valid revision history that have not been tampered with (within reasonable doubt).

While the data available in a SAML context is very limited it can be together with other supporting tools such as a SIEM provide enough data to prove either or not whatever happened.



Eg. the following text during a successful login

Feb 29 14:17:47 simplesamlphp NOTICE STAT [1dddb4dd04] User 'test' has been successfully authenticated.

sha256: 9a5780abcd0957eb3fc6b69592985b08ef0883decb28901a28c6ad1cf0aa8c36

And the following for a two factor in addition to l/p

2016-02-29 14:17:47 | [1dddb4dd04] 4xxxxxx5

sha256: e8a6bdf19eaa2551a76cc8583149153dc7e2cdceae4f56a330eb07a2034c3341


sha256 +  twofa log
0519e13f6e9afccaea907e8f9f3df007529c2fbbe216c45f8e2cbc5036cce34d

This could be stored in a asset named 'test' since the context is a user with the userid as primary key. The further chaining can follow the within the same asset or be extended to also include more context such as source or destination (webpage).

No comments:

VoWifi leaking IMSI

This is mostly a copy of the working group two blog I worked for when the research was done into the fields of imsi leakage when using voice...