In this post, we’ll be looking at the security properties of the Amazon Web Services authentication scheme.
Amazon Web Services Authentication
Amazon requires a per-message authentication scheme for non-anonymous cloud service requests. This model is based on a hash-based message authentication code, or HMAC. When compared to SAML, this type of authentication scheme is much simpler in that there are no implicit distinctions between issuer and subject. Instead, we have the request itself which is authenticated using a keyed message authentication code, based on a shared secret password. Rather than process a confirmation method, the receiver of the message looks up the password for the user id included in the message and computes the keyed code over the message. If the codes come out the same, the receiver has a guarantee that the user has not altered the message and that the user has knowledge of the password.
In contrast to SAML holder-of-key, which relies on the strength of a public-key algorithm, the strength of the authenticator is based on the length of the password and the strength of the hash function. In most cases the resulting authenticate code is included in the HTTP header of the messages sent to the Amazon cloud services, although it can also be sent over as XML payload content. This type of security mechanism is sometimes loosely called a signed request, but in reality a digital signature is based on a single private key, only known to one person. This is an important distinction between a mechanism like holder-of-key and the properties of the Amazon web services HMAC scheme. In the latter case, by definition two entities know the password: The sender and receiver. It is also more likely that with the AWS authentication scheme based on HMAC, multiple senders will share a password and user-id, so Amazon will know that an authenticated account is accessing their service but will not be able to distinguish between how many actual senders (as an account can be shared) are making requests, since they all bear the same user-id and shared secret.
This authentication scheme has the benefits of simplicity, which often translates into increased overall system security. It also has benefits for performance as compared to SAML holder-of-key, which requires a client-side RSA digital signature compared to HMAC, with performance roughly equivalent to a hashing operation and is many times faster.
Next: Final Comparison