Recommandé
Recommandé
Contenu connexe
Similaire à Token Binding as the Foundation for a More Secure Web
Similaire à Token Binding as the Foundation for a More Secure Web (20)
Plus de Trish McGinity, CCSK
Plus de Trish McGinity, CCSK (16)
Dernier
Dernier (20)
Token Binding as the Foundation for a More Secure Web
- 1. © 2017 Brian Campbell 1 Beyond Bearer Token Binding as the Foundation for a More Secure Web BRIAN CAMPBELL @__b_c © 2017 Brian Campbell
- 2. © 2017 Brian Campbell 2 Formalities, Introductions, Safe Harbor, etc. • Working for Ping Identity since 2004 (The Identity Security Company hailing from CO) – Product Development & Standards • Pretending to have a different/parallel career since ’11 – Presentation MAY contain gratuitous photos • This presentation may contain forward- looking statements and no investment or purchasing decisions should be made based solely on the content herein – Except to hire a photographer for an obscene amount of money "L'Arroseur arrosé” By David Brossard
- 3. © 2017 Brian Campbell 3 Bearer Token • A security token with the property that any party in possession of that token (i.e. the "bearer") can use the token to access the associated resources • No other proof beyond just having it is needed
- 4. © 2017 Brian Campbell 4 The Problem With Bearer Tokens One truth and a lie
- 5. © 2017 Brian Campbell 5 • HTTPS • HttpOnly • secure • HSTS • CSP Mmmm, Cookies The archetypal bearer token • XSS exfiltration • Firesheep • sslstrip • Subdomain Takeovers
- 6. © 2017 Brian Campbell 6 Single Page Apps (everyone is doing it) it's like déjà vu all over again with XSS and local storage
- 7. © 2017 Brian Campbell 7 Token Binding • Enables a long-lived binding of cookies or other security tokens to a client generated public-private key pair © 2017 Brian Campbell
- 8. © 2017 Brian Campbell 8 Threat Landscape is Vast and Complex
- 9. © 2017 Brian Campbell 9 The Core Token Binding Specfications
- 10. © 2017 Brian Campbell 10© 2017 Brian Campbell
- 11. © 2017 Brian Campbell 11 Hello! Do you like my extension?
- 12. © 2017 Brian Campbell 12 Do you even bind tokens, bro? Client Server ClientHello ... token_binding [24] token_binding_version [1,0] key_parameters_list [2,0] ServerHello ... token_binding [24] token_binding_version [1,0] key_parameters_list [2] Key Parameters: (0) rsa2048_pkcs1.5 (1) rsa2048_pss (2) ecdsap256 Also need extenstions: Extended Master Secret Renegotiation Indication TLS Handshake
- 13. © 2017 Brian Campbell 13 Token Binding over HTTPS Client Server GET /stuff HTTP/1.1 Host: example.com Sec-Token-Binding: AIkAAgBBQLgtRpWFPN66kxhxGrtaKrzcMtHw7HV8 yMk_-MdRXJXbDMYxZCWnCASRRrmHHHL5wmpP3bhYt0ChRDbsMapfh_QAQ N1He3Ftj4Wa_S_fzZVns4saLfj6aBoMSQW6rLs19IIvHze7LrGjKyCfPT KXjajebxp-TLPFZCc0JTqTY5_0MBAAAA HTTP Request • Encoded Token Binding Message – (1 or more) Token Bindings • Type (provided / referred) • Token Binding ID (key type and public key) • Signature over type, key type, and EKM (TLS Exported Keying Material) • Extensions • Proves possession of the private key on the TLS connection • Keys are long-lived and span TLS connections
- 14. © 2017 Brian Campbell 14 Binding Cookies • The most straightforward application binds a cookie to the Token Binding key • Server associates Token Binding ID with cookie & checks on subsequent use • Augments existing authentication and session mechanisms • Transparent to users • Deployment can be phased in
- 15. © 2017 Brian Campbell 15 Okay, Just Take It Easy Privacy Nerds Advocates • Token Binding is not a supercookie or new big brother tracking mechanism • Client generates a unique key pair per effective top-level domain + 1 (eTLD+1) – E.g., example.com, www.example.com, and etc.example.com share binding but not example.org or example.co.uk • Same scoping rules and privacy implications as cookies © 2017 Brian Campbell
- 16. © 2017 Brian Campbell 16 What about Cross-Domain Single Sign-on? There’s an HTTP response header for that! Tells the browser that it should reveal the Token Binding ID used between itself and the RP (referred) in addition to the one used between itself and the IDP (provided). Browser Identity Provider (IDP)Relying Party (RP) HTTP/1.1 302 Found Location: https://idp.example.com Include-Referred-Token-Binding-ID: true GET / HTTP/1.1 Host: idp.example.com Sec-Token-Binding: ARIAAgBBQB-XOPf5ePlf7ikATiAFEGOS503 lPmRfkyymzdWwHCxl0njjxC3D0E_OVfBNqrIQxzIfkF7tWby2Zfya E6XpwTsAQBYqhFX78vMOgDX_Fd_b2dlHyHlMmkIz8iMVBY_reM98O UaJFz5IB7PG9nZ11j58LoG5QhmQoI9NXYktKZRXxrYAAAECAEFAdU FTnfQADkn1uDbQnvJEk6oQs38L92gv-KO-qlYadLoDIKe2h53hSiK wIP98iRj_unedkNkAMyg9e2mY4Gp7WwBAeDUOwaSXNz1e6gKohwN4 SAZ5eNyx45Mh8VI4woL1BipLoqrJRoK6dxFkWgHRMuBROcLGUj5Pi OoxybQH_Tom3gAA two bindings at the same time
- 17. © 2017 Brian Campbell 17 Interlude: ‘jot’ or not? A JWT eyJraWQiOiJrMSIsImFsZyI6IkVTMjU2In0.eyJpc3MiOiJodHRwczovL2lzcy5leGFtcGxlLmNvbSIsImF1Z CI6Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmciLCJleHAiOjE1MDkzOTM3NTgsIm5iZiI6MTUwOTM5MzAzOCwic3 ViIjoiYnJpYW4iLCJlbWFpbCI6ImJyaWFuLmNhbXBiZWxsQGV4YW1wbGUuY29tIiwiZ3JvdXBzIjpbImdvb2Q iLCJiYWQiLCJ1Z2x5Il19.hh8DBF1GfhXrf1L2jKJiJzjIESvBYzPc6NKjCZAXaztFQDiFIP2- wfPw_JWBMulQsPJmVKKl-XA1OQWXQKgKiQ The Header {"kid":"k1","alg":"ES256"} The Payload {"iss":"https://iss.example.com", "aud":"https://rp.example.org", "exp":1509393758, "nbf":1509393038, "sub":"brian", "email":"brian.campbell@example.com", "groups":["good","bad","ugly"]} The Signature A quick refresher/introduction to JWT
- 18. © 2017 Brian Campbell 18 Token Binding for OpenID Connect • Utilizes the Include- Referred-Token- Binding-ID header and the Referred Token Binding • Binds the ID Token (JWT) to the Token Binding ID the browser uses between itself and the Relying Party • Uses token binding hash “tbh” member of the JWT confirmation claim “cnf”
- 19. © 2017 Brian Campbell 19 “Demo” • Showing a bound: – ID Token SSO – Session Cookie Browser Identity Provider (IDP) https://idp.example.com Relying Party (RP) https://rp.example.io:3000 http://httpbin.org/
- 20. © 2017 Brian Campbell 20 Unauthenticated access request to RP is redirected for SSO
- 21. © 2017 Brian Campbell 21 Authentication request to the IDP
- 22. © 2017 Brian Campbell 22 ID Token delivered to RP
- 23. © 2017 Brian Campbell 23 Authenticated access to RP
- 24. © 2017 Brian Campbell 24 “Demo” Finished
- 25. © 2017 Brian Campbell 25 Token Binding for OAuth Too • Access tokens with referred Token Binding ID • Refresh tokens with provided Token Binding ID • Authorization codes via PKCE – Native app clients – Web server clients • JWT Authorization Grants and Client Authentication
- 26. © 2017 Brian Campbell 26 Reverse Proxy Deployments Clien t Reverse Proxy GET /stuff HTTP/1.1 Host: example.com Sec-Token-Binding: AIkAAgBBQKzyIrmcY_Yct HVoSHBut69vrGfFdy1_YKTZfFJv6BjrZsKD9b9F RzSBxDs1twTqnAS71M1RBumuihhI9xqxXKkAQEt xe4jeUJU0WezxlQXWVSBFeHxFMdXRBIH_LKOSAu SMOJ0XEw1Q8DE248qkOiRKzw3KdSNYukYEP mO21bQi3YYAAA Origin Server GET /stuff HTTP/1.1 Host: ... Sec-Provided-Token-Binding-ID: AgBB QKzyIrmcY_YCtHVoSHBut69vrGfFdy1_YK TZfFJv6BjrZsKD9b9FRzSBxDs1twTqnAS7 1M1RBumuihhI9xqxXKk (Negotiates) Validates Token Binding message Sanitize headers Passes encoded provided token binding ID as new header (referred too, if applicable) Binds/verifies using token binding ID
- 27. © 2017 Brian Campbell 27 The Landscape (some of it anyway) • 3 IETF Token Binding specs soon to be RFCs • Draft support – Google Chrome & Microsoft Edge/IE – Global on Google servers (since Jan) – .NET Framework (4.6 for server side) – Open source • OpenSSL (https://github.com/google/token_bind) • Apache (https://github.com/zmartzone/mod_token_binding) • NGINX (https://github.com/google/ngx_token_binding) • Java (… er, yeah…) – Online demo at https://www.ietf.org/mail-archive/web/unbearable/current/msg01332.html • OpenID Connect Token Bound Authentication spec is coming along • OAuth 2.0 Token Binding spec is coming along a bit behind that • ‘HTTPS Token Binding with TLS Terminating Reverse Proxies’ spec adopted
- 28. © 2017 Brian Campbell 28 FIN © 2015 Brian Campbell BRIAN CAMPBELL @__b_c