IETF OAuth Proof-of-Possession

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
1 IETF OAuth Proof-of-Possession Hannes Tschofenig.
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Internet Engineering Task Force Provisioning of Symmetric Keys Working Group Hannes Tschofenig.
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
Cryptography and Network Security Chapter 17
SIP Security Matt Hsu.
ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,
Chapter 8 Web Security.
Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.
OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
OAuth 2.0 Security IETF OAuth WG Conference Call, 14th December 2012.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
OAuth Security Hannes Tschofenig Derek Atkins. State-of-the-Art Design Team work late 2012/early 2013 Results documented in Appendix 3 (Requirements)
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,
Eugene Chang EMU WG, IETF 70
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Web Security : Secure Socket Layer Secure Electronic Transaction.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.
IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
Hannes Tschofenig, Blaine Cook. 6/4/2016 IETF #77, SAAG 2 The Problem.
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Alec Brusilovsky, Zhibi Wang Alcatel-Lucent, July 24, 2007.
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Zhibi Wang January, 2007.
SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.
Web Authorization Protocol (oauth) IETF 90, Toronto Chairs: Hannes Tschofenig, Derek Atkins Responsible AD: Kathleen Moriarty Mailing List:
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
3GPP GBA Overview Adrian Escott.
Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.
TLS Renegotiation Vulnerability IETF-76 Joe Salowey Eric Rescorla
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.
Transport Layer Security (TLS) Extensions: Extension Definitions draft-ietf-tls-rfc4366-bis-00.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect
IETF Provisioning of Symmetric Keys (keyprov) WG Update WG Chairs: Phillip Hallam-Baker Hannes Tschofenig Presentation by Mingliang Pei 05/05/2008.
Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.1,
OAuth WG Conference Call, 11th Jan. 2013
Phil Hunt, Hannes Tschofenig
Chairs: Derek Atkins and Hannes Tschofenig
OAuth2 SCIM Client Registration & Software Statement Exchange
PLUG-N-HARVEST ID: H2020-EU
OAuth Design Team Call 11th February 2013.
Rifaat Shekh-Yusef IETF105, OAuth WG, Montreal, Canada 26 July 2019
IETF102 Montreal Web Authorization Protocol (OAuth)
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens-02
Presentation transcript:

IETF OAuth Proof-of-Possession Hannes Tschofenig

Status Finished various specifications, including OAuth Core: RFC 6749 Bearer Tokens: RFC 6750 Security Threats: RFC 6819 Discussion about an enhancement to Bearer Token security (now called “Proof-of-Possession”) since the early days of the working group. Design Team work late 2012/early 2013, which lead to requirements, use cases, and solution strawman proposals. Work on solution documents lead to new work items.

III II Architecture I Client Resource Server Authorization Server Relevant document: http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/

III II AS <-> Client Interaction I Client Authorization Server Variants: Key Distribution at Access Token Issuance Key Distribution at Client Registration Authorization Server I III II Resource Server Client Relevant specifications: http://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/ http://datatracker.ietf.org/doc/draft-ietf-oauth-proof-of-possession/

AS <-> Client Interaction Example: Symmetric Key Authorization Server Request access token. I support PoP tokens Resource Server Client

AS <-> Client Interaction Example: Symmetric Key AS creates PoP-enabled access token Authorization Server Resource Server Client

PoP Token: Symmetric Key Example { "alg":"RSA1_5", "enc":"A128CBC-HS256", "cty":"jwk+json" } "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "nonce": "n-0S6_WzA2Mj", "exp": 1311281970, "iat": 1311280970, "cnf":{ "jwk": "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJB MTI4Q0JDLUhTMjU2IiwiY3R5IjoiandrK ... (remainder of JWE omitted for brevity)" Binds a symmetric key to the access token { "kty":"oct", "alg":"HS256", "k":"ZoRSOrFzN_FzUA5XKM YoVHyzff5oRJxl-IXRtztJ6uE" }

AS <-> Client Interaction Example: Symmetric Key Authorization Server AS sends access token to Client & symmetric key Resource Server Client

AS <-> Client Interaction AS needs to bind a key to the access token. Key can be an fresh and unique symmetric key, or (ephemeral) public key This requires two extensions: New elements within the JWT to include the (encrypted symmetric key) or the public key. JWT is also integrity protected. Mechanism for conveying ephemeral key from AS to client and for client to provide directives to AS. Details in draft-ietf-oauth-pop-key-distribution Transport symmetric key from AS to client. Transport (ephemeral) asymmetric key from AS to client. Transport public key from client to AS. Algorithm indication

Dynamic Client Registration Attempt to simplify developer interaction with AS when they deploy client applications. Today, developers need to register various parameters (manually), such as Authentication mechanism & client authentication credentials Redirect URIs Grant types Meta data (client name, client logo, scopes, contact information, etc.) Also allows meta-data, including public keys, to be uploaded to AS. Two documents: draft-ietf-oauth-dyn-reg draft-ietf-oauth-dyn-reg-metadata WGLC in progress.

III II Client <-> RS Interaction I Client Authorization Server Building Blocks: Proof of possession of PoP key Message integrity (+ Channel Binding) RS-to-client authentication Authorization Server I III II Resource Server Client Relevant specification : http://datatracker.ietf.org/doc/draft-ietf-oauth-signed-http-request/

AS <-> Client Interaction Example: Symmetric Key Authenticator = Keyed Message Digest Computed Over Request. Authorization Server Resource Server Client AS sends access token to Client & Authenticator

AS <-> Client Interaction Example: Symmetric Key Authorization Server RS “unwraps” access token and obtains symmetric key. RS verifies authenticator. Shared Long Term Key Resource Server Client

Channel Binding Channel bindings bind the application layer security to the underlying channel security mechanism. Various approaches for providing channel bindings: PoP public key use in TLS (as described in HOTK draft) tls-unique: TLS Finish message tls-server-end-point: hash of the TLS server's certificate: Currently, no channel bindings described in <draft-ietf-oauth-signed-http-request> Be aware: New attacks have been identified with TLS-based channel bindings, see http://www.ietf.org/proceedings/89/slides/slides-89-tls-3.pdf

III II RS <-> AS Interaction [optional] I Client Authorization Variants: a) Token introspection b) Out-of-band Authorization Server I III ` II Resource Server Client Relevant specification: http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/

Next Steps Reviews for the document bundle needed. Open Issues will be added to the WG tracker. Main issues with the client<->resource server communication. Challenges: Dealing with intermediaries modifying headers Offering flexibility to developer Reducing payload replicating Minimizing canonicalization Authentication of the server to the client Channel binding functionality