Proposed Documents for JOSE: JSON Web Signature (JWS) JSON Web Encryption (JWE) JSON Web Key (JWK) Mike Jones Standards Architect – Microsoft IETF 82 –

Slides:



Advertisements
Similar presentations
The Emerging JSON/REST-Based Identity Protocol Suite
Advertisements

Web security: SSL and TLS
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
IETF OAuth Proof-of-Possession
1 IETF OAuth Proof-of-Possession Hannes Tschofenig.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.
OpenID Connect Update and Discussion Mountain View Summit – September 12, 2011 Mike Jones – Microsoft John Bradley – Independent Nat Sakimura – Nomura.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
© Neeraj Suri EU-NSF ICT March 2006 DEWSNet Dependable Embedded Wired/Wireless Networks MUET Jamshoro Computer Security: Principles and Practice Slides.
TLS 1.2 and NIST SP A Tim Polk November 10, 2006.
XML Signature Prabath Siriwardena Director, Security Architecture.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
On OAEP, PSS, and S/MIME John Linn RSA Laboratories S/MIME WG, San Diego IETF, 13 December 2000.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
COSE Overview Jim Schaad August Cellars. Willing Changes No crypto compatibility Use of CBOR idioms Partial change of naming schemes.
Class 5 Channels and Preview CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Hannes Tschofenig, Blaine Cook. 6/4/2016 IETF #77, SAAG 2 The Problem.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.
Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.
Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security
Elliptic Curve Cryptography
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
JOSE Working Group 7 November 2013, PST IETF 88 Vancouver.
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-ECDSA Title: Discussion on introducing ECDSA to d for group management Date Submitted: July.
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Slide 1 August 2005, Paris, FranceIETF DNSEXT 2929bis etc. Donald E. Eastlake 3 rd
ECC Design Team: Initial Report Brian Minard, Tolga Acar, Tim Polk November 8, 2006.
S/MIME Working Group Status Russ Housley November 2002 PLEASE SIGN THE BLUE SHEET.
Slide 1 November 2005, Vancouver, BCIETF DNSEXT 2929bis etc. Donald E. Eastlake 3 rd
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Building Secure Microservices
RSA Laboratories’ PKCS Series - a Tutorial
Dan Brown, Certicom Research November 10, 2004
OAuth Assertion Documents
Digital Signatures Last Updated: Oct 14, 2017.
BPSEC Updates Edward Birrane
CDS Hooks HL7 WGM Jan 2018 CDS Working Group Tuesday, January 30, 2018
OpenID Connect Working Group
Introduction to Symmetric-key and Public-key Cryptography
March 2018 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [SG SECN Call for Proposals] Date Submitted:
JOSE New Specs & New Features
OAuth Design Team Call 11th February 2013.
December 2015 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security considerations for 15.3e] Date.
JSON Serialization Specifications: JWS JSON Serialization JWE JSON Serialization Mike Jones August 1, 2012.
Jim Schaad August Cellars
JSON Object Signing and Encryption (JOSE) Working Group
OpenID Connect Working Group
OpenID Enhanced Authentication Profile (EAP) Working Group
IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec
OpenID Enhanced Authentication Profile (EAP) Working Group
draft-ietf-dtn-bpsec-06
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Secret-Key Encryption
Presentation transcript:

Proposed Documents for JOSE: JSON Web Signature (JWS) JSON Web Encryption (JWE) JSON Web Key (JWK) Mike Jones Standards Architect – Microsoft IETF 82 – November 14, 2011

Motivation Clear need for industry-standard JSON-based: – Security Token format – Signature format – Encryption format – Public Key format Specs written and in use filling these needs: – JSON Web Token (JWT) – JSON Web Signature (JWS) – JSON Web Encryption (JWE) – JSON Web Key (JWK)

Design Philosophy Make simple things simple Make complex things possible

Design Goals Easy to use in all modern web development environments Compact, URL-safe representation

Background (1) In October 2010, there were numerous proposed JSON-based token and crypto formats: – JSON Simple Sign and JSON Simple Encrypt – Canvas Applications Signatures – JSON Tokens Clear that agreement would better serve all Mike Jones surveyed features, design decisions – Proposed consensus feature set – based on discussions including Google, Facebook, AOL, NRI, Microsoft, and independent contributors Extensive review, discussions at IIW, Nov 2010 Consensus JWT draft published December 2010

Background (2) JavaScript Message Security Format (JSMS) published in March 2011 by Eric Rescorla & Joe Hildebrand – JSON-based signing and encryption format JWS published in March 2011 (split off from JWT) OAuth JWT Bearer Token Profile published March 2011 At IETF 80 (March 2011), JSMS and JWS authors agreed to work together on unified specs JWK published in April 2011 JWE published in September 2011 – Encryption features from JSMS using JWS-based syntax

Background (3) JWT, JWS, JWE, JWK updated October 2011 – Incorporating feedback from WOES/JOSE members JWT, etc. specs already in use – Google, Microsoft, others – Deployments planned by numerous parties OpenID Connect uses JWT, JWS, JWE, JWK – At least 7 independent implementations

JSON Web Signature (JWS) signature signature Sign arbitrary content using compact JSON-based representation – Includes both true digital signatures and HMACs Representation contains three parts: – Header – Payload – Signature Parts base64url encoded and concatenated, separated by period (‘.’) characters – URL-safe representation

JWS Header Example JWS Header: – {"typ":"JWT", "alg":"HS256"} – Specifies use of HMAC SHA-256 algorithm – Also contains optional content type parameter Base64url encoded JWS Header: – eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9

JWS Payload Example JWS Payload (before base64url encoding): – {"iss":"joe", "exp": , " JWS Payload (after base64url encoding): – eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQo gImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

JWS Signing Input Signature covers both Header and Payload Signing input concatenation of encoded Header and Payload, separated by period – Enables direct signing of output representation Example signing input: – eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3 MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0d HA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ

JWS Signature Example base64url encoded HMAC SHA-256 value: – dBjftJeZ4CVP ‑ mB92K27uhbUJU1p1r_wW1gFWFOEjXk

JWS Header Parameters "alg" – Signature Algorithm (REQUIRED) "jku" – JSON Web Key URL "x5u" – X.509 Public Key URL "x5t" – X.509 Certificate Thumbprint "kid" – Key Identifier "typ" – Type for signed content

JWS Algorithm Identifiers Compact algorithm ( "alg" ) identifiers: – "HS256" – HMAC SHA-256 – "RS256" – RSA SHA-256 – "ES256" – ECDSA with P-256 curve and SHA-256 Other hash sizes also defined: – 384, 512 Other algorithms, identifiers MAY be used "

JSON Web Encryption (JWE) encryption encryption Encrypt arbitrary content using compact JSON- based representation Representation contains three parts: – Header – Encrypted Key – Ciphertext Parts base64url encoded and concatenated, separated by period (‘.’) characters – URL-safe representation

JWE Header Example JWS Header: – {"alg":"RSA1_5", "enc":"A256GCM", "iv":"__79_Pv6-fg", "x5t":"7noOPq-hJ1_hCnvWh6IeYI2w9Q0"} – RSA-PKCS1_1.5 used to encrypt JWE Encrypted Key – AES-256-GCM used to encrypt Plaintext – Initialization Vector value specified – X.509 Certificate Thumbprint specified Header base64url encoded just like JWS

JWE Header Parameters "alg" – Encryption Algorithm for JWE Encrypted Key (REQUIRED) "enc" – Encryption Algorithm for Plaintext (REQUIRED) "iv" – Initialization Vector "epk" – Ephemeral Public Key "zip" – Compression algorithm "jku" – JSON Web Key URL "x5u" – X.509 Public Key URL "x5t" – X.509 Certificate Thumbprint "kid" – Key Identifier "typ" – Type for encrypted content

JWE Key Encryption Alg Identifiers Algorithm ( "alg" ) identifiers: – "RSA1_5" – RSA using RSA-PKCS1-1.5 padding – "RSA-OAEP" – RSA using Optimal Asymmetric Encryption Padding (OAEP) – "ECDH-ES" – Elliptic Curve Diffie-Hellman Ephemeral Static – "A128KW","A256KW" – AES Key Wrap with 128, 256 bit keys – "A128GCM","A256GCM" – AES Galois/Counter Mode (GCM) with 128, 256 bit keys Other algorithms, identifiers MAY be used "

JWE Plaintext Encryption Alg Identifiers Algorithm ( "enc" ) identifiers: – "A128CBC","A256CBC" – AES Cipher Block Chaining (CBC) mode with 128, 256 bit keys – "A128GCM","A256GCM" – AES Galois/Counter Mode (GCM) with 128, 256 bit keys Other algorithms, identifiers MAY be used "

JSON Web Key (JWK) web-key web-key JSON representation of public keys Representation of private keys out of scope

JWK Example {"keyvalues": [ {"algorithm":"EC", "curve":"P-256", "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM", "use":"encryption", "keyid":"1"}, {"algorithm":"RSA", "modulus": "0vx7ag(omitted)Cur-kEgU8awapJzKnqDKgw", "exponent":"AQAB", "keyid":" "} ] }

Refactoring for JOSE JOSE charter specifies four deliverables: – Signing – Encryption – Public Key Representation – Algorithms Profile If accepted by WG, would refactor JWS, JWE, JWK to move algorithms into separate doc

Open Issues Do we also want pure JSON representations? – Not base64url encoded so not URL-safe – Would be usable in HTTP bodies, etc. Do we need additional header parameters? – Public keys by value (rather than by reference) – X.509 certs by value (rather than by reference) Do we specify representation combining encryption and integrity operations? – Would be more compact than nested operations – Would likely result in four-part representation

Related Work W3C Web Cryptography Working Group – – Specifying JavaScript APIs for cryptography – JOSE specs should underlie this WG’s APIs

Next Steps Decide whether to accept JWS, JWE, JWK as JOSE working group documents Determine coordination strategy with W3C Web Cryptography WG Refactor current documents per JOSE charter Submit IETF -00 drafts