Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the application of BCM Principles
Download as PPTX, PDF3 likes1,769 views
Nat Sakimura proposes applying the Basin-Cremers-Meier (BCM) principles to strengthen the OAuth 2.0 authorization code grant protocol against network attackers. The BCM principles aim to ensure cryptographic message components uniquely identify their origin and include identities and roles of all agents. Sakimura analyzes how the original OAuth messages satisfy the BCM principles poorly by lacking unique identifiers and integrity protection. He suggests modifications like adding unique redirect URIs, signing requests and responses, and including state/transaction binding IDs to better satisfy the principles and secure OAuth against network attackers.
![© 2016 by Nomura Research Institute. All rights reserved.
Nomura Research Institute
Nat Sakimura
(Co-)Author of:
OpenID Connect Core 1.0
JSON Web Token [RFC7519]
JSON Web Signature [7515]
OAuth PKCE [RFC7636]
OAuth JAR [forthcoming]
Etc.
(Co-)Editor of:
ISO/IEC 29184 Guidelines for online notice and consent
ISO/IEC 29100 AMD: Privacy Framework
ISO/IEC 27551 Requirements for attribute based
unlinkable entity authentication
Etc.
• Research Fellow,
Nomura Research Institute
• Chairman of the Board,
OpenID Foundation
• Chair, Financial API WG
• Head of Japanese delegation to
ISO/IEC JTC 1/SC 27/WG5
• Liaison Officer SC 27/WG5 --
OECD/SPDE
• https://nat.Sakimura.org
• @_nat_en (English)
• @_nat (Japanese)
• Linked.in/natsakimura
• https://www.linkedin.co
m/in/natsakimura
• https://ja.wikipedia.org/
wiki/崎村夏彦
.. and an amateur flutist
(https://youtu.be/3gTCQhTcXL0)](https://image.slidesharecdn.com/future-proofing-oauth-170726150033/85/Future-Proofing-the-OAuth-2-0-Authorization-Code-Grant-Protocol-by-the-application-of-BCM-Principles-2-320.jpg)
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the application of BCM Principles
- 1. Nomura Research Institute #osw17 Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the application of BCM Principles July 14, 2017 Nat Sakimura Nomura Research Institute
- 2. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute Nat Sakimura (Co-)Author of: OpenID Connect Core 1.0 JSON Web Token [RFC7519] JSON Web Signature [7515] OAuth PKCE [RFC7636] OAuth JAR [forthcoming] Etc. (Co-)Editor of: ISO/IEC 29184 Guidelines for online notice and consent ISO/IEC 29100 AMD: Privacy Framework ISO/IEC 27551 Requirements for attribute based unlinkable entity authentication Etc. • Research Fellow, Nomura Research Institute • Chairman of the Board, OpenID Foundation • Chair, Financial API WG • Head of Japanese delegation to ISO/IEC JTC 1/SC 27/WG5 • Liaison Officer SC 27/WG5 -- OECD/SPDE • https://nat.Sakimura.org • @_nat_en (English) • @_nat (Japanese) • Linked.in/natsakimura • https://www.linkedin.co m/in/natsakimura • https://ja.wikipedia.org/ wiki/崎村夏彦 .. and an amateur flutist (https://youtu.be/3gTCQhTcXL0)
- 3. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute BCM Principles P1 Positional tagging. Cryptographic message components should contain information that uniquely identities their origin. In particular, the information should identify the protocol, the protocol variant, the message number, and the particular position within the message, from which the component was sent. P2 Inclusion of identities and their roles. Each cryptographic message component should include information about the identities of all the agents involved in the protocol run and their roles, unless there is a compelling reason to do otherwise. 3 Criteria (a)Unique Source Identifier (b)Protocol + version + msg identifier (c)Full list of actor/roles Basin, D., Cremers, C., Meier, S.: Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication. Journal of Computer Security - Security and Trust Principles archive Volume 21 Issue 6, 817-846 (2013) (a) (b) (c)
- 4. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute Let’s apply! 4 Let’s Play!
- 5. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute RFC6749 OAuth – code grant protocol msgs Authorization Request Authorization Response Token Request Token Response Assume: a network attacker as (e.g. Browser malware) the crypto & TLS are not broken pure RFC6749 – Three parties static OAuth 2.0 5 UA Clien t AS
- 6. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute So, how is RFC6749 (Naïve implementation) doing? Message Parameters (a) Unique Source Identifier (b) Protocol + version identifier (c) Full list of actor/roles Authorization Request response type client id redirect uri scope state Authorization Response code state other extension parameters Token Request grant type code redirect uri client credential/client id . Token Response access token token_type expires_in refresh_token others 6 Combination of parameters are unique for each message type = (b) Good! Legend Required Parameter Optional Parameter Recommended Parameter But the good ends here.
- 7. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute So, how is RFC6749 (Naïve implementation) doing? Message Parameters (a) Unique Source Identifier (b) Protocol + version identifier (c) Full list of actor/roles Authorization Request response type client id redirect uri scope state Client ID is not globally unique. Tampering possible List of params as identifier, but it is not integrity protected No. Authorization Response code state other extension parameters No source identifier As above No Token Request grant type code redirect uri client credential/client id Client ID is not globally unique. OK (as long as there is no OAuth 3.0) No. Token Response access token token_type expires_in refresh_token others No source identifier As above No. 7
- 8. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute 8 It’s a sad state.
- 9. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute Could be tightened up Message Parameters (a) Unique Source Identifier (b) Protocol + version identifier (c) Full list of actor/roles Authorization Request response type client id redirect uri scope state Unique redirect URI + Client ID Request signing (a) + state as the UA identifier / TBID as UA identifier Authorization Response code state other extension parameters Unique redirect URI Response signing (a) + client_id + state as the UA identifier / TBID as UA identifier Token Request grant type code redirect uri client credential/client id Unique redirect URI + Client ID OK (as long as there is no OAuth 3.0) (a) + state as the UA identifier / TBID as UA identifier Token Response access token token_type expires_in refresh_token others Unique redirect URI As above (a) + client_id + state as the UA identifier / TBID as UA identifier 9
- 10. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute Integrity protect the AuthZ Request/Response • draft-ietf-oauth-jwsreq aka OAuth JAR AuthZ Request • Use ID Token as a dethatched signature. • Include new parameter `s_hash` in the ID Token. AuthZ Response 10
- 11. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute Comparison Message Original Parameters Modified Parameters Original Integrity Protection Modified Integrity Protection Authorization Request response type client id redirect uri scope state response type client id redirect uri (uniqeue) scope state/tbid None JAR Authorization Response code state extension params code state redirect uri (uniqeue) client id state/tbid extension params None ID Token + s_hash Token Request grant type code redirect uri client cred/id grant type code redirect uri (uniqeue) client cred/id state/tbid TLS TLS Token Response access token token_type expires_in refresh_token others access token token_type expires_in refresh_token others TLS TLS 11
- 12. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute BCM Principles Satisfied! 12
- 13. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute 13
- 14. © 2016 by Nomura Research Institute. All rights reserved. Nomura Research Institute 14 Science needed!