Many developers struggle with how to properly secure REST APIs. If you are like me, you followed a process from a trusted provider like Amazon, Google, etc. What if I told you there was a better way? It’s JOSE, a collection of open standards from the IETF that has strong library support. It’s also the basis of OAuth 2.0 and OpenID Connect. Let me show you how to make a highly secure API for today and well into the future built on the framework of JOSE.

1. @adam_englander
Don’t Lose Sleep
Secure Your REST
Adam Englander, iovation

2. @adam_englander
A Little Background About Me
And APIs

3. @adam_englander
This is what I looked
like when I started
working on APIs
It was so long ago that SOAP was the
new hotness.

4. @adam_englander
Over The Years
• 2001 — Global Authentication Service API
• 2008 — Loan Application Ping Tree
• 2010 — Loan Management System API
• 2012 — Advertising Network API
• 2013 — Real Time Loan Risk Assessment API
• 2015 — Decentralized Multi-Factor Authorization API

5. @adam_englander
Some Were More Secure Than
Others

6. @adam_englander
Auth and Crypto Was Messy
• Auth as part of the message added complexity
• Auth outside of the message lost context
• Every implementation was specialized
• Crypto was non-standard and static
• Non-experts had to write a lot of code

7. @adam_englander
My current product, LaunchKey,
suffered as well.

8. @adam_englander
We Identified Gaps
• Authentication was part of the request
• Signature was incomplete on request and absent on
response
• Key rotation was difficult if not impossible
• Algorithms were pinned to lowest common denominator
• To much crypto knowledge required without SDK

9. @adam_englander
JOSE To The Rescue!
Javascript Object Signing and Encryption (JOSE)

10. @adam_englander
Why JOSE?
• Authentication, authorization, encryption, and
data integrity validation are not tied to the
protocol
• OAuth, OpenID, and FIDO adopting the
standard gave it credibility, stability, and
longevity as an IETF working group

11. @adam_englander
What Changed?
• JWT with custom claims used to validate entire
request and critical portions of the response
• JWE to encrypt request and response
• JWA for future proofing cryptography
• JWK for credential rotation
• Removed password entirely

12. @adam_englander
How Did We Do It?

13. @adam_englander
A Whole Lot of JOSE
• JSON Web Token (JWT)
• JSON Web Signature (JWS)
• JSON Web Encryption (JWE)
• JSON Web Algorithm (JWA)
• JSON Web Key (KWK)

14. @adam_englander
JSON Web Signature (JWS)
JWS is comprised of three segments:
1. Header provides key information, signature
algorithm, and optionally content metadata
2. Payload is the data to be signed
3. Signature of the header and payload

15. @adam_englander
JSON Web Token (JWT)
• JWT is actually a JSON Web Signature (JWS)
package with standardized payload in the form
of Claims.
• Provides for credentials, nonce, timestamp, and
duration
• Private claims can be added for extensibility

16. @adam_englander
JSON Web Encryption (JWE)
JSON Web Encryption contains five segments:
1. Header provides key management mode, key
information, key encryption algorithm, content
encryption algorithm, and optionally content metadata
2. Content Encryption Key (CEK) may contain generated
symmetric keys used for encryption and HMAC that
are encrypted using asymmetric key encryption

17. @adam_englander
JSON Web Encryption (JWE)
3. Initialization Vector for encrypting the payload
4. Encrypted payload
5. Authentication tag is an HMAC of the header,
IV, and encrypted payload

18. @adam_englander
JSON Web Algorithm
• Standardized format for expressing encryption
and signature algorithms.
• Used by JWE/JWS with “enc” and “alg” keys in
the header.

19. @adam_englander
JSON Web Key
• Standardized format for expressing keys used
for JWE and JWS.
• Provides for key identification.
• Used by JWE/JWS with number of keys in the
header which are determined by the key type.

20. @adam_englander
The Good — Decoupling
• Authentication, authorization, validation, encryption
and decryption was moved to middleware
• Controllers handled only HTTP/JSON which greatly
reduced code complexity
• Better unit testing across the board
• Reduced development times for new functionality

21. @adam_englander
The Good — OSS Libraries
• We can test our API without requiring our own
client SDK
• Client SDKs are less complex
• OSS contributions are actually possible
• Documentation complexity was reduced

22. @adam_englander
The Good — Uniformity Across APIs
• All APIs will be migrated to JOSE
• Different key implementations are possible
• Shared knowledge across vastly different teams
• Federated authentication is attainable

23. @adam_englander
The Good — Hierarchical Auth
• JWT inclusion of issuer, subject, and audience
allows for a parent to provide credentials for
action on a sibling with proper context.
• JWK allows for easy identification of credentials
used

24. @adam_englander
The Bad
• Some languages have minimal support for
algorithms and strengths
• Some languages have no support for JWE. We
had to write our own minimal Objective-C
implementation
• Some good documentation but a good working
knowledge requires reading RFCs

25. @adam_englander
How We Use JOSE
JOSE Solved Every Problem We Had

26. @adam_englander
Request Example Representation
POST /service/v3/auths HTTP/1.1
Content-Type: application/jose
Content-Length: 112
Authorization: IOV-JWT eyJhb.VuYyI6IkEy.OKOaw
eyJhbGciO.Ppd6dIAkG.71lYoW6jA.t-4rRH6GsoXt0.1DGC4k

27. @adam_englander
JWT Header Example
{
"kid": "09:f7:e0:2f:12:90:be:21:1d:a7:07:a2:66:f1:53:b3",
"alg": "RS256",
"typ": "JWT",
"cty": "JWT"
}

28. @adam_englander
Key Rotation
• Key ID id provided in request and response
• Current and specific public keys are available via
endpoint
• https://api.launchkey.com/public/v3/public-key/
09:f7:e0:2f:12:90:be:21:1d:a7:07:a2:66:f1:53:b3
• https://api.launchkey.com/public/v3/public-key

29. @adam_englander
Key Rotation
{
"kid": "09:f7:e0:2f:12:90:be:21:1d:a7:07:a2:66:f1:53:b3",
"alg": "RS256",
"typ": "JWT",
"cty": "JWT"
}
/v3/public-key/09:f7:e0:2f:12:90:be:21:1d:a7:07:a2:66:f1:53:b3

30. @adam_englander
Request Authorization
• Single use JSON Web Token (JWT) in Authorization
header as Authorization scheme IOV-JWT
• RSA key signature
• Hierarchical ACL: Org -> Dir -> Service
• Token ID as nonce
• Private claims: request

31. @adam_englander
Private Request Claims
• Method
• Path
• Body hash
• Body hash algorithm
• Query parameters

32. @adam_englander
JWT Request Claims Example
{
"iss": "dir:fd57bffe-7391-47c4-94d0-a0ad4b6bc979",
"sub": "svc:d2083969-b5aa-4753-909d-472ce2517fd1",
"aud": "lka",
"iat": 1234567890,
"nbf": 1234567890,
"exp": 1234567895,
"jti": "bec95e07-cee2-4c77-b080-56a8b24b2e54",
"request": {
"meth": "POST",
"path": "/service/v3/auths",
"func": "S256",
"hash": "66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18"
}
}

33. @adam_englander
Hierarchical Credentials
…
"iss": "dir:fd57bffe-7391-47c4-94d0-a0ad4b6bc979",
"sub": "svc:d2083969-b5aa-4753-909d-472ce2517fd1",
"aud": "lka",
…

34. @adam_englander
Timestamp and Duration
…
"iat": 1487244120,
"nbf": 1487244120,
"exp": 1487244125,
…
JWT hash stored until expiration to prevent replay
attacks.

35. @adam_englander
Nonce
…
"jti": "bec95e07-cee2-4c77-b080-56a8b24b2e54",
…

36. @adam_englander
Request Validation
POST /service/v3/auths HTTP/1.1
…
"request": {
"meth": "POST",
"path": "/service/v3/auths",
"func": "S256",
"hash": "66a045b452102c59d840e…"
}
…

37. @adam_englander
Response Authorization
• Single use JSON Web Token (JWT) in custom
header X-IOV-JWT
• RSA key signature
• Hierarchical credentials
• Token ID nonce is echoed
• Private claims: response

38. @adam_englander
Private Response Claims
• Status Code
• Cache-Control Header
• Location Header
• Body hash
• Body hash algorithm

39. @adam_englander
Response Example Representation
HTTP/1.1 201 Created
Content-Type: application/jose
Content-Length: 112
Cache-Control: no-cache
Location: /directory/v3/users/518f5d3e-7cdf-4ef1-…
X-IOV-JWT: eyJhb.VuYyI6IkEy.OKOaw
eyJhbGciO.Ppd6dIAkG.71lYoW6jA.t-4rRH6GsoXt0.1DGC4k

40. @adam_englander
JWT Response Claims Example
{
"iss": "lka",
"sub": "svc:d2083969-b5aa-4753-909d-472ce2517fd1",
"aud": "dir:fd57bffe-7391-47c4-94d0-a0ad4b6bc979",
"iat": 1234567891,
"nbf": 1234567891,
"exp": 1234567896,
"jti": "bec95e07-cee2-4c77-b080-56a8b24b2e54",
"response": {
"status": 201,
"cache": "no-cache",
"location": "/directory/v3/users/518f5d3e-7cdf-4ef1-…",
"func": "S256",
"hash": "66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18"
}
}

41. @adam_englander
Hierarchical Credentials
…
"iss": "lka",
"sub": "svc:d2083969-b5aa-4753-909d-472ce2517fd1",
"aud": "dir:fd57bffe-7391-47c4-94d0-a0ad4b6bc979",
…

42. @adam_englander
Timestamp and Duration
…
"iat": 1487244121,
"nbf": 1487244121,
"exp": 1487244126,
…

43. @adam_englander
Nonce
…
"jti": "bec95e07-cee2-4c77-b080-56a8b24b2e54",
…
Nonce is echoed in JTI to allow for detection of
Man In The Middle attacks

44. @adam_englander
Response Validation
HTTP/1.1 201 Created
Cache-Control: no-cache
Location: /directory/v3/users/518f5d3e-7c…
…
"response": {
"status": 201,
"cache": "no-cache",
"location": "/directory/v3/users/518f5d3e-7c…",
"func": "S256",
"hash": “66a045b452102c59d840ec097d59d9467e13…”
}
…

45. @adam_englander
JWT Creation Example
$jwt = (new JWTCreator(new Signer(['RS512'])))->sign(
[
'iat' => time(),
'exp' => time() + 5,
'jti' => 'abc123',
],
['alg' => 'RS512'],
JWKFactory::createFromKeyFile(
'./private.key'
)
);

46. @adam_englander
JWT Validation Example
$checkerManager = new CheckerManager();
$checkerManager->addClaimChecker(new IssuedAtChecker());
$jwtLoader = new JWTLoader(
$checkerManager,
new Verifier(['RS512'])
);
$keySet = new JWKSet();
$keySet->addKey(JWKFactory::createFromKeyFile(
'./public.key'
));
$jws = $jwtLoader->load($jwt, $keySet);
$jwtLoader->verify($jws, $keySet);

47. @adam_englander
Encrypted Data with JWE
• JWK provides for key rotation
• Combination of RSA and AES encryption is always
used
• Algorithms and modes are always the same
• Key size is variable in allowed range
• Response uses same AES key size as request

48. @adam_englander
JWE Header Example
{
"kid": "09:f7:e0:2f:12:90:be:21:1d:a7:07:a2:66:f1:53:b3",
"alg": “RSA-OAEP-256",
"enc": "A256CBC-HS512",
"cty": “application/json"
}

49. @adam_englander
JWE Encryption Example
$encrypted = JWEFactory::createJWEToCompactJSON(
"Hello World!",
JWKFactory::createFromKeyFile(
'./public.key'
),
[
'enc' => 'A256CBC-HS512',
'alg' => 'RSA-OAEP-256',
'zip' => 'DEF',
]
);

50. @adam_englander
JWE Decryption Example
$decrypted = (new Loader)->loadAndDecryptUsingKey(
$encrypted,
JWKFactory::createFromKeyFile(
'./private.key'
),
['RSA-OAEP-256'], // Acceptable algs
['A256CBC-HS512'] // Acceptable encs
);

51. @adam_englander
Conclusion
• JOSE has made our secure API more secure
• JOSE has made our API easier to use
• JOSE has made our code less complex
• JOSE has homogenized auth and crypto across
multiple platforms regardless of language

52. @adam_englander
Resources
• https://github.com/Spomky-Labs/jose
• https://tools.ietf.org/wg/jose/
• https://jwt.io/

53. Thanks to our
Sponsors!

54. @adam_englander
Please Rate This Talk
https://joind.in/talk/4fea6

55. @adam_englander
If You Want To Follow Up
• @adam_englander
• adam.englander@iovation.com
• https://www.iovation.com/blog/author/aenglander