The presentation discusses the challenges of centralization in security and proposes a new authorization token system that supports delegation and attenuation across multiple trust circles. It critiques existing methods like Kerberos, OAuth, and JWT for their complexity and vulnerabilities, and introduces a novel approach using pairing-based cryptography for secure and efficient token management. Additionally, it outlines technical details and encourages further exploration and implementation in various programming environments.

1. Remove centralisation in
Security
Quentin ADAM @waxzce & Geoffroy COUPRIE @gcouprie
Clever Cloud 💡☁️
At API Days Paris 2018

2. Quentin ADAM
@waxzce
CEO @ Clever Cloud
Geoffroy COUPRIE
@gcouprie
Developer @ Clever Cloud

3. 💡☁️

4. Clever Cloud
💡☁️

5. Git push
It’s free to try it out

6. Deploy
&
Application sustainability
European Cloud & on premises

7. Microservice, geo-replication,
resiliency, cooperation…

8. Authorization need to be
distributed

9. Authentication = 🛂
Authorization = 🗝
Transport = 📜
Remember

10. Kerberos
• Authorization + Transport
• Ticket based
• Centralized
• Hard to distribute
• Network intensive
• Not embeddable in the browser

11. RADIUS
• Authentication + Transport
• Centralized
• Hard to distribute
• Network intensive
• Not embeddable in the browser

12. SAML
• Authorization & Authorization on SSO context
• Based on HTTP and browsing
• Complex

13. Cookie
• HTTP only
• Arbitrary data
• Leading to mistake
• Transport / storage
• Tooling and options on the browsers is mature

14. More about cookies, by @hsablonniere
FR :
https://www.youtube.com/watch?
v=KL9MR721c4w
EN:
https://www.youtube.com/watch?
v=y6mwekHkgVQ

15. Oauth
• Delegate Authentication & somehow Authorization
• Implementation non consistent
• Centralized
• Token mess and easy to steal

16. JWT
• Authorization token & transport agnostic
• Can convoy identity

17. JWT
• Heavy token
• Complexity, leading to security issue
• Data Staleness
• No delegation nor attenuation

18. What’s delegation and
attenuation?

19. Macaroons
• Authorization token & transport agnostic
• Can convoy identity

20. Macaroons
• Based on shared secret
• Security weakness
• All validators need to be 100% trusted
• Heavy
• Caveat are not normalized = lot’s of business specific code

21. So, we are not satisfied.

22. Avoid shared secret
And allow the use of the token for multiple trust circles

23. Allow Delegation and attenuation

24. Be small

25. Introducing
Logo by @madgraphism

26. New authorization token
• Transport free
• Fit
• Defining capabilities
• Delegation & Attenuation
• Multiple trust circles ready
• Based on fancy crypto
Logo by @madgraphism

27. Based on HPACK
• Using HPACK (HTTP/2 part) compression oriented format
• K/V model to store data
• Prebuild headers :
• Identity
• Issuer
• Expiration
• Rights

28. Capabilities
• Unique scheme to describes rights
alias * = /.+/
namespace { [+,-][tag,/tag-regexp/]:[feature,/feature-
regexp/](options,/options-regexp/) }
//example
clevercloud { +*:*(*) -/.*prod/:*(*) +*:log(read, drain) }
cleverbench { +rust:metrics(*) }
// another block
clevercloud { -wordpress:log(drain) }

29. Pairing based cryptography
Pairing e: G1 x G2 -> Gt with G1 and G2 additive groups of prime order
q, Gt multiplicative group of order q
with a, b from Fq* finite field of order q
with P from G1, Q from G2
e(aP, bQ) == e(P, Q)^(ab)
More specifically:
e(aP, Q) == e(P, aQ) == e(P,Q)^a
e(P1 + P2, Q) == e(P1, Q) * e(P2, Q)

30. Signature
choose k from Fq* as private key, g2 a generator of G2
public key P = k*g2
Signature S = k*H1(message) with H1 function to hash message to G1
Verifying: knowing message, P and S
e(S, g2) == e( k*H1(message), g2)
== e( H1(message), k*g2)
== e( H1(message), P)

31. Signature aggregation
With messages m1 and m2, public keys P1 and P2
signatures S1 = Sign(k1, m1), S2 = Sign(k2, m2)
the aggregated signature S = S1 + S2
Verifying:
e(S, g2) == e(S1+S2, g2)
== e(S1, g2)*e(S2, g2)
== e(k1*H1(m1), g2) * e(k2*HA(m2), g2)
== e(H1(m1), k1*g2) * e(H1(m2), k2*g2)
== e(H1(m1), P1) * e(H1(m2), P2)

32. Signing tokens
Token 1: [block] sig1
Deriving a token for [block 2] with pubkey P2:
sig2 = Sign(k2, block 2)
S = sig1 + sig2
Token 2: [block 1][block 2] S

33. Technical details
Using curve BLS 12 381
Example of library this can be implemented with:
- pairing crate: https://github.com/zkcrypto/pairing
- mcl: https://github.com/herumi/mcl
No formal proof or audit for now

34. Can be used as SSO

35. Built in revocation mechanism

36. Current Performances
can validate 3 caveats in 1.7ms
size:
public key 128 hex characters
signature 64 hex characters

37. Status
• RFC in less than 20 days on Clever Cloud blog
http://www.clever-cloud.com/blog
• C++/rust implementation
• Wasm ?
• JVM / Java will be ongoing
• Need audit, need comment

38. We are @gcouprie & @waxzce on twitter
Give CLEVER-CLOUD.COM a try
Free credits coupon :
cc-api-18
Thx for listening