Download to read offline
![© 2017 Brian Campbell 12
Do you even bind tokens, bro?
Client Server
ClientHello
...
token_binding [24]
token_binding_version [1,0]
key_parameters_list [2,0]
ServerHello
...
token_binding [24]
token_binding_version [1,0]
key_parameters_list [2]
Key Parameters:
(0) rsa2048_pkcs1.5
(1) rsa2048_pss
(2) ecdsap256
Also need extenstions:
Extended Master Secret
Renegotiation Indication
TLS Handshake](https://image.slidesharecdn.com/csa-co-2017-campbell-tokenbinding-171116165806/75/Token-Binding-as-the-Foundation-for-a-More-Secure-Web-12-2048.jpg)
![© 2017 Brian Campbell 17
Interlude: ‘jot’ or not?
A JWT
eyJraWQiOiJrMSIsImFsZyI6IkVTMjU2In0.eyJpc3MiOiJodHRwczovL2lzcy5leGFtcGxlLmNvbSIsImF1Z
CI6Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmciLCJleHAiOjE1MDkzOTM3NTgsIm5iZiI6MTUwOTM5MzAzOCwic3
ViIjoiYnJpYW4iLCJlbWFpbCI6ImJyaWFuLmNhbXBiZWxsQGV4YW1wbGUuY29tIiwiZ3JvdXBzIjpbImdvb2Q
iLCJiYWQiLCJ1Z2x5Il19.hh8DBF1GfhXrf1L2jKJiJzjIESvBYzPc6NKjCZAXaztFQDiFIP2-
wfPw_JWBMulQsPJmVKKl-XA1OQWXQKgKiQ
The Header
{"kid":"k1","alg":"ES256"}
The Payload
{"iss":"https://iss.example.com",
"aud":"https://rp.example.org",
"exp":1509393758,
"nbf":1509393038,
"sub":"brian",
"email":"brian.campbell@example.com",
"groups":["good","bad","ugly"]}
The Signature
A quick refresher/introduction to JWT](https://image.slidesharecdn.com/csa-co-2017-campbell-tokenbinding-171116165806/75/Token-Binding-as-the-Foundation-for-a-More-Secure-Web-17-2048.jpg)
More Related Content
Similar to Token Binding as the Foundation for a More Secure Web
![OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...](https://cdn.slidesharecdn.com/ss_thumbnails/gluecon2014-oidc-140521065808-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...](https://cdn.slidesharecdn.com/ss_thumbnails/apidays-interface-johannstalk-210709062455-thumbnail.jpg?width=640&height=640&fit=bounds)
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
Token Binding as the Foundation for a More Secure Web
- 1. © 2017 BrianCampbell 1 Beyond Bearer Token Binding as the Foundation for a More Secure Web BRIAN CAMPBELL @__b_c © 2017 Brian Campbell
- 2. © 2017 BrianCampbell 2 Formalities, Introductions, Safe Harbor, etc. • Working for Ping Identity since 2004 (The Identity Security Company hailing from CO) – Product Development & Standards • Pretending to have a different/parallel career since ’11 – Presentation MAY contain gratuitous photos • This presentation may contain forward- looking statements and no investment or purchasing decisions should be made based solely on the content herein – Except to hire a photographer for an obscene amount of money "L'Arroseur arrosé” By David Brossard
- 3. © 2017 BrianCampbell 3 Bearer Token • A security token with the property that any party in possession of that token (i.e. the "bearer") can use the token to access the associated resources • No other proof beyond just having it is needed
- 4. © 2017 BrianCampbell 4 The Problem With Bearer Tokens One truth and a lie
- 5. © 2017 BrianCampbell 5 • HTTPS • HttpOnly • secure • HSTS • CSP Mmmm, Cookies The archetypal bearer token • XSS exfiltration • Firesheep • sslstrip • Subdomain Takeovers
- 6. © 2017 BrianCampbell 6 Single Page Apps (everyone is doing it) it's like déjà vu all over again with XSS and local storage
- 7. © 2017 BrianCampbell 7 Token Binding • Enables a long-lived binding of cookies or other security tokens to a client generated public-private key pair © 2017 Brian Campbell
- 8. © 2017 BrianCampbell 8 Threat Landscape is Vast and Complex
- 9. © 2017 BrianCampbell 9 The Core Token Binding Specfications
- 10. © 2017 BrianCampbell 10© 2017 Brian Campbell
- 11. © 2017 BrianCampbell 11 Hello! Do you like my extension?
- 12. © 2017 BrianCampbell 12 Do you even bind tokens, bro? Client Server ClientHello ... token_binding [24] token_binding_version [1,0] key_parameters_list [2,0] ServerHello ... token_binding [24] token_binding_version [1,0] key_parameters_list [2] Key Parameters: (0) rsa2048_pkcs1.5 (1) rsa2048_pss (2) ecdsap256 Also need extenstions: Extended Master Secret Renegotiation Indication TLS Handshake
- 13. © 2017 BrianCampbell 13 Token Binding over HTTPS Client Server GET /stuff HTTP/1.1 Host: example.com Sec-Token-Binding: AIkAAgBBQLgtRpWFPN66kxhxGrtaKrzcMtHw7HV8 yMk_-MdRXJXbDMYxZCWnCASRRrmHHHL5wmpP3bhYt0ChRDbsMapfh_QAQ N1He3Ftj4Wa_S_fzZVns4saLfj6aBoMSQW6rLs19IIvHze7LrGjKyCfPT KXjajebxp-TLPFZCc0JTqTY5_0MBAAAA HTTP Request • Encoded Token Binding Message – (1 or more) Token Bindings • Type (provided / referred) • Token Binding ID (key type and public key) • Signature over type, key type, and EKM (TLS Exported Keying Material) • Extensions • Proves possession of the private key on the TLS connection • Keys are long-lived and span TLS connections
- 14. © 2017 BrianCampbell 14 Binding Cookies • The most straightforward application binds a cookie to the Token Binding key • Server associates Token Binding ID with cookie & checks on subsequent use • Augments existing authentication and session mechanisms • Transparent to users • Deployment can be phased in
- 15. © 2017 BrianCampbell 15 Okay, Just Take It Easy Privacy Nerds Advocates • Token Binding is not a supercookie or new big brother tracking mechanism • Client generates a unique key pair per effective top-level domain + 1 (eTLD+1) – E.g., example.com, www.example.com, and etc.example.com share binding but not example.org or example.co.uk • Same scoping rules and privacy implications as cookies © 2017 Brian Campbell
- 16. © 2017 BrianCampbell 16 What about Cross-Domain Single Sign-on? There’s an HTTP response header for that! Tells the browser that it should reveal the Token Binding ID used between itself and the RP (referred) in addition to the one used between itself and the IDP (provided). Browser Identity Provider (IDP)Relying Party (RP) HTTP/1.1 302 Found Location: https://idp.example.com Include-Referred-Token-Binding-ID: true GET / HTTP/1.1 Host: idp.example.com Sec-Token-Binding: ARIAAgBBQB-XOPf5ePlf7ikATiAFEGOS503 lPmRfkyymzdWwHCxl0njjxC3D0E_OVfBNqrIQxzIfkF7tWby2Zfya E6XpwTsAQBYqhFX78vMOgDX_Fd_b2dlHyHlMmkIz8iMVBY_reM98O UaJFz5IB7PG9nZ11j58LoG5QhmQoI9NXYktKZRXxrYAAAECAEFAdU FTnfQADkn1uDbQnvJEk6oQs38L92gv-KO-qlYadLoDIKe2h53hSiK wIP98iRj_unedkNkAMyg9e2mY4Gp7WwBAeDUOwaSXNz1e6gKohwN4 SAZ5eNyx45Mh8VI4woL1BipLoqrJRoK6dxFkWgHRMuBROcLGUj5Pi OoxybQH_Tom3gAA two bindings at the same time
- 17. © 2017 BrianCampbell 17 Interlude: ‘jot’ or not? A JWT eyJraWQiOiJrMSIsImFsZyI6IkVTMjU2In0.eyJpc3MiOiJodHRwczovL2lzcy5leGFtcGxlLmNvbSIsImF1Z CI6Imh0dHBzOi8vcnAuZXhhbXBsZS5vcmciLCJleHAiOjE1MDkzOTM3NTgsIm5iZiI6MTUwOTM5MzAzOCwic3 ViIjoiYnJpYW4iLCJlbWFpbCI6ImJyaWFuLmNhbXBiZWxsQGV4YW1wbGUuY29tIiwiZ3JvdXBzIjpbImdvb2Q iLCJiYWQiLCJ1Z2x5Il19.hh8DBF1GfhXrf1L2jKJiJzjIESvBYzPc6NKjCZAXaztFQDiFIP2- wfPw_JWBMulQsPJmVKKl-XA1OQWXQKgKiQ The Header {"kid":"k1","alg":"ES256"} The Payload {"iss":"https://iss.example.com", "aud":"https://rp.example.org", "exp":1509393758, "nbf":1509393038, "sub":"brian", "email":"brian.campbell@example.com", "groups":["good","bad","ugly"]} The Signature A quick refresher/introduction to JWT
- 18. © 2017 BrianCampbell 18 Token Binding for OpenID Connect • Utilizes the Include- Referred-Token- Binding-ID header and the Referred Token Binding • Binds the ID Token (JWT) to the Token Binding ID the browser uses between itself and the Relying Party • Uses token binding hash “tbh” member of the JWT confirmation claim “cnf”
- 19. © 2017 BrianCampbell 19 “Demo” • Showing a bound: – ID Token SSO – Session Cookie Browser Identity Provider (IDP) https://idp.example.com Relying Party (RP) https://rp.example.io:3000 http://httpbin.org/
- 20. © 2017 BrianCampbell 20 Unauthenticated access request to RP is redirected for SSO
- 21. © 2017 BrianCampbell 21 Authentication request to the IDP
- 22. © 2017 BrianCampbell 22 ID Token delivered to RP
- 23. © 2017 BrianCampbell 23 Authenticated access to RP
- 24. © 2017 BrianCampbell 24 “Demo” Finished
- 25. © 2017 BrianCampbell 25 Token Binding for OAuth Too • Access tokens with referred Token Binding ID • Refresh tokens with provided Token Binding ID • Authorization codes via PKCE – Native app clients – Web server clients • JWT Authorization Grants and Client Authentication
- 26. © 2017 BrianCampbell 26 Reverse Proxy Deployments Clien t Reverse Proxy GET /stuff HTTP/1.1 Host: example.com Sec-Token-Binding: AIkAAgBBQKzyIrmcY_Yct HVoSHBut69vrGfFdy1_YKTZfFJv6BjrZsKD9b9F RzSBxDs1twTqnAS71M1RBumuihhI9xqxXKkAQEt xe4jeUJU0WezxlQXWVSBFeHxFMdXRBIH_LKOSAu SMOJ0XEw1Q8DE248qkOiRKzw3KdSNYukYEP mO21bQi3YYAAA Origin Server GET /stuff HTTP/1.1 Host: ... Sec-Provided-Token-Binding-ID: AgBB QKzyIrmcY_YCtHVoSHBut69vrGfFdy1_YK TZfFJv6BjrZsKD9b9FRzSBxDs1twTqnAS7 1M1RBumuihhI9xqxXKk (Negotiates) Validates Token Binding message Sanitize headers Passes encoded provided token binding ID as new header (referred too, if applicable) Binds/verifies using token binding ID
- 27. © 2017 BrianCampbell 27 The Landscape (some of it anyway) • 3 IETF Token Binding specs soon to be RFCs • Draft support – Google Chrome & Microsoft Edge/IE – Global on Google servers (since Jan) – .NET Framework (4.6 for server side) – Open source • OpenSSL (https://github.com/google/token_bind) • Apache (https://github.com/zmartzone/mod_token_binding) • NGINX (https://github.com/google/ngx_token_binding) • Java (… er, yeah…) – Online demo at https://www.ietf.org/mail-archive/web/unbearable/current/msg01332.html • OpenID Connect Token Bound Authentication spec is coming along • OAuth 2.0 Token Binding spec is coming along a bit behind that • ‘HTTPS Token Binding with TLS Terminating Reverse Proxies’ spec adopted
- 28. © 2017 BrianCampbell 28 FIN © 2015 Brian Campbell BRIAN CAMPBELL @__b_c