More Related Content Similar to Token Binding Identiverse 2018 (20) More from Brian Campbell (13) Token Binding Identiverse 2018 1. © 2018 Brian Campbell @__b_c
Token Binding2018
BRIAN
CAMPBELL
@__b_c
3. © 2018 Brian Campbell @__b_c
About Me
Distinguished Engineer
at Ping Identity
&
Official Unofficial Identiverse
(formerly CIS) Photographer
5. © 2018 Brian Campbell @__b_c
Yes, been pretending to
have a career as a
“photographer” since 2011
“L’Arroseur Arrosé”
by
David Brossard
6. © 2018 Brian Campbell @__b_c
FAQ
Do you have any actual
qualifications?
8. © 2018 Brian Campbell @__b_c
FAQ
Didn’t you do this talk last year?
10. © 2018 Brian Campbell @__b_c
FAQ
Can you just get on with it already?
11. © 2018 Brian Campbell @__b_c
yes… after just this one more photo
12. © 2018 Brian Campbell @__b_c
What is a Bearer Token?
• A security token with the
property that any party in
possession of that token
(i.e. the "bearer") can use
the token to access the
associated resources
• No other proof beyond
just having it is needed
13. © 2018 Brian Campbell @__b_c
The Problem With Bearer Tokens
Two Truths and a Lie
14. © 2018 Brian Campbell @__b_c
Bearer Tokens are Everywhere
15. © 2018 Brian Campbell @__b_c© 2017 Brian Campbell
The
Room
Where It
Happens
Token Binding
for binding
tokens
16. © 2018 Brian Campbell @__b_c
Token Binding Overview
• Enables a long-lived binding of cookies or other security tokens to a
client generated public-private key pair
• Use is negotiated in TLS handshake via TLS extension
• Possession of key is proven by signing the EKM (TLS Exported Keying
Material) and sending an HTTP header in every request
• Cookies and tokens can be bound to the key
• Key is scoped to the effective top-level domain + 1
• Federated use-cases supported via referred token binding (vs.
provided)
17. © 2018 Brian Campbell @__b_c
Hello! Do you like my extension?
18. © 2018 Brian Campbell @__b_c
Do you even bind tokens, bro?
Client Server
ClientHello
...
token_binding [24]
token_binding_version [1,0]
key_parameters_list [2,0]
ServerHello
...
token_binding [24]
token_binding_version [1,0]
key_parameters_list [2]
Key Parameters:
(0) rsa2048_pkcs1.5
(1) rsa2048_pss
(2) ecdsap256
Also need extenstions:
Extended Master Secret
Renegotiation Indication
TLS Handshake
19. © 2018 Brian Campbell @__b_c
Token Binding over HTTPS
Client Server
GET /stuff HTTP/1.1
Host: example.com
Sec-Token-Binding: AIkAAgBBQLgtRpWFPN66kxhxGrtaKrzcMtHw7HV8
yMk_-MdRXJXbDMYxZCWnCASRRrmHHHL5wmpP3bhYt0ChRDbsMapfh_QAQ
N1He3Ftj4Wa_S_fzZVns4saLfj6aBoMSQW6rLs19IIvHze7LrGjKyCfPT
KXjajebxp-TLPFZCc0JTqTY5_0MBAAAA
HTTP Request
• Encoded Token Binding Message
– (1 or more) Token Bindings
• Type (provided / referred)
• Token Binding ID (key type and public key)
• Signature over type, key type, and EKM (TLS Exported Keying Material)
• Extensions
• Proves possession of the private key on the TLS connection
• Keys are long-lived and span TLS connections
• Keys are generated by the client
20. © 2018 Brian Campbell @__b_c
Binding Cookies
• The most straightforward application binds a cookie to the Token Binding key
• Server associates Token Binding ID (key) with cookie & checks on subsequent use
• Prevents the cookie from being used by a party that doesn’t have the key
• Augments existing authentication and session mechanisms
• Transparent to users
• No key distribution (or certificates)
• Deployment can be phased in
21. © 2018 Brian Campbell @__b_c
Okay, Just Take It Easy Privacy Nerds Advocates
• Token Binding is not a
supercookie or new big brother
tracking mechanism
• Client generates a unique key
pair per effective top-level
domain + 1 (eTLD+1)
– E.g., example.com, www.example.com,
and etc.example.com share binding but
not example.org or example.co.uk
• Same scoping rules and privacy
implications as cookies
22. © 2018 Brian Campbell @__b_c
But what if we need 2Federate?
• There’s an HTTP response header that tells the browser that it should reveal the
Token Binding ID (the key) used between itself and the RP (referred) in addition to
the one used between itself and the IDP (provided)
Browser
Identity Provider (IDP)Relying Party (RP)
HTTP/1.1 302 Found
Location: https://idp.example.com
Include-Referred-Token-Binding-ID: true
GET / HTTP/1.1
Host: idp.example.com
Sec-Token-Binding: ARIAAgBBQB-XOPf5ePlf7ikATiAFEGOS503
lPmRfkyymzdWwHCxl0njjxC3D0E_OVfBNqrIQxzIfkF7tWby2Zfya
E6XpwTsAQBYqhFX78vMOgDX_Fd_b2dlHyHlMmkIz8iMVBY_reM98O
UaJFz5IB7PG9nZ11j58LoG5QhmQoI9NXYktKZRXxrYAAAECAEFAdU
FTnfQADkn1uDbQnvJEk6oQs38L92gv-KO-qlYadLoDIKe2h53hSiK
wIP98iRj_unedkNkAMyg9e2mY4Gp7WwBAeDUOwaSXNz1e6gKohwN4
SAZ5eNyx45Mh8VI4woL1BipLoqrJRoK6dxFkWgHRMuBROcLGUj5Pi
OoxybQH_Tom3gAA
two bindings:
provided and
referred
23. © 2018 Brian Campbell @__b_c
The Specifications
• Base
– TLS Extension for Token Binding Protocol Negotiation
https://tools.ietf.org/html/draft-ietf-tokbind-negotiation
– The Token Binding Protocol
https://tools.ietf.org/html/draft-ietf-tokbind-protocol
– Token Binding over HTTP
https://tools.ietf.org/html/draft-ietf-tokbind-https
• OIDC
– OpenID Connect Token Bound Authentication
http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html
• OAuth
– OAuth 2.0 Token Binding
https://tools.ietf.org/html/draft-ietf-oauth-token-binding
• Deployment
– HTTPS Token Binding with TLS Terminating Reverse Proxies
https://tools.ietf.org/html/draft-ietf-tokbind-ttrp
24. © 2018 Brian Campbell @__b_c
Base Specifications
• Token Binding Negotiation, Protocol, and HTTP basically define
what was described in the overview
• All 3 IETF drafts are in the final
throes of the IETF process, which
is getting close* to RFC status
Draft support in Google Chrome & Microsoft Edge/IE, .NET
Framework, Google servers, open source work in OpenSSL,
Apache, NGINX and Java
25. © 2018 Brian Campbell @__b_c
OpenID Connect Token
Bound Authentication
• Utilizes the Include-Referred-Token-
Binding-ID header and the Referred
Token Binding
• Binds the ID Token to the Token Binding
ID the browser uses between itself and
the Relying Party
• Defines and uses token binding hash
“tbh” member of the JWT confirmation
claim “cnf”
• OpenID Foundation spec is draft status
but is presumably relatively stable
26. © 2018 Brian Campbell @__b_c
Token Binding for OAuth Too
• Binding of access tokens (via referred)
– Uses JWT tbh cnf and defines it for token
introspection
• Binding of refresh tokens (via provided)
• Client registration & server metadata
• Binding of authorization codes via two
PKCE variants
– for native app clients
– Web server clients
• Binding of JWT Authorization Grants and
JWT Client Authentication
• IETF spec is a working group draft and,
while there are no known/expected
normative changes, it’s anticipated to be
in draft for a considerable time
27. © 2018 Brian Campbell @__b_c
HTTPS Token Binding with TLS Terminating
Reverse Proxies (TTRP)
• Defines HTTP headers that enable a proxy and backend server to function
together as a single logical server side deployment of HTTPS Token Binding
• Spec is an IETF working group draft with some hope of moving quickly
28. © 2018 Brian Campbell @__b_c
Thanks!
[probably no time for] Questions?
Etc.
BRIAN
CAMPBELL
@__b_c
FIN
Editor's Notes
“Distinguished” – they ran out of titl
CIS 2014 in Monterey
Still believe it’s important
Needed to justify coming here
Slow process
Spring of 2016 at IETF 95 Buenos Aires where I got more serious about TB
From real job vs. pretend aspirational career
Protections a plenty but compromise still happens
Subdomain Takeovers (e.g. Uber in late 2017)
Some are critical of on HttpOnly b/c it is narrow but it does this one thing
Spring 2015 at IETF 92 Dallas
Inoculate against use by unauthorized party
IETF 100 in Singapore just one of the meetings involving this work
1st discussed in BA hotel room at IETF 95 April 2016
1st presented by Mike at Berlin IETF 96 July 2016
First floated the idea at IETF 97 Seoul in Nov 2016