Re: [OAUTH-WG] Adding the option to use server-supplied nonces to DPoP
Brian Campbell <bcampbell@pingidentity.com> Fri, 17 September 2021 22:39 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1EDC3A1981 for <oauth@ietfa.amsl.com>; Fri, 17 Sep 2021 15:39:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3dkOVg_-PlCo for <oauth@ietfa.amsl.com>; Fri, 17 Sep 2021 15:39:52 -0700 (PDT)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B366D3A197D for <oauth@ietf.org>; Fri, 17 Sep 2021 15:39:51 -0700 (PDT)
Received: by mail-lf1-x12c.google.com with SMTP id y28so37985346lfb.0 for <oauth@ietf.org>; Fri, 17 Sep 2021 15:39:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GXGxQxgfe8PHQvcuCd5BuJZbNb5Qaszh2FSV9QhQLvw=; b=T9V6F5oAQMaX+UtUpJqFx/1Nt68123lzXYgkj+bR5K78JtUjVrbd7iisvtAwSTCgGs 5Ce3XdgbwbolMawgfv6n6B78aYu91hpndn2KE2jPhya/OIt/Nm46GqYAvyHEINOR3jFs c2sD5FI1vwUR0LZQVS7vjmvisIyLmkIxmDYdl+R96iTA83G44DRg17K5pHfpfD9iP0sf 6xonSRqXmhZleezXNOyfmDwLPCTz1j2Y5tpxUK7T6WfV0ZoazbGEJwD88rU9PdL7kG5F tieW+ZseIGVqeOZ3Wp9iitqZ+agLXwFlIiOepu52MzoXBdVGbSTKfl02f7mo9blfAccI c8ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GXGxQxgfe8PHQvcuCd5BuJZbNb5Qaszh2FSV9QhQLvw=; b=W/Fcv9//3FJ9qYHDb6ev8m9Hxz8SLicTOv03RC1Az7sBuyAqP1c3Z9yBz+oePDA3Qc iv+qIGCD8qwXwuV0ZhW+TWIp9gUM0MR1sJVxqkBK54J8sdVWg9Tg2spKSra8ARcB0THh AnJ3+Idi6aju9sFhVYC4uM0MP2lcOz11kX5YsryqpuSrESdUEuH0ouPla/CiZjtGJ2eE 2AtYirAqaiQGjT+MaVcwVXH8C0srOJveij6R7kb+HsJvnTroAPyBhykEW0oQzxGbRlEw F0flasnD6exTbjrvDL4mn1Gg0DcxflpbM23M4cw00SQLwXkW0ycO+3MCoDIC6B32jeti Ilng==
X-Gm-Message-State: AOAM530GZWQFV9ZxZTZZaxTFg6y47VI1NidJbGiX/bM3+BVbBPPEyVad xmdTRrLO4o8Z7HZuW/KQL/0VEfIY68C2nUVBsg2aKN/0Zioszosyaqc1Umk+aaw7Gbjd7xVCcd+ lz9Z9QlE3Zw9OZH0GhV3frw==
X-Google-Smtp-Source: ABdhPJx+58U2VD/1PHWvKIzh/XGI30eACy0N0SZBSs1Xs2q3bB7912ZzyT1d90wkH8p8TIUPfBMiBPVxJ63F9DHHaYI=
X-Received: by 2002:a2e:99c8:: with SMTP id l8mr11968651ljj.178.1631918388877; Fri, 17 Sep 2021 15:39:48 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR00MB099738694FBE4FAFCA0E5C2DF5DD9@PH0PR00MB0997.namprd00.prod.outlook.com>
In-Reply-To: <PH0PR00MB099738694FBE4FAFCA0E5C2DF5DD9@PH0PR00MB0997.namprd00.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 17 Sep 2021 16:39:22 -0600
Message-ID: <CA+k3eCQWcF_Nyi-GAjYOM_QAWUTqWGQAfEK2HFCeZx=PQp4Yow@mail.gmail.com>
To: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000df35a505cc389b84"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/AiWXXnw5bVN4ePUVcbYFBVQGoRc>
Subject: Re: [OAUTH-WG] Adding the option to use server-supplied nonces to DPoP
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 22:39:57 -0000
Hey Mike, thanks for writing up the PR. Generally speaking, I think it nicely and fairly unobtrusively introduces the ability for servers to choose whether/when to use server-contributed nonces to further constrain lifetimes of DPoP proof. I've been reluctant to add something like this out of concern for introducing a lot of complexity. But this seems to do a pretty good job of it without a ton of baggage. There is one problematic technical aspect of it, however, that I think needs to be addressed before it can be incorporated into the document. Kind of a protocol compile error, if you will. The Authorization Server-Provided Nonce section uses the 'WWW-Authenticate: DPoP ... ' header in a 401 response to a token request to ask that a nonce be included in the DPoP proof in the subsequent request(s), which is sent as the value of the DPoP header. But based on the definition in this document and the underlying RFC7235, a 'WWW-Authenticate: DPoP' header is requesting that a 'Authorization: DPoP <access-token>' header be sent in the subsequent requests. The 'Authorization: DPoP <access-token>' header is only sent to protected resources. The way Authorization header is defined (can only have one in a request) and sometimes used for client secret basic auth are some of the reasons the DPoP proof is defined as separate header and not part of the Authorization header. Unfortunately, the result is that the error/challenge mechanics need to be slightly different between the AS and RS. I think the Authorization Server-Provided Nonce needs to be provided to the client in some other way. Perhaps as a parameter in the JSON of a token endpoint error response. Or in a header somehow. Or something else that I'm not thinking of. But the way it is in the PR right now doesn't semantically work. On Fri, Sep 17, 2021 at 11:04 AM Mike Jones <Michael.Jones= 40microsoft.com@dmarc.ietf.org> wrote: > We all know that using proof-of-possession with issued tokens is a means > of rendering exfiltrated tokens useless to attackers. The DPoP was created > as one of the tools to prevent this. There’s a huge amount of evidence of > successful token exfiltration attacks in the wild, some of which is > referenced at the end of this message. For instance, sometimes the > legitimate user of a client is the attacker. Once instance of this is that > some banks have cited employees stealing legitimate tokens issued on bank > computers and taking them to non-bank computers, thereby bypassing audit > controls. > > > > When reviewing DPoP with Microsoft’s identity architects, they pointed out > that DPoP as written today can still enable exfiltrated DPoP tokens to be > used by some kinds of attackers; doing so also requires that the attackers > exfiltrate DPoP proofs. This is possible when the legitimate user of a > client is the attacker. > > > > Preventing exfiltrated pre-generated DPoP proofs from being used in the > future requires the server being able to limit their lifetime. An > effective means of doing this is to include a server-provided nonce in the > DPoP proof. That puts the lifetime of DPoP proofs in control of the > server, because when a new nonce value is provided, older, possibly > pre-generated DPoP proofs become invalid at the server. > > > > The Microsoft identity server team is already internally using this > technique with the stale OAuth HTTP Signing draft. They want to be able to > use it with DPoP for the same reasons. DPoP without this won’t mitigate > the real security attacks that our systems are encountering. Note that > unless a server-provided nonce is used, what is actually being proved is > possession of a DPoP proof – not possession of the proof-of-possession key. > > > > Having discussed this with some of the editors, I have created a pull > request adding the optional use of server-provided nonces to DPoP. This > will break no existing deployments. But it will enable new deployments to > choose to use server-contributed nonces to limit DPoP proof lifetimes, both > for authorization servers and resource servers. The pull request is at > https://github.com/danielfett/draft-dpop/pull/81/. Reviews of the PR are > welcomed. I propose that we merge it and publish draft -04 sometime next > week, pending review feedback. > > > > ==== > > > > My colleague Pieter Kasselman assembled some examples of successful token > exfiltration attacks in the public domain (and helped review the PR). > Those follow, for your reading pleasure. > > 1. Introducing a new phishing technique for compromising Office 365 > accounts (o365blog.com) > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fo365blog.com%2Fpost%2Fphishing%2F&data=04%7C01%7Cpieter.kasselman%40microsoft.com%7Cd16075338fd34e6065fa08d96f18c785%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637662974517021183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Nwnf6O67xIXO2u0cYFkZBnJrnOl0P6JR1MrXdNLgrr8%3D&reserved=0> > 1. It describes a phishing attack that allows the attacker to > obtain an Access Token and a Refresh Token (which is then used to obtain > additional Access Tokens). > 2. Operationalised with the AADInternals Tool > 2. The Art of the Device Code Phish - Boku (0xboku.com) > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2F0xboku.com%2F2021%2F07%2F12%2FArtOfDeviceCodePhish.html&data=04%7C01%7Cpieter.kasselman%40microsoft.com%7Cd16075338fd34e6065fa08d96f18c785%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637662974517021183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=wlEfBuS%2FnIl9qIf51hpQcU2UmFCsnuC0ksSVE%2FXdEKw%3D&reserved=0> > > > 1. It extends the above attack and shows step-by-step how to > exfiltrate a Access Token and a Refresh Token with a similar phishing > attack and then obtain additional tokens. > 2. Operationalised with AADInternals and TokenTactics > 1. DEF CON 29 - Jenko Hwong - New Phishing Attacks Exploiting OAuth > Authentication Flows - YouTube > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D9slRYvpKHp4&data=04%7C01%7Cpieter.kasselman%40microsoft.com%7Cd16075338fd34e6065fa08d96f18c785%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637662974517031142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9rMI1ay6eJ4RmTRTmHglAunMiQuLfxzZUpdk%2F012Z9Q%3D&reserved=0> > > > 1. It shows another attack to exfiltrate tokens using phishing > techniques that exploit Device Code Flow. > 2. It includes a demo of the attack that shows how it bypasses MFA > and anti-Phishing controls and then uses the PRT to get tokens and pivot to > other services. > 3. Tools available as open source. > 1. Requesting Azure AD Request Tokens on Azure-AD-joined Machines for > Browser SSO | by Lee Christensen | Posts By SpecterOps Team Members > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fposts.specterops.io%2Frequesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30&data=04%7C01%7Cpieter.kasselman%40microsoft.com%7Cd16075338fd34e6065fa08d96f18c785%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637662974517031142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=OLHm5HkOAQZs0uE95OtlvUxRQlk06ylecU09%2B2hacOw%3D&reserved=0> > > > 1. Outlines how a Refresh Token can be exfiltrated from a Chrome > browser > 2. Operationalised with a tool called RequestAADRefreshToken > 1. Abusing Azure AD SSO with the Primary Refresh Token - dirkjanm.io > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirkjanm.io%2Fabusing-azure-ad-sso-with-the-primary-refresh-token%2F&data=04%7C01%7Cpieter.kasselman%40microsoft.com%7Cd16075338fd34e6065fa08d96f18c785%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637662974517031142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=J8rcX59vjyaVlvhdzDBM%2FUELF38LEykzo84an9opNc4%3D&reserved=0> > > > 1. Extracts the Primary Refresh Token through Chrome > 2. Requires executing code on the users device to interact with the > Chrome browser, executed in the user context, no elevated privileges needed > 3. Operationalised through ROADtoken and ROADtools. > 1. Digging further into the Primary Refresh Token - dirkjanm.io > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdirkjanm.io%2Fdigging-further-into-the-primary-refresh-token%2F&data=04%7C01%7Cpieter.kasselman%40microsoft.com%7Cd16075338fd34e6065fa08d96f18c785%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637662974517041097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zfgTacWTD38btnIwrPWEStjIIYNfw9tRzjjP95S8gwI%3D&reserved=0> > > > 1. Describes how the PRT and session keys can be extracted from a > device (requires local admin) > 2. Operationalised through ROADtools > > -- Mike > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [OAUTH-WG] Adding the option to use server-suppli… Mike Jones
- Re: [OAUTH-WG] Adding the option to use server-su… Justin Richer
- Re: [OAUTH-WG] Adding the option to use server-su… Brian Campbell