IETF Logo Mail Archive

Re: [OAUTH-WG] [EXT] Re: WGLC review of draft-ietf-oauth-security-topics-13

"Peck, Michael A" <mpeck@mitre.org> Tue, 26 November 2019 20:08 UTC

Return-Path: <mpeck@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A10C120980 for <oauth@ietfa.amsl.com>; Tue, 26 Nov 2019 12:08:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3dIMk_WVMI0 for <oauth@ietfa.amsl.com>; Tue, 26 Nov 2019 12:08:22 -0800 (PST)
Received: from smtpvbsrv1.mitre.org (smtpvbsrv1.mitre.org [198.49.146.234]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6489E1208F8 for <oauth@ietf.org>; Tue, 26 Nov 2019 12:08:22 -0800 (PST)
Received: from smtpvbsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 8289133202C; Tue, 26 Nov 2019 15:08:21 -0500 (EST)
Received: from smtprhbv1.mitre.org (unknown [129.83.19.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtpvbsrv1.mitre.org (Postfix) with ESMTPS id 76440332024; Tue, 26 Nov 2019 15:08:21 -0500 (EST)
Received: from mbfesmtp-mgt.mitre.org (unknown [198.49.146.235]) by smtprhbv1.mitre.org (Postfix) with ESMTP id 716D780B76F; Tue, 26 Nov 2019 15:08:21 -0500 (EST)
Received: by mbfesmtp-mgt.mitre.org (Postfix, from userid 600) id 47Mw2F3DcjzkpG; Tue, 26 Nov 2019 20:08:13 +0000 (UTC)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02lp2107.outbound.protection.outlook.com [104.47.65.107]) by mbfesmtp-mgt.mitre.org (Postfix) with ESMTPS id 47Mw2041S1zks6; Tue, 26 Nov 2019 20:08:08 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AvMwte/PPbSN4KuOTgqs8H3TTMUt/HHJ02EMKiBDVg4SQ7rHN/xHHJ4uR7hIx8vy1XfEBp9DYPN/mYm38+WgcP0oWLa2V1tJLm6oRRQGP7q410rdtQoW7Aid08zDddeVhTvaBBL2SCiGU67k2Ez2A5B6sHDtQgEpufbPS+XRC/rZpOlCYlaajWGjLg+E8Y/OmOtLT66mMcoY6FPwXuXPL0BiJ3fNtgAhIX/XoOZLjMBiSUw92LYfHTx7wEV6S6fFwAJWWb1oqIHPb59dnUXcXglrN3AGusmylY9Tgdlb1WyCkm1STJABedoAb4D4pl4RgxgY/+1d3bGjbLLxXyPVAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u6PAkiPykR5FjBgEvDpW2hqp67p0BP9ZpZJ9FCjw/wA=; b=Zwwj896p1fniY0fk/THPOGa6RZr35T3vlOEScykW8emOnP6fxOEe8Dim9knitgls8uGku/MyDAkpjsCis6S+x5anWv5y5Q9QFT7Aw61Uc/5cThSvOGuDIJzocBBwTD5Od2bqwj42NIdkOKYFQ2orBYzR15tb8ws7d9Tq4T1B4pYl96oIw8nS4t1TUwDqENYWfHrKgoAPyOA96Ev6kV6cAkPcQu+af5+p962YDxJpGfZ5FN5vwliGI4JVxHkg7tRUF/W3lYoNPYCdLWaQuQs24839A0bt/2Wx16cPxEbyK3UsPZX+UYJiSWODCGLtfkKm3zcpDgXUYojNAN/Xbpe2uw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mitre.org; dmarc=pass action=none header.from=mitre.org; dkim=pass header.d=mitre.org; arc=none
Received: from BL0PR0901MB4435.namprd09.prod.outlook.com (52.135.45.75) by BL0PR0901MB3010.namprd09.prod.outlook.com (20.177.243.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2474.17; Tue, 26 Nov 2019 20:08:07 +0000
Received: from BL0PR0901MB4435.namprd09.prod.outlook.com ([fe80::80e0:62bd:ecd4:13d0]) by BL0PR0901MB4435.namprd09.prod.outlook.com ([fe80::80e0:62bd:ecd4:13d0%7]) with mapi id 15.20.2474.023; Tue, 26 Nov 2019 20:08:07 +0000
From: "Peck, Michael A" <mpeck@mitre.org>
To: Benjamin Kaduk <kaduk@mit.edu>, Pedram Hosseyni <pedram.hosseyni@sec.uni-stuttgart.de>
CC: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [EXT] Re: [OAUTH-WG] WGLC review of draft-ietf-oauth-security-topics-13
Thread-Index: AQHVpIer7bC33WzP2Uyc9uCIyfTygqedjYyA
Date: Tue, 26 Nov 2019 20:08:07 +0000
Message-ID: <A6A5B0CC-FC91-48D9-A7EC-79163EF08F55@mitre.org>
References: <fc5c22c1-7459-0337-4a27-5f666bd271ad@sec.uni-stuttgart.de> <20191126155116.GW32847@mit.edu> <2ad7e9d7-ac6f-aef2-afa8-36ce4b30fac2@sec.uni-stuttgart.de> <31267_1574793090_5DDD6F81_31267_173_1_20191126183109.GZ32847@mit.edu>
In-Reply-To: <31267_1574793090_5DDD6F81_31267_173_1_20191126183109.GZ32847@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mpeck@mitre.org;
x-originating-ip: [73.86.23.177]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ad48e91d-ea01-4a3b-4b08-08d772ac5a86
x-ms-traffictypediagnostic: BL0PR0901MB3010:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BL0PR0901MB3010634601653DAE6C572C97B9450@BL0PR0901MB3010.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0233768B38
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(366004)(39860400002)(346002)(376002)(199004)(189003)(58126008)(316002)(2616005)(33656002)(66574012)(2171002)(6116002)(99286004)(186003)(5660300002)(81156014)(81166006)(6306002)(14444005)(6246003)(36756003)(11346002)(446003)(256004)(6512007)(8936002)(7110500001)(71190400001)(66946007)(6436002)(71200400001)(66446008)(64756008)(66556008)(7736002)(66066001)(305945005)(229853002)(2906002)(86362001)(4326008)(6486002)(102836004)(53546011)(966005)(6506007)(2420400007)(15650500001)(26005)(76176011)(110136005)(76116006)(8676002)(14454004)(66476007)(3846002)(25786009)(478600001); DIR:OUT; SFP:1101; SCL:1; SRVR:BL0PR0901MB3010; H:BL0PR0901MB4435.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 67x1Ea+frgXkjlIcDrDW5nM/1AAk/10NkBVROV+0O9Y337Dg5UJXfv4tzFySYv2ql/CdkDv+m9IAshg51MJrrKaOG8TjUQpBu3kBdXhACPoaHQEgroP74vXZK67BlPYdmjbfA/fVUv/4UO0N257oeRXHQTe47WDsuMQ5zRlHddZvmix7LH11QjTJkSHvjFZ9AqA9I8G4KiqRiw4aYaqsh9G59df47weF/Ltm0IPYYstSY2nJfNhBZmWqQS0hMVPEXSPaCadD5y1GGchAOn5YQa8CHPxulMy8y1ELFtaXeypK7qzKaNPGwSQUHKBQLMsWQQH3jP6bbzm98u8IiYn5VnpKyGamPovdmp2o51/4zdhKQx/reUAf6vptr0fC7JpCH0ECGtLqR3x0sxiRkWJRBjVaBDfxRJ6KEubi3yiXGCD+Ffm8I6DgEufqvAXWMlIqZSq00xpJSvkoMv6j5iMcYfH+JztUntPCnseCJApsDds=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <1A76EDB0BC2FB541B56811B5F6FC7D7A@namprd09.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: mitre.org
X-MS-Exchange-CrossTenant-Network-Message-Id: ad48e91d-ea01-4a3b-4b08-08d772ac5a86
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Nov 2019 20:08:07.3661 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zNdQm8iIqbqf/TO6f7yMqTd9mBAVt7bbss8GZDBcLhfDwMCWV1TS4YjtXQbUdetB
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR0901MB3010
X-MITRE: 8GQsMWxq66rxk57w
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.org; h=from:to:cc:subject:date:message-id:references:in-reply-to:content-type:content-id:content-transfer-encoding:mime-version; s=selector1; bh=u6PAkiPykR5FjBgEvDpW2hqp67p0BP9ZpZJ9FCjw/wA=; b=0fpj2fPbt62gv0D47M0Mdj/rbjdutPy84rWnTec0hjnPPI1q75tQXUXPG7aDifHjw9Vtpqct0Ha77Q1PlcH9AwpKXt9CHWsfac1Yq9GvoWeAe5k7sdQSHvpojqWFwzokqJMjFxXEmObJlUK44uEaDTxrQV0IgNnoJIG5thlNees=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/U9DiFxBUYg6-cZn10zJoDsprS0Q>
Subject: Re: [OAUTH-WG] [EXT] Re: WGLC review of draft-ietf-oauth-security-topics-13
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2019 20:08:24 -0000

Hi Pedram,

I understand why a client would need to allow use of multiple authorization servers if the client needs to access various resource servers each of which may trust different ASs (e.g. the client supports accessing resources at multiple cloud storage services).

However, how common is the case that a client would need to allow selecting from multiple authorization servers for accessing a particular resource server?

Would it be reasonable for the document to recommend that clients designate a specific AS for each RS that the client accesses (and not allow the user to select a different AS)? Would that help prevent the attack? Wouldn't most RSs only trust access tokens from a single AS anyways?

Thanks,
Mike

On 11/26/19, 1:32 PM, "OAuth on behalf of Benjamin Kaduk" <oauth-bounces@ietf.org on behalf of kaduk@mit.edu> wrote:

    Hi Pedram,
    
    Thanks for confirming that the scenario is as I was trying to understand
    it.  I don't think it's universal that all clients will give transitive
    access from the user to the accessed resource, though it's certainly
    common; the lack of exposition on that point is what I had been stumbling
    on.
    
    -Ben
    
    On Tue, Nov 26, 2019 at 06:33:04PM +0100, Pedram Hosseyni wrote:
    > Hi Ben,
    > 
    > The attacker uses the (honest) client shown in Figure 4 as a regular 
    > user. For example, the client might provide access to a cloud storage 
    > via its website, i.e., by using the clients' website, a user can access 
    > her files stored at the resource server.
    > 
    > I'll try to clarify the attack with a simplified example.
    > 
    > Let's assume that the client supports two authorization servers 
    > AS_honest and AS_attacker. Intuitively, if the attacker phishes an 
    > access token created by AS_honest for an honest user (Alice), one would 
    > expect that sender-constraining the access token (e.g., via mTLS) 
    > prevents the attacker from using this access token.
    > 
    > The overall goal of the attacker is to use the sender-constrained access 
    > token (which he cannot use directly at the resource server) to access 
    > Alices cloud storage.
    > 
    > The attack works as follows:
    > 
    > First, the attacker visits the website of the client. Usually, the 
    > attacker would now choose an AS, and after successful authentication, 
    > access his files stored in the cloud. When selecting the AS, the 
    > attacker chooses AS_attacker. In Step 5 of Figure 4, AS_attacker now 
    > provides the phished access token. As this token is bound to this 
    > client, the client can use it at the resource server for getting access 
    > to the cloud storage of Alice. As the attacker is using the client 
    > (through the clients' website), he now gets access to these files 
    > (stored at the RS).
    > 
    > Please let me know if you have any other questions.
    > 
    > Best regards,
    > Pedram
    > 
    > 
    > On 26.11.19 16:51, Benjamin Kaduk wrote:
    > > Hi Pedram,
    > >
    > > On Thu, Nov 21, 2019 at 02:50:52PM +0100, Pedram Hosseyni wrote:
    > >> Also, for this or the next version of this document, the Cuckoo's Token
    > >> attack (see Section IV-A of http://arxiv.org/abs/1901.11520/ ), should
    > >> be addressed. We also discussed this issue extensively at the last OSW
    > >> in Stuttgart.
    > > I took a look at the paper, and I'm not sure I'm properly understanding the
    > > "Cuckoo's Token" attack.  Looking at Figure 4 of the paper to have
    > > something concrete to refer to, I assume that the client, as a white box,
    > > is presumed to be honest.  Since the access token is bound to the client, I
    > > assume that the attacker has to return the phished access token to the same
    > > client that originally (honestly) got it, as otherwise the token will not
    > > be usable at the RS.  The paper concludes that in step 6, the client gets
    > > access to the honest resource owner's resources, and furthermore that the
    > > attacker has access to those resources through the client.  It's that last
    > > part that I'm not sure I understand -- if the client is honest, why would
    > > it return resource information to the attacker?  The best I can come up
    > > with is that there's some sense of a "session" between the user and client,
    > > such that the client links its resource accesses with the "session" on
    > > behalf of which the access occurs, and is willing to return such
    > > information back to the user only on the "linked session".  (The
    > > countermeasure makes sense and is a good practice, of course.)
    > >
    > > Thanks,
    > >
    > > Ben
    > 
    > -- 
    > Pedram Hosseyni, M.Sc.
    > Room V38 2.438
    > Institute of Information Security - SEC
    > Universität Stuttgart
    > Universitätsstraße 38
    > D-70569 Stuttgart
    > Germany
    > Phone: +49 711 685 88454
    > https://sec.uni-stuttgart.de
    > 
    
    _______________________________________________
    OAuth mailing list
    OAuth@ietf.org
    https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email