Re: [OAUTH-WG] OAuth 2.0 Security Best Current Practice | Issue in Mix-Up Countermeasure

Christian Mainka <Christian.Mainka@rub.de> Tue, 03 December 2019 09:22 UTC

Return-Path: <Christian.Mainka@rub.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 644A8120142 for <oauth@ietfa.amsl.com>; Tue, 3 Dec 2019 01:22:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rub.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id stAWvnUMZ8hs for <oauth@ietfa.amsl.com>; Tue, 3 Dec 2019 01:22:01 -0800 (PST)
Received: from out2.mail.ruhr-uni-bochum.de (out2.mail.ruhr-uni-bochum.de [134.147.42.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 079061200B7 for <oauth@ietf.org>; Tue, 3 Dec 2019 01:22:01 -0800 (PST)
Received: from mx2.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by out2.mail.ruhr-uni-bochum.de (Postfix mo-ext) with ESMTP id 47RxM94ydzz4yMv; Tue, 3 Dec 2019 10:21:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rub.de; s=mail-2017; t=1575364917; bh=aCX+kD1jK5Sp5fs2XviZ1TKDZdBvNMsCFoKxBypTX3c=; h=Subject:To:References:From:Date:In-Reply-To:From; b=MbaMYS2CJehC3Z0Mk7weEvfAP/QrKt4+KX8NI/mRTwESPM04/mqA6gjA5rz5AOSiW 12iBfGSgVuFNyiV2Aa826J1kpbfZBxKJxNz+E+aqicvcBJhJew4Io/eaaSg7sokD4U TSKZWN/+ASvsNM2VWasyRej9YoWEV81VofX9pck0=
Received: from out2.mail.ruhr-uni-bochum.de (localhost [127.0.0.1]) by mx2.mail.ruhr-uni-bochum.de (Postfix idis) with ESMTP id 47RxM940XDz4xZL; Tue, 3 Dec 2019 10:21:57 +0100 (CET)
X-Envelope-Sender: <Christian.Mainka@rub.de>
X-RUB-Notes: Internal origin=134.147.42.227
Received: from mail1.mail.ruhr-uni-bochum.de (mail.ruhr-uni-bochum.de [134.147.42.227]) by out2.mail.ruhr-uni-bochum.de (Postfix mi-int) with ESMTP id 47RxM92m6Pz4yMv; Tue, 3 Dec 2019 10:21:57 +0100 (CET)
Received: from [192.168.93.131] (i577B3101.versanet.de [87.123.49.1]) by mail1.mail.ruhr-uni-bochum.de (Postfix) with ESMTPSA id 47RxM81T12zyrd; Tue, 3 Dec 2019 10:21:56 +0100 (CET)
To: fett@danielfett.de, oauth@ietf.org
References: <35143dd1-edeb-e0fd-6f36-a39d9b7f7008@hackmanit.de> <4f1d1215-aa23-93ab-ae5b-75426d7f07cc@danielfett.de> <277a3bc8-32fc-8c7c-85dc-5030d2d07728@rub.de> <8047bf89-1120-426d-e020-e58766c2ce3a@danielfett.de>
From: Christian Mainka <Christian.Mainka@rub.de>
Autocrypt: addr=Christian.Mainka@rub.de; keydata= mQINBEefF5YBEADa0W+FyzUZStHhp8YmnjPZm4Bws4sKmwXRxfSJp89Z5r79kxaXdLErifPS w4uyQuhosugg65KlNwFgtMprtGeEvQpqnsGFz1ZJFnMDZnMho48NDXdFA8KWUUTFHZTlv8fy NOH3EQ/jcWfq2VizuIewJNqyrVpbUimosQmLsBB9xLeiT6u8B0zh0hCYhnX77Y87MnPYlW1T fxT7mjGe2SJnGdm85CH2Q/9aIj7OTA5vZhrCdrbddo0c5h6WMqeYSbxUYrJ0/zBHFpfbWmFD OIEtvYLjKhEtjIpvKL6U7fJaJNPqTFp+Y0T+folxRMYIxWPMtacnvMa9YqBiEmdK8VyFBMmi gkhVqdrTKLtsxQrutKaRxJ+ACbEdNuGpjnK5ON+sNmPTmqs816x+JJGLu1ci03gbCIXXvwXF /pV2tX/dBGbTgYWZ4DAIdIJoHKgAjC0r64409nDwb4BKWtEDTAxbP+2mPVqH0uthGBz8J29Q zWUDztfy3AK7nZjhg0NRabBUYe6PPGaV81tluH5nEMvvcXSstbwAcg8BPmuSGp3G6VE4BxS6 bnRIbL9XQP24xn3TFiAus79Wmzz3yBangmUCo616qWJqpqie6arce+Zce8szwMIJD753gEo8 L+GXJ8H/jQWS8C9qPvmD9GlW+RaWoTRb4BkTds305e0HPyl9aQARAQABtDVDaHJpc3RpYW4g TWFpbmthIChSdWItTWFpbCkgPENocmlzdGlhbi5NYWlua2FAcnViLmRlPokCNgQTAQIAIAUC R58XlgIbIwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEBxg1ZHbyZM9FjIP/3AHN9PRFg3n ld0DQCCGJzu1owT4b1is1pjHC+cpoJE0KqGiYBsPb1x3p/K8+E82ZENXP0s1KMZWEz+6dm+i 5ekb10jlSXppnkoeVBh9ITBjqurRkzSHRAkKtcLLIjYXyLKCQtnMJNCYU4OLA0xqlqcqa6U3 gRHW8mFNRjNkXjxSwGD0+vEeZ1WnfUkuvHYSWAUBn8f3Xn/KP0jlwzi8xZUxZgMcrPhV3s/X dNhQMvkzXUJd61AOCRAU2ZpxTIa57bIwahJ/RLdVzumTJHEMcRJpU6MMgfYnUUHRiiIUkhhB jWrzeSaoFpoHzYwKVflh+T2u/s909sQY17eT4IeVrjT3GZfXO4PnRC85gKqJMUuEE5dYrc/f iwzZdDX1y0zl2j6URITNXKu8s5x89PUzpg/ex22iArRDS8FfQGQXx600OpSWYUYSp4CrmNKK 1M42+caUwS2TysGoH3ebqtQ0Bu4WFxArmbMc9pkgsSuCwRKphBahT0U8JnLOXyqvhVC1A5sU 8HMAPhIg9mKd8swNh+ONGW97KwHONfcJhJ2lDwr8jZYh/6dg0J/wXdnl+naht+oiVnG2dHIQ 95iGFjiILW7OC0laYS0BCFSGJiG/wYr/heGNf+IgIXs1MJUE+AbiwGYE2FZRRA3oonLzQcQ4 xYLG3WKhlG6cUg2tYAKiY7hjtCpDaHJpc3RpYW4gTWFpbmthIDxDaHJpc3RpYW4uTWFpbmth QHJ1Yi5kZT6JAjsEEwECACUCGyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJRCCWaAhkB AAoJEBxg1ZHbyZM9PuYP/3a/1kPLhy11Hjqz12SJoQi10JlTpRILcWXAoUOFmOQlPkMzwp+j vyg0XMW7VHfRpNyFDhMofAsibVFj6OvWRmg6Mrpsz0IwbH6k7ukcb0Uvv/EWhBHvqDpkGdIo 0iAkoyuygTIVsLRjJmU0QrnaS9J/QQTQSzpMG0Y/NXmt8a6j0aR92hYllhTdWbHGgQlcMa6R JBBR9fExoOlc9LZM3gyFI89STpWZcvFviO6VYlIKTqCFiH8W4u/yzP3fvjz2JLSS3SAAyd4z oaqMGSDqb97iJI39jja2BrJCkHDGpb0god0IMz+LMSXFc5faewBy5HfIsOj2tt4J9gUoKOwp fIDccOMirO5qywo5w79ofzx4AWDl+O1q4SXJmFUQWdnanM9TwR0wRmFa2q5ZugHlQbIdGMqR py5XrcTBcSoQRxGiFdjchJAYeNNQnOIMdHtolcSHpwKUc0CLIjrzMMnAui1WIr8jcdxiuqrU EJDZWiVZhxetq1An8lDX8q5IDmq1ZnS5PfmlOpMmL3QduEEqQQ40St2pbfCyCMz19jK/d6Kb lVoG4MhGq1ofIKu6KfWZmIEsiLGidNPByL84AB+8B9VArlS5pG4esIF5c5nyv1InlNCz5aNZ XzRxvJVqYEcTnM6f+29BDNGCPGfIVCyiocYCE2Z6TSA//VyQXMGdxB1UuQINBEefF9IBEACa oaSOVrtoEx+1FFoFHro9mI2rViLcHY44EyPBSlgUQgNeyMBnV9yrFf2awpZimXkXYOJ39dtD KOleiJ+XpM7n0tEDJ+tPz4Avc2iQ4RMyIndrM4okmfmTHuWZkV5ZJAERF59hMRDp8dRBzFDB XDEVhFsOZGFaf5qJE78774Jb/I0Sh6wn4FY2Pr/ZdEA5FOlzHNa8LlMv2Qeh8t+HdL/ySTDG JAI2qTeszqWtDSnMT+ExYH+zWCiYYw0/2/U01L/Qn5wNiEihAv4XYkkQsMecMw9H8zZ7Ob1h rSwWR1pYJIiJ94cHDTeLIq2bY0yHuxiQLbUMyCkPQhTXvz1mdkzVHlhMZefHkeo25dvbnCot 6JoWOyyCghEixtMeRpYReKOmkHDVMRLqo1VJSxYhyrmmdZUfJjTBqqpl4nvYPj5cLvogI2Cp GeKFgkfzZ3/OIMamipJOLQHoX80Y04Ug9k5BxUHJPPX054g+GB6YT1xYncPDj+J+aP1EvOSM h4DyAspB9gZoI5Xx8swL3UvQySpakgHoGeOfz0wsYOijoGW9UCkwqIWbrQ44Y+SgjxKEp3rk Z0a5PCcOSNPynIIxyWukbIDk6nhqp/Ni3vzpoAjGHs05w+YqP/sv8wykeK/2JejNkpZIDVop nvXFDc5QLc+cn70X1Ny9sYYj1+/KmS7d4QARAQABiQIfBBgBAgAJBQJHnxfSAhsMAAoJEBxg 1ZHbyZM9DIIP/iBxx1yb3Iy7m23GcNsfWRUnSmkAdkLf9VoEESvxtuC1l8AEUCeoTiQ0LSas Z2asV6yoMQOStv3eW6/WL6ZUL0jTm7x3Ki0/Ej+obnKpCKV3E45ku7unilXI4+TSPXxmwQOi 0ZVa+MwZn7jhwQuk60EgBUW0VyPmpgYnxtcb2HGGRj3V06A+T2963AyrM6gFBDSm5ulSwKyd LBDsbOpD9JXCvVrAFwCs8isa0snhhuipQZR3fKYhQ8pbCGSFYJ+BAgZuj02eeEQZP8J04LAY ItcsuO01B27svDJRF6BcoYljfO6Cat625mxsjYvITTsq0iCTx0d/OOee7nPhChB7bsRm9/F/ /N0STfbQVRyt0RZS0uGzo5lESk+TnlteNx6oJUpWTgO7FXr4j2ZpSGznjV57Sjgh8QttUubI DPrjFSGiY8z0DxZrIdWVtgDj2LeVnjql5eZpOn2BCe/+dRg581t5vZvCaIlpu+YBxWmJHU7V PyAY6Sq4xY6JW6B3yqkqTmOPE/ARUIYRzHPmv15kCINS/Jpw6fWTzsD1HPaRVVEwDuFRSxaK toDFOB7DktTf2NsyKDC0GN3w6x+I9VUHjJePK3wXqjQs0g/DXc7OBJV+1nBkj0ZlHqtuiNom fhycC18ZvUs6re/gu2jSSK3ME5Tll/qYGq5DcuzSTSnNS1Q3
Message-ID: <4300c85a-0942-f1b7-1854-2099107f1551@rub.de>
Date: Tue, 03 Dec 2019 10:21:56 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <8047bf89-1120-426d-e020-e58766c2ce3a@danielfett.de>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
X-Virus-Scanned: clamav-milter 0.99.4 at mail1.mail.ruhr-uni-bochum.de
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/WucSVQ-r2CGECpdb3qCDkm-dHcY>
Subject: Re: [OAUTH-WG] OAuth 2.0 Security Best Current Practice | Issue in Mix-Up Countermeasure
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 09:22:03 -0000

Hi,

according to [1], countermeasure (1) describes to

> configure [the] authorization servers to return an AS identitifier
("iss") and the "client_id" for which a code or token was issued in the
authorization response.

So if an MixUp attack is running, the victim contacts A-AS but is
redirected to to H-AS [2].
The AS adds - according to the countermeasure - two additional
parameters to the authorization response: client_id and issuer. Both
values are set by H-AS, so it returns H-issuer and H-client_id.

But: during the registration of the client on A-AS (rfc7591), it can return:

HTTP/1.1 201 Created

     {
      "client_id": "H-client_id",
      "redirect_uris": [
        "https://client.example.org/honest-callback",
     }

So if the client receives the client_id in the authorization response,
it is unable to distinguish to which AS the client_id belongs to - they
have the same values.

This does not hold for the issuer parameter in the authorization
response, because it is set by H-AS and independent of and not set
during the Dynamic Client Registration Protocol.

So basically, it is the same problem as with the redirect_uri.

Regards
Christian

[1]:
https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4.4.2
[2]: Step 4 in
https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4.4.1

On 02.12.19 11:26, Daniel Fett wrote:
> Am 02.12.19 um 10:05 schrieb Christian Mainka:
>> I think this problem is not only restricted to the redirect_uri.
>> Regarding countermeasure (1), also the A-AS can return the same
>> client_id as the client uses on the H-AS.
>>
>> TL;DR: In countermeasure (1), only the issuer prevents MixUp, the
>> client_id parameter can be faked as well during the registration of the
>> client (especially if Dynamic Client Registration is used).
> What would be the issuer identifiers of A-AS and H-AS in this case be,
> as seen by the client?
>
> -Daniel
>
>
>
-- 
Dr.-Ing. Christian Mainka
Horst Görtz Institute for IT-Security 
Chair for Network and Data Security 
Ruhr-University Bochum, Germany

Universitätsstr. 150, ID 2/463
D-44801 Bochum, Germany

Telefon: +49 (0) 234 / 32-26796
Fax: +49 (0) 234 / 32-14347
http://nds.rub.de/chair/people/cmainka/
@CheariX