Re: [OAUTH-WG] Call for Adoption - AS Issuer Identifier in Authorization Response

Kevin Gaynor <Cincydeck.fence@outlook.com> Wed, 09 December 2020 13:37 UTC

Return-Path: <Cincydeck.fence@outlook.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 369A33A1669 for <oauth@ietfa.amsl.com>; Wed, 9 Dec 2020 05:37:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.088
X-Spam-Level:
X-Spam-Status: No, score=-1.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z1BjNpRZvWwz for <oauth@ietfa.amsl.com>; Wed, 9 Dec 2020 05:37:07 -0800 (PST)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10olkn2080.outbound.protection.outlook.com [40.92.42.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 594AE3A1082 for <oauth@ietf.org>; Wed, 9 Dec 2020 05:37:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pdrd0mGPx4e/Vfo7Yi/Dwt8Ovq3tc7M1y8WvxewCdY9Qjv+XvCanZnYHDzFS9OU/mdQFCtDPLa3fvlrGJaMMCUIlF6w1Qt2T8jtZDlsqH2d84X2P01GeRpxjf7O22iP0BHy3Vg3x7Cn68kJxYd2e+wD9KEd5CX2EsHt5Yyuf4wClZBE+rjOJfMjQi9nS2GtkSzpQjzWd0NJQhViF612wfd5m1h94fnqrfts3+GkmIT9R2uiWOwHUDjSG9WbQIizkUhZYvOMGYV0LX35UWPfClBELaV1cMv0YggWA95CC7u+H8YXtoIMyueElkfqadQ6GPycKw9sVtb1EvfdtK+9MNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ADa7l8BklQU4KYA2wwL/zJSt16afNYrB4s/eDkoexG0=; b=O+tlp8zx3alLBjylpdLj9JSDRK5Wj+kTmwm2DEa3Sb4U/HRPvnI20f/KH0vQGeSL3IfDqWL6dNd0Tgp3whYLKfvhujDVRCCynAksxWwrOXRt08twKkD0scn4O9Q8byOW9otIacEfnTaCkPRC9S5ZkfwO7l2TJJGi3ZT2FxuY/cvtqqzu/yuySfi49tFYwHJa6cyoZIs77jihjAiK421o9W5hf4DlqgnmB4j1lunrmWz7AzrIa3GZPWZXgHJBwsPLFY0zJPWByRP2mx4qZGnR455dbaiU4qCy8ldN8rPdT/5UtQIDJeb6UomtJErpPHi7Ei3/dukYXIrMQpod5tIgLQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ADa7l8BklQU4KYA2wwL/zJSt16afNYrB4s/eDkoexG0=; b=oapw1ewr2SfRaPbe7woDv7FDtogkoRPde5ijYPhmdGY0mDEmZymmEY4q8uCF1gLrnBGpWW8koxe7r4kEZbyTMu9oLuQ2i/j6pkz0rZGIUepEl0HqhKcwanPxU9l2xBQ94Cme1fr6TNro2vorq4cfcQJz78w4NT/6bfK5oTD1L8FGZgZtWYednwaHH9UVjJsCzoisQJzOKauuziUylBmrM7KWgopqTWzpMTGEtL4wz/7lcvOql6dXqjlYuu7Caif8Ko7BXWRzbbUAw+2yGqqc5WKgFisbDUw8VDmGhI9KBtJiRNsbbCucL5VAaEypwFSgpylgKzys2XnoUwo4h2cN3Q==
Received: from MW2NAM10FT024.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e87::53) by MW2NAM10HT027.eop-nam10.prod.protection.outlook.com (2a01:111:e400:7e87::221) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.20; Wed, 9 Dec 2020 13:36:58 +0000
Received: from BYAPR10MB3398.namprd10.prod.outlook.com (2a01:111:e400:7e87::53) by MW2NAM10FT024.mail.protection.outlook.com (2a01:111:e400:7e87::455) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3654.12 via Frontend Transport; Wed, 9 Dec 2020 13:36:58 +0000
Received: from BYAPR10MB3398.namprd10.prod.outlook.com ([fe80::fd0f:e960:18a9:55c]) by BYAPR10MB3398.namprd10.prod.outlook.com ([fe80::fd0f:e960:18a9:55c%6]) with mapi id 15.20.3654.012; Wed, 9 Dec 2020 13:36:58 +0000
From: Kevin Gaynor <Cincydeck.fence@outlook.com>
To: Warren Parad <wparad@rhosys.ch>, Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de>
CC: oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Call for Adoption - AS Issuer Identifier in Authorization Response
Thread-Index: AQHWzWDMCpPY6CH3+kaqX/V3Aj3W0KntjhmAgAAEKoCAANRDAIAAH12AgAAOtICAADDNgIAAAF0I
Date: Wed, 9 Dec 2020 13:36:58 +0000
Message-ID: <BYAPR10MB339821563113EB3920BF6A10EECC0@BYAPR10MB3398.namprd10.prod.outlook.com>
References: <CADNypP9D1G94LuPcgczSVYL+0KyMYoAK_s3H4JZK80Bj2mJKtA@mail.gmail.com> <CAD9ie-t7OroYwPrTQtwTS3Reem9bM5PHcVZ7D_N=jSmd6O7UGw@mail.gmail.com> <CAJot-L1-dYLy_m_WZv=bEC=r0zWSdKNXBMOV6b9SD8VR-dZvJg@mail.gmail.com> <09d3639d-7d7e-9582-d728-cc223d21bcb6@hackmanit.de> <CAJot-L2FrMrxBGATVHd1DVwbqyMGoH7Dy1stP46vUVpEWrq21Q@mail.gmail.com> <7dacfb6c-4fca-5dda-8b4f-db5c8dadade1@hackmanit.de>, <CAJot-L0DC1RS+YvJH1xLnuYbSdEyr12e=CuXh3eh7oYLXhCpyA@mail.gmail.com>
In-Reply-To: <CAJot-L0DC1RS+YvJH1xLnuYbSdEyr12e=CuXh3eh7oYLXhCpyA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:71DDE18C2FA4A27B038BD958FF2528C32BE6B4103118E8BF59CDFB08BB41299A; UpperCasedChecksum:06E7856F117C275FB788E0834924008CC049F999A7462B65901E257D7DD90554; SizeAsReceived:7581; Count:44
x-tmn: [r2+U/DGB7Og/fxw6sFT0N3JwfedOjVsg6ZCevzEbGw113/hPbXDVGjhuttdenqiD]
x-ms-publictraffictype: Email
x-incomingheadercount: 44
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: d23779fe-eb51-4554-1096-08d89c4780a0
x-ms-traffictypediagnostic: MW2NAM10HT027:
x-ms-exchange-minimumurldomainage: aka.ms#3611
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fsoAFmCJ8Ek7LOP3EgwsM+QyarHyL0/TMl9OsAj/AZp8T98/0N8z+WvAbhgQHPbyRCB5stHUFHfDBpodaTkQolkvVNVJSxG3lO3dNeP0+cQIv22fMJJvhdRDiu9OQCQVSLn8BQIojaW0ldpofE71BTa00BjVUvTRYz+24v1AYl7kML5qEds0nj2DHszDIDXjPTtiZZAi7mK6MVKSevg26x5a8RNOn93sfXBoTEMFMJhhCNfzQBusn/qrXQkSGlyX
x-ms-exchange-antispam-messagedata: TYjRO3A8jmWo1z0/2gMlDYa7UZn2R9o9i9XA6tK2wCxe2V6f/nIT/UIM3XqcQG5yeZLZdclQYD+XIdjiXCT7jsS0O/OGcJTp1y+p8T5Iyc1atgb8/B9zhCXvRx1Jd9ehdzXyrmE8DQJ2SMV4XoUdB8K4+0mcBEbdr/aX5eEJMDlAQJtM84feL1PzAtoYhhlL3WRBdkdiYFIfFnnIFH73tA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BYAPR10MB339821563113EB3920BF6A10EECC0BYAPR10MB3398namp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-AuthSource: MW2NAM10FT024.eop-nam10.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: d23779fe-eb51-4554-1096-08d89c4780a0
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2020 13:36:58.3961 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2NAM10HT027
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/oag8MNHVngJdXg1zxEnkKKmrGMA>
Subject: Re: [OAUTH-WG] Call for Adoption - AS Issuer Identifier in Authorization Response
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Dec 2020 13:37:10 -0000

Whaybdo I keep getting these messages and how did you hack my email

Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: OAuth <oauth-bounces@ietf.org> on behalf of Warren Parad <wparad@rhosys.ch>
Sent: Wednesday, December 9, 2020 8:34:53 AM
To: Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de>
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for Adoption - AS Issuer Identifier in Authorization Response

Since there is a potentially valid TLS case, let's shelve the non-TLS case without the precondition. I agree a MITM attack on the authorization code is a legitimate case which would be mitigated by resolving the ISS parameter to determine the valid token endpoint. I would suggest to improve the language in the Introduction to specifically indicate this as a solution to the authorization code interception. (It wasn't clear to me before this conversation that it helped solved that problem)

So +1

On Wed, Dec 9, 2020, 11:40 Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de<mailto:karsten.meyerzuselhausen@hackmanit.de>> wrote:

The attacker being able to manipulate the first request is an additional precondition for the mix-up attack variant we used as an example. The precondition is based on the attacker A2 defined in section 3<https://tools.ietf.org/html/draft-ietf-oauth-security-topics-16#section-3> of the security BCP.

There are other mix-up variants which work without this precondition. One variant is described in the security BCP<https://tools.ietf.org/html/draft-ietf-oauth-security-topics-16#section-4.4.1>.1>, for example:

*Mix-Up Without Interception*: A variant of the above attack works
      even if the first request/response pair cannot be intercepted, for
      example, because TLS is used to protect these messages: Here, it
      is assumed that the user wants to start the grant using A-AS (and
      not H-AS, see Attacker A1).  After the client redirected the user
      to the authorization endpoint at A-AS, the attacker immediately
      redirects the user to H-AS (changing the client ID to "7ZGZldHQ").
      Note that a vigilant user might at this point detect that she
      intended to use A-AS instead of H-AS.


On 09.12.2020 10:47, Warren Parad wrote:
Okay, it wasn't clear that the user agent was required to be compromised for this to be a problem. Here's where it breaks down for me, if the attacker can manipulate the first request, why would they not be able to manipulate the AS where the Auth Response code is sent?  Unless we can guarantee there is an attack surface that would only affect the authorization request AS selection and not the auth response, the solution the draft lacks purpose for me.


[https://lh6.googleusercontent.com/DNiDx1QGIrSqMPKDN1oKevxYuyVRXsqhXdfZOsW56Rf2A74mUKbAPtrJSNw4qynkSjoltWkPYdBhaZJg1BO45YOc1xs6r9KJ1fYsNHogY-nh6hjuIm9GCeBRRzrSc8kWcUSNtuA]

Warren Parad

Founder, CTO

Secure your user data and complete your authorization architecture. Implement Authress<https://bit.ly/37SSO1p>.


On Wed, Dec 9, 2020 at 8:55 AM Karsten Meyer zu Selhausen <karsten.meyerzuselhausen@hackmanit.de<mailto:karsten.meyerzuselhausen@hackmanit.de>> wrote:

Hi Warren,

I think there is some misunderstanding on how mix-up attacks work. I will try to clear things up.

Have a look at the following mix-up attack example (slide 4<https://datatracker.ietf.org/meeting/interim-2020-oauth-17/materials/slides-interim-2020-oauth-17-sessa-as-issuer-identifier-in-authorization-response-00#page=4> from the interim meeting):

[X]

I marked the important parts:

  *   In step 1 the client stores the attacker's AS (A-AS) as the selected AS.
  *   Step 5: The authorization response is issued by the honest (= not compromised) AS, not by the attacker's AS. The H-AS will use its own correct issuer identifier as the value for the AS parameter.
     *   In a mix-up attack the attacker cannot directly influence the value of the iss parameter in the authorization response as it is issued by the H-AS.
  *   Step 6: The client sends the token request to the token endpoint of the A-AS, because it stored the A-AS as the selected AS in step 1. This leaks the authorization code to the attacker who can use it in a code injection attack, for example.

With an iss parameter present in step 5 the client would be able to recognize that the code was issued by the H-AS, not by the A-AS. The client would be able to abort the authorization grant instead of leaking the code to the A-AS.

I hope this addresses your concerns.

Best regards,
Karsten

On 08.12.2020 20:15, Warren Parad wrote:
As an implementer on both sides of the issue I'm struggling to understand how this problem would occur. I'm finding issues with the proposed problems:

  1.  Honest AS is compromised, assuming this does happen details on why adding iss to the AS response would prevent attacks is necessary for me. In other words, how would an AS be compromised in a way that would be identifiable through the issuer value? (my ignorant assumption is that a compromised AS is compromised enough that an attacker would be able to send the correct ISS)
  2.  Attacker AS is registered. I fully support the idea that this can and will happen, however from attempting to test-implement this proposal, I can't see how the authorization would be sent to the wrong token endpoint. Since there is no information in the AS auth code response, the client must already have the knowledge of where they are going to send the token, no mix-up can be executed. I would argue, if anything, adding the ISS parameter would open a new attack surface by providing clients an opportunity to blatantly trust the ISS parameter as the honest AS and thus actually sending the code there instead of sending it to one specified in the metadata document.

My confusion is the following:

  *   Are multi AS services utilizing authorization codes in a way where there could be a mix up attack for #2.
  *   Is there a #3 that I'm missing which even in light of #1 & #2 I brought up that would still make this change valuable?

[https://lh6.googleusercontent.com/DNiDx1QGIrSqMPKDN1oKevxYuyVRXsqhXdfZOsW56Rf2A74mUKbAPtrJSNw4qynkSjoltWkPYdBhaZJg1BO45YOc1xs6r9KJ1fYsNHogY-nh6hjuIm9GCeBRRzrSc8kWcUSNtuA]

Warren Parad

Founder, CTO

Secure your user data and complete your authorization architecture. Implement Authress<https://bit.ly/37SSO1p>.


On Tue, Dec 8, 2020 at 8:01 PM Dick Hardt <dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>> wrote:
+1
[X]ᐧ

On Tue, Dec 8, 2020 at 4:51 AM Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com<mailto:rifaat.s.ietf@gmail.com>> wrote:
All,

This is a call for adoption for the following AS Issuer Identifier in Authorization Response as a WG document:
https://datatracker.ietf.org/doc/draft-meyerzuselhausen-oauth-iss-auth-resp/

Please, provide your feedback on the mailing list by Dec 22nd.

Regards,
 Rifaat & Hannes
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

--
Karsten Meyer zu Selhausen
IT Security Consultant
Phone:  +49 (0)234 / 54456499
Web:    https://hackmanit.de | IT Security Consulting, Penetration Testing, Security Training

Nehmen Sie an unserer nächsten Live Online-Schulung zur Sicherheit von OAuth und OpenID Connect am 27.01 + 28.01.2021 teil:
https://www.hackmanit.de/de/schulungen/127-live-online-schulung-single-sign-on-sicherheit-oauth-openid-connect-am-27-01-28-01-2021

Hackmanit GmbH
Universitätsstraße 60 (Exzenterhaus)
44789 Bochum

Registergericht: Amtsgericht Bochum, HRB 14896
Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. Christian Mainka, Dr. Marcus Niemietz

--
Karsten Meyer zu Selhausen
IT Security Consultant
Phone:  +49 (0)234 / 54456499
Web:    https://hackmanit.de | IT Security Consulting, Penetration Testing, Security Training

Nehmen Sie an unserer nächsten Live Online-Schulung zur Sicherheit von OAuth und OpenID Connect am 27.01 + 28.01.2021 teil:
https://www.hackmanit.de/de/schulungen/127-live-online-schulung-single-sign-on-sicherheit-oauth-openid-connect-am-27-01-28-01-2021

Hackmanit GmbH
Universitätsstraße 60 (Exzenterhaus)
44789 Bochum

Registergericht: Amtsgericht Bochum, HRB 14896
Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. Christian Mainka, Dr. Marcus Niemietz