IETF Logo Mail Archive

Re: [GNAP] RS validation of access tokens

Justin Richer <jricher@mit.edu> Wed, 23 August 2023 14:18 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49F7DC15108F for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 07:18:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BWFNuWq3dtSL for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 07:18:52 -0700 (PDT)
Received: from outgoing-exchange-5.mit.edu (outgoing-exchange-5.mit.edu [18.9.28.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37938C151091 for <txauth@ietf.org>; Wed, 23 Aug 2023 07:17:42 -0700 (PDT)
Received: from oc11exedge1.exchange.mit.edu (OC11EXEDGE1.EXCHANGE.MIT.EDU [18.9.3.17]) by outgoing-exchange-5.mit.edu (8.14.7/8.12.4) with ESMTP id 37NEHdQM016693; Wed, 23 Aug 2023 10:17:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1692800260; bh=alAGvmWmiJCzvAkTp0cdPQEzEqRUFVhL5poQPBrZtxE=; h=From:Subject:Date:Message-ID:Content-Type:MIME-Version; b=LeHFx4/0kOTtBy3co5xufOkz/n00+N57kPBbFPbVh0U7va3+pLk4WW7aaneSGHnO4 oIXPbXMH8RfSysPXDGG06Kw6LIQQ+6esJTrWDf0yOifb5bkFFyY75WEsrHvZwJKPfd Sn/LNIIq1VPNms6a7mnK3bh4RCAM7ghst82STBjtEkyQt5e7JZTXaNlGYZ52GNKXZz gxW4AHtsxJjQfhRLYncjy5DehCLly5/WMfdKx9n/1CAvtCVG9SEjtmTMAGZ8RljujC YFvgw7S2WEvVQnibKq/Q9C5kHXSy/BJ9iv1gG0DZFvJ/KH7eDjy5f5gJeW8EIsn/FS 1jEXfhY/gidnw==
Received: from w92expo10.exchange.mit.edu (18.7.74.64) by oc11exedge1.exchange.mit.edu (18.9.3.17) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 23 Aug 2023 10:17:02 -0400
Received: from oc11exhyb8.exchange.mit.edu (18.9.1.113) by w92expo10.exchange.mit.edu (18.7.74.64) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Wed, 23 Aug 2023 10:17:39 -0400
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.176) by oc11exhyb8.exchange.mit.edu (18.9.1.113) with Microsoft SMTP Server (TLS) id 15.0.1497.48 via Frontend Transport; Wed, 23 Aug 2023 10:17:39 -0400
Received: from DM6PR01MB4444.prod.exchangelabs.com (2603:10b6:5:78::15) by BL3PR01MB6884.prod.exchangelabs.com (2603:10b6:208:357::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.26; Wed, 23 Aug 2023 14:17:37 +0000
Received: from DM6PR01MB4444.prod.exchangelabs.com ([fe80::7fe8:9de9:e874:3835]) by DM6PR01MB4444.prod.exchangelabs.com ([fe80::7fe8:9de9:e874:3835%4]) with mapi id 15.20.6678.031; Wed, 23 Aug 2023 14:17:37 +0000
From: Justin Richer <jricher@mit.edu>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
CC: GNAP Mailing List <txauth@ietf.org>
Thread-Topic: [GNAP] RS validation of access tokens
Thread-Index: AQHZwdi0ZbZgwM3sfEuH5yihsGlQUa/2i4sAgAFavICAAC8egA==
Date: Wed, 23 Aug 2023 14:17:37 +0000
Message-ID: <E81DA216-9E50-406B-8F51-454FF12695C9@mit.edu>
References: <42276B6A-3792-44FD-97A5-A75F6280831A@mit.edu> <5BFDBC7F-C24D-474D-A699-BEA7DE333831@mit.edu> <D7234AF5-B9A9-4562-96A1-990CE953B609@gmail.com>
In-Reply-To: <D7234AF5-B9A9-4562-96A1-990CE953B609@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR01MB4444:EE_|BL3PR01MB6884:EE_
x-ms-office365-filtering-correlation-id: 88457c59-b734-42da-4c61-08dba3e3b402
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Z+hzQISeaUVzqePzSAHjughWdYPNFhtPky+RDEb0M7ND9lB0QQX9El1Wa+ucGnLZK/6f43AV4yyJSHRqhdyi26HKTUZl4FUCSPr0S3fkGDDERPAzntABzWzRm1aRWojr8uMAVZMRhDhrOOM21QP6gZNMMHOTH/BfjLwaJAojmhgZ8IWqShICYvEZ611R5vD/JDK1+Nb29CkK8b6+s9FkA5L1vSmCUhZDKqHQ/DissidMFaD6HePlU8eqzaahzFrcbulrzSYOcT7JvduAsfENhypBB3l6wNcgKHycO+OkN7N+fyAFcKvJdDWn2uRs7qCIh2yhVHc+RJOCapfMDukpoBG3K2zssG0PkE2amGkTl45DWqdew5qCMuQ0/xJ4m8FKn7C/Pb+vYh6aDn1gzfraVr8g88QEP5T6XhJInUz7MZgQw1Zw0DK0yQWX9a1fr0soe7IC5bOtlHckXlWXW8LGi/tOHozaWtZrS0GFwaFJ0Mq73UJkOrwoDdgsQLMvVHlGrOjLq2PuLSZaju+dwU1PEH90RjSe0/EgZ54Dg4HsmC+VSQ2L8ug++Bkqf3XTfxCjCqTxJVLXdkn9b+disrCINAsGBYDv35vF3Zv49E8OOtCKBMGk13RAsvZSnFiabjE7LNt9ghgM8iYzI4cN6UayQPQd+KD6z89b5V97tgi6TUuH0aXWtmiMmc3da9ZBWAp7
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR01MB4444.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(346002)(366004)(396003)(136003)(39860400002)(451199024)(186009)(1800799009)(83380400001)(166002)(75432002)(2906002)(66446008)(71200400001)(64756008)(6916009)(316002)(786003)(6486002)(6506007)(66556008)(66476007)(53546011)(91956017)(76116006)(66946007)(966005)(478600001)(86362001)(33656002)(36756003)(5660300002)(26005)(2616005)(38100700002)(41300700001)(6512007)(122000001)(38070700005)(8676002)(8936002)(4326008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: srbO06oG+elzcl5mgKpq4lxAad/74SZjuuerwl8qtGwY/m0ltYwDihjWhiBpPyAQxf4K8jh+yTFMglxWsmjBuxNcTPZl9VN07AZe51M1VYvYgB5TPY6rpmcJeUnDrevMb6xQ+tNXwS8Bw58X7+DW5K25A4n251ufPWv6+9B5ZLEU26qVqtvWj1QqoqZZ7Pmqvmm9Wx6eXMwK4IulPF+IYIScI4lY13HupcgXBAd2aEOLIJbmDTCsJdJo3By0DyDeDqH/wkbJl+oJ/NvE/qCrLIZ4vWu+qaI1lKIyK3TtXVJfZEMTe7NQf3Vlx+rP8WEU2YBRVJVyY4Q2NdHfcUQy5XXHMkGajYZ/pVDRuaWq4h2frPqXXMdGHLHBQaAeuMLMZKtI7RPNhotSjMLKvgZcBHC8g+L0nlYwYgKQjjEXU+MYk11Z9n/vSsxj/k85f4aBCQyMq6B2lGxr8WPaOOiL+9Nm+sFnZ0llp/mpxDET0LJye8IrddxbJ1fRC79c06zTZOcaC8Fm3+I6lnJvaD4NnSQx3xX/QbmaHJXbyZj6hKn1Di5io8wTMOKpM3cGWTHlsZ9/Dk7bbutQXC1gQKy+M2T/QE4f4jwBslfM1WD9Tn9Y3Yu1ofkdo/gLvCGkm0pcrYEuXLSMdCMmYTWU9aVA2qIo47SfkyD33wmFoUGpM3YfQRFkYSZS3+TexcIpAhPJ39UsM6tcnvsAvQe9+VO0H1gJzazizhv1KcKroLjK/rkdfK5AyNlNimGBHwxJQa6zOtQA+97Xcyn/rQ7xkBsrYm/OsKANlIk3+Cj8zV1NSQNNyK+w2pdwuVHdZwt29p9yV+XQu9iKP86dfLgz+SjB+oCouO8vq0Xxv51Nqj3puyfP8RyeRBrPkkBdmw/hv7FX5wrSl9PNcBI2JH/zoeuofFaqZ6nSrGFpxu0UNBJwUJgNF8CdQnOlNNpICFz2JdZybaBfFKM7FqEm8S0prJsF6rjOtGMU7nB+qLQNbc3WS4btu2F/C+xks9dN3EUa10D37IaY3PIEjVEpziNia8LJfl57D82MkhU63MNyFz3OtSqFrLsR7PYzUubaKYCBdHChlKHsqUMRQDWn84PDOtcGnstIqnGte176WJ+ZTa7lQsZ916MRqPVzjUNOshENS8d2NcS9/oZlUDAzqE/W+00JDwP2H0vn//Yfl5p8B0okNyR/HRfr1dfIxSmCvkzUwIPLavEHat4h7gfuCmlGqtx9iExVK/eoFMQFp9E7+jLjhZTex5LASC2zkbe2T5JZCgx/P3UnywZXn5QRBmRb44kbiJMpyTChHabBi0i9vWADRnjre7V7D/W7ikdcNDNMdrwGyz+hEAj1yJ3cprFJDVaOuVZ0Amm4KqiRG+J1KtNhrnnwv2mo+r6ULw5bL1nz8mVZmG3fcK09FBO5o7RUfiEUUV2lwIa2Gh28+McYCEPZejlmuOrOjkmQbp05NaQ+LPC5ke7jLUqb8ByVx6HQbTnjU+rav01+ylpimHRZZZjail7tKt93sWNJy7P+ob+AgPOqB9Yvg1E/sOL90ylTNDBkzxlXBydWpkJISMlpx1+EDnL2qaq72sYF3aemxjQfroww
Content-Type: multipart/alternative; boundary="_000_E81DA2169E50406B8F51454FF12695C9mitedu_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR01MB4444.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 88457c59-b734-42da-4c61-08dba3e3b402
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2023 14:17:37.5761 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: f0mkE1NffWXM03P+teQgxBD0ONVnkIjScBQZw75mYJGNKBlbUIVOLNBV4fY4Yd4z
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR01MB6884
X-OriginatorOrg: mit.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/-skVnmcuB7lA_ucR_K19pcRBAgA>
Subject: Re: [GNAP] RS validation of access tokens
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2023 14:18:57 -0000

I had a similar conversation with the researchers. The feature is there largely for symmetric keys, but it’s possible that the AS could provide a key pair back to the client in this field to use asymmetric crypto.

My personal take, as an implementor, is that we can address this with warnings about its intended use, and with a full discussion about the tradeoffs and increased attack surfaces it’s not really relevant whether it’s a symmetric key or an asymmetric one.

Another possible response is to remove the AS-provided key feature entirely and relegate it to an extension. That’s a more drastic change at this stage, of course. I don’t have a good insight into how much this particular feature is used in the wild.

 — Justin

On Aug 23, 2023, at 12:28 PM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:

Hi Justin,

Thank you for clarifying this attack with the researchers.

Regarding your first bullet, I went back to the core protocol and I’m wondering why we allow a key to be included in the Grant Response. The document does not shed any light on use cases for this feature. If this is only useful for symmetric keys (is it?), we could restrict it explicitly to this particular case in order to reduce the attack surface. It is not too late to tweak the protocol if this would improve its security.

Thanks,
                Yaron

From: TXAuth <txauth-bounces@ietf.org> on behalf of Justin Richer <jricher@mit.edu>
Date: Tuesday, 22 August 2023 at 17:49
To: GNAP Mailing List <txauth@ietf.org>
Subject: Re: [GNAP] RS validation of access tokens

This issue was discussed today at the OAuth Security Workshop, I was in attendance along with three of the researchers who had proposed the issue into GitHub. Fundamentally, we came to the understanding that the security property being modeled under attack was not fundamental to GNAP, but it does warrant a reasonable set of warnings for implementors to avoid accidentally stumbling into it.

The proposed outcome is to write or clarify three main points:

- Call out more clearly that a token with an AS-provided key has some of the same attack surfaces as a bearer token. While such a token could not be used directly by the RS, it can be captured and replayed to an unwitting client application by an attacker, with the key intact. Warnings against using and accepting AS-provided keys will be written up. Currently the feature will remain in the core specification with these warnings in the RS draft, though this may warrant a specific cross reference added to core.

- As proposed in the issue below by Yaron, a new section will be written in the RS draft describing the importance of AS choice for token validation and acceptance.

- A new security consideration section in the RS draft that discusses the token substitution attack, the circumstances under which it can occur, and the tradeoffs for those circumstances.


If you have input into any of these items, please suggest text that might help.

Thank you,
 — Justin




On Jul 29, 2023, at 5:54 AM, Justin Richer <jricher@mit.edu> wrote:

As discussed in the meeting today, the following issue raises a question on the security properties of the RS processing tokens during a specific kind of attack:

https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/56

While the editors believe that this can be addressed sufficiently with a security consideration, the conversation in the room indicated that there is further discussion that needs to be had first. The editors and chairs are planning to reach out to the research team that filed the issue for clarification. With the OAuth Security Workshop coming up, this might prove a good opportunity to discuss the issue with the security and research community. The editors will bring the results of those discussions back to the list.

If you have something to add to the attack and model as described, please add to the discussion on the GitHub issue.

 — Justin
--
TXAuth mailing list
TXAuth@ietf.org
https://www.ietf.org/mailman/listinfo/txauth

-- TXAuth mailing list TXAuth@ietf.org https://www.ietf.org/mailman/listinfo/txauth

v2.23.0 | Report a Bug | By Email