IETF Logo Mail Archive

Re: [GNAP] RS validation of access tokens

Adrian Gropper <agropper@healthurl.com> Wed, 23 August 2023 16:47 UTC

Return-Path: <agropper@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AD2BC14CF05 for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 09:47:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.406
X-Spam-Level:
X-Spam-Status: No, score=-1.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QRiGeh9RwUFL for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 09:47:58 -0700 (PDT)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 041E9C151524 for <txauth@ietf.org>; Wed, 23 Aug 2023 09:47:57 -0700 (PDT)
Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-3fee5ddc23eso43233725e9.1 for <txauth@ietf.org>; Wed, 23 Aug 2023 09:47:57 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692809276; x=1693414076; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ehGln4gLvIJ9RcEIU4uUiXQH7ruX5oM+M3u9WZsYafc=; b=AkpalLldCBEtS7fyyWmGiKZQOGOKW9Lw/QWxcJSgnEQdMOQu7o8p9dzRU+pDK8g8Go WDN3lFPKY6/kG1Z8RxXY4xpndykGN3VEcfRWo5rGqJXUJ0qEhOFgFfTHNfovgy+raXHA lTXF+GO967hKaiXc3ac9fCfHlBUJ3Fxw8TVYH+FxdiPEAx4wC8+rH0QrhToJLvuDJIET +Fc2nfkacl8wY4uwbOoiDI1t/Q1EAuHHuXIwHoqKKlp4+Vgwk3hts2gtvFm70FnRIUpc T715NokFeIgG2DgKWs6GkF1qLtkuAYV5hPkPGs9+2x1oq5SE+v9IzasGRk2Krde56MHz uQ3g==
X-Gm-Message-State: AOJu0Yzn5v8yFVzQddHzFtMddZeJCNtlHPDIM9E5dmXn/37owwnozrNT s8eba+0EgKr0PV2/R8MQZOV7tclIO+L//kUpF5M=
X-Google-Smtp-Source: AGHT+IEOPaAhRYQdqa/RmY6wS7RZHWGhMqhUDsZYnTNLdfBMzJZPz37C4C/QTrr6ntlBrAwiLlPz+SmqcwXlAtGZbOY=
X-Received: by 2002:adf:e886:0:b0:313:ea84:147a with SMTP id d6-20020adfe886000000b00313ea84147amr9504261wrm.64.1692809275934; Wed, 23 Aug 2023 09:47:55 -0700 (PDT)
MIME-Version: 1.0
References: <42276B6A-3792-44FD-97A5-A75F6280831A@mit.edu> <5BFDBC7F-C24D-474D-A699-BEA7DE333831@mit.edu> <D7234AF5-B9A9-4562-96A1-990CE953B609@gmail.com> <E81DA216-9E50-406B-8F51-454FF12695C9@mit.edu>
In-Reply-To: <E81DA216-9E50-406B-8F51-454FF12695C9@mit.edu>
From: Adrian Gropper <agropper@healthurl.com>
Date: Wed, 23 Aug 2023 12:47:42 -0400
Message-ID: <CANYRo8j6YU2p6WdqoVyNXrjWsiP8Zc9h=wRt-=PTZnQvHh-QTw@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, GNAP Mailing List <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009090a3060399dffd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/e2JDNsLffLMQ2MbIRnZX47iqQ28>
Subject: Re: [GNAP] RS validation of access tokens
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2023 16:47:59 -0000

Apologies for not completely understanding the issue and this may be a dumb
question.

In our use-case, the resource is typically encrypted at rest. Whatever
interaction there is between the CI and AS, does GNAP specifiy how the AS
can provide a key to the CI?

Thanks,
Adrian

On Wed, Aug 23, 2023 at 10:19 AM Justin Richer <jricher@mit.edu> wrote:

> I had a similar conversation with the researchers. The feature is there
> largely for symmetric keys, but it’s possible that the AS could provide a
> key pair back to the client in this field to use asymmetric crypto.
>
> My personal take, as an implementor, is that we can address this with
> warnings about its intended use, and with a full discussion about the
> tradeoffs and increased attack surfaces it’s not really relevant whether
> it’s a symmetric key or an asymmetric one.
>
> Another possible response is to remove the AS-provided key feature
> entirely and relegate it to an extension. That’s a more drastic change at
> this stage, of course. I don’t have a good insight into how much this
> particular feature is used in the wild.
>
>  — Justin
>
> On Aug 23, 2023, at 12:28 PM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
>
> Hi Justin,
>
> Thank you for clarifying this attack with the researchers.
>
> Regarding your first bullet, I went back to the core protocol and I’m
> wondering why we allow a key to be included in the Grant Response. The
> document does not shed any light on use cases for this feature. If this is
> only useful for symmetric keys (is it?), we could restrict it explicitly to
> this particular case in order to reduce the attack surface. It is not too
> late to tweak the protocol if this would improve its security.
>
> Thanks,
>                 Yaron
>
> *From: *TXAuth <txauth-bounces@ietf.org> on behalf of Justin Richer <
> jricher@mit.edu>
> *Date: *Tuesday, 22 August 2023 at 17:49
> *To: *GNAP Mailing List <txauth@ietf.org>
> *Subject: *Re: [GNAP] RS validation of access tokens
>
> This issue was discussed today at the OAuth Security Workshop, I was in
> attendance along with three of the researchers who had proposed the issue
> into GitHub. Fundamentally, we came to the understanding that the security
> property being modeled under attack was not fundamental to GNAP, but it
> does warrant a reasonable set of warnings for implementors to avoid
> accidentally stumbling into it.
>
> The proposed outcome is to write or clarify three main points:
>
> - Call out more clearly that a token with an AS-provided key has some of
> the same attack surfaces as a bearer token. While such a token could not be
> used directly by the RS, it can be captured and replayed to an unwitting
> client application by an attacker, with the key intact. Warnings against
> using and accepting AS-provided keys will be written up. Currently the
> feature will remain in the core specification with these warnings in the RS
> draft, though this may warrant a specific cross reference added to core.
>
> - As proposed in the issue below by Yaron, a new section will be written
> in the RS draft describing the importance of AS choice for token validation
> and acceptance.
>
> - A new security consideration section in the RS draft that discusses the
> token substitution attack, the circumstances under which it can occur, and
> the tradeoffs for those circumstances.
>
>
> If you have input into any of these items, please suggest text that might
> help.
>
> Thank you,
>  — Justin
>
>
>
>
> On Jul 29, 2023, at 5:54 AM, Justin Richer <jricher@mit.edu> wrote:
>
> As discussed in the meeting today, the following issue raises a question
> on the security properties of the RS processing tokens during a specific
> kind of attack:
>
> https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/56
>
> While the editors believe that this can be addressed sufficiently with a
> security consideration, the conversation in the room indicated that there
> is further discussion that needs to be had first. The editors and chairs
> are planning to reach out to the research team that filed the issue for
> clarification. With the OAuth Security Workshop coming up, this might prove
> a good opportunity to discuss the issue with the security and research
> community. The editors will bring the results of those discussions back to
> the list.
>
> If you have something to add to the attack and model as described, please
> add to the discussion on the GitHub issue.
>
>  — Justin
> --
> TXAuth mailing list
> TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
>
> -- TXAuth mailing list TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>
>
> --
> TXAuth mailing list
> TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth
>

v2.23.0 | Report a Bug | By Email