IETF Logo Mail Archive

Re: [GNAP] RS validation of access tokens

Justin Richer <jricher@mit.edu> Wed, 23 August 2023 21:28 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 314C5C17CEA0 for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 14:28:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mit.edu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uJjcxsHSYxK7 for <txauth@ietfa.amsl.com>; Wed, 23 Aug 2023 14:28:51 -0700 (PDT)
Received: from outgoing-exchange-3.mit.edu (outgoing-exchange-3.mit.edu [18.9.28.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 426EDC17CE8A for <txauth@ietf.org>; Wed, 23 Aug 2023 14:28:51 -0700 (PDT)
Received: from w92exedge3.exchange.mit.edu (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) by outgoing-exchange-3.mit.edu (8.14.7/8.12.4) with ESMTP id 37NLShsI017208; Wed, 23 Aug 2023 17:28:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1692826125; bh=0wMw2yG1jzF2Cq1HTC46rSkMLCVyKY00cFZNY/95w1s=; h=From:Subject:Date:Message-ID:Content-Type:MIME-Version; b=lkya6A0RBx98KvoAG+PVQDOPktPfgKgF9oIaqW9HqQM5r4+zh92rNj8oMZYYBrhBk L3Swj3KgZw3zeXM/RVvzo9uYDyHLTbnFoAs2TmsqD8h3wAoNqZOJmHzVs4sdUZL879 lDOO8u6AnvcXw0hJBQMEjvyHB8tvaU2AJQl0rRTqz/XmPUgTqZye4Hlsl9KSsDFFtm F47pf6HbxiWunVPxxVh/bp0dB6VAEhaWp6lB0scoQiXfT4VpwLGjJcSPa0d/SPGKX8 jHHIqb95VklRCNFNjiB49sFvYmLE6oGYuKKTUsTJRl4fbJkrH0kiGjZZ3cwduHPoU6 4qQHlLvD6eA+g==
Received: from w92expo26.exchange.mit.edu (18.7.74.32) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Wed, 23 Aug 2023 17:27:59 -0400
Received: from oc11exhyb1.exchange.mit.edu (18.9.1.60) by w92expo26.exchange.mit.edu (18.7.74.32) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Wed, 23 Aug 2023 17:28:42 -0400
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by oc11exhyb1.exchange.mit.edu (18.9.1.60) with Microsoft SMTP Server (TLS) id 15.0.1497.48 via Frontend Transport; Wed, 23 Aug 2023 17:28:42 -0400
Received: from SN6PR01MB4446.prod.exchangelabs.com (2603:10b6:805:ea::22) by SJ0PR01MB7251.prod.exchangelabs.com (2603:10b6:a03:3e7::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6699.24; Wed, 23 Aug 2023 21:28:40 +0000
Received: from SN6PR01MB4446.prod.exchangelabs.com ([fe80::69c3:9b8a:d315:3a9c]) by SN6PR01MB4446.prod.exchangelabs.com ([fe80::69c3:9b8a:d315:3a9c%4]) with mapi id 15.20.6678.031; Wed, 23 Aug 2023 21:28:39 +0000
From: Justin Richer <jricher@mit.edu>
To: Adrian Gropper <agropper@healthurl.com>
CC: Yaron Sheffer <yaronf.ietf@gmail.com>, GNAP Mailing List <txauth@ietf.org>
Thread-Topic: [GNAP] RS validation of access tokens
Thread-Index: AQHZwdi0ZbZgwM3sfEuH5yihsGlQUa/2i4sAgAFavICAAC8egIAAKfoAgABOcgA=
Date: Wed, 23 Aug 2023 21:28:39 +0000
Message-ID: <91B6CE23-BD5E-4CF9-BE23-9B8A40D6F0B5@mit.edu>
References: <42276B6A-3792-44FD-97A5-A75F6280831A@mit.edu> <5BFDBC7F-C24D-474D-A699-BEA7DE333831@mit.edu> <D7234AF5-B9A9-4562-96A1-990CE953B609@gmail.com> <E81DA216-9E50-406B-8F51-454FF12695C9@mit.edu> <CANYRo8j6YU2p6WdqoVyNXrjWsiP8Zc9h=wRt-=PTZnQvHh-QTw@mail.gmail.com>
In-Reply-To: <CANYRo8j6YU2p6WdqoVyNXrjWsiP8Zc9h=wRt-=PTZnQvHh-QTw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mit.edu;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN6PR01MB4446:EE_|SJ0PR01MB7251:EE_
x-ms-office365-filtering-correlation-id: 02856125-0485-4a29-7660-08dba41fead3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YejPSAOKcQumocSsG3qTLVDu0G+B15KGpd6HxeVMsfsK1maj4yA6l2kZheWS/q0Lxbzr+ZEC/wd2XMVz6G+enYoXjnpCWrOCxtGbMwJHda6gHv6Ote3PjUSixqCpSgo1XjVId3K+3LGfvPD3OU9Sbhf3l7UQ1giIncLNMBA4AKoEoTBciql6W7soYgOWoNMRXG4GSjinLq7nf4s0ZkqQ4jhFUiLuAnWU4BcPl44rg7VJ9Xb8w0VFcrxutqyoDlxrsPDBjKfEFbci95rY6Pl9p0lFIxfDJ9hFpNVzYwjTWWg86WNb9a2R4VP85RVOAfqseKECAfjFsvcWuw6EMb+Nwyk8oU3C7DIlOQI5fzvCwKMvmyEAkuq3Y8DwjUouW1u1Vf732n0+fkzoUic58U2XZJNXvXB+DTkx0nZy0lx+1MIZV5SnKkBovLmRxvU7wIfBaxrht2xnwP2D9XHiqBHkdqhOyEZTmObDR9QFnsPlSKzTaAJ4kVOVpy0gRE0iiaD9VHQCmGib/Mt4TGAKho1SFIEGe5AW3XZbivSuli44H5D40YjJnM87WClYweNSesHhpupQqcxg1Zeicj643h2+0P7ODXw3wUb/hvAZvrCSB8LJ/3UR7pexd2hl8XZNklqd5i8giUy0XWb/utQbpRDvTA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR01MB4446.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(366004)(346002)(136003)(396003)(376002)(451199024)(1800799009)(186009)(2906002)(83380400001)(6506007)(166002)(53546011)(6486002)(38100700002)(5660300002)(33656002)(26005)(86362001)(38070700005)(8676002)(2616005)(4326008)(8936002)(75432002)(66446008)(6512007)(76116006)(316002)(64756008)(66556008)(54906003)(66476007)(786003)(6916009)(91956017)(966005)(122000001)(66946007)(71200400001)(478600001)(41300700001)(36756003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Gjt6CyQwtFQ2J37UgmbdR4Ld+xQJXPe25DrxdyGXuk1j/b3b/T/afggylLjN9nkl7O+gq2fGbwWvUThrUAVt+m7Nw+SYaWQVDr+CgihtIn2+ZZwl4dpyiMLDBcrqqmGH3/LRdDCfUodenEgOLQwN+Qv/FSPaSLqzrNFZsgz82yllpuPyybqaTLCUXIiuZ+RKrfcD7BPG4T9R69siT6HgmPUwCCLgmRAmeYhenjTp2/8adCIJvMa1rUnn6pdmTJ9O9qYrsk6LJMkaExmmOdD6SP/SISG6qM8+3gcl0CHBj5S7wPuXk66IoUI9R61zlJomPpsYtIOY0/dyZVpdm6hpOKJ2iLaaIm2TQz8qmz4VryFvIqA6aGCZu+ySd0JQPDQ/699GGeemPx86WKZICym1wftPMyPHQGtZZtwlfGfGH4UdISpMczGfr67FDNP047Vmi45X9FwKJf+Oxvw9IHMnGAA4jNCAtcixB5J3wlFYTEB3UKsdL/w/MtThLTWVfwqyAovKWZZ7tjZPbZ4WVYRgD8MvDgwh+59s9BAZLfKxdkupG0VoKD2JegnI8jn38s8DkELvU69UgfTqI/0E0+6CFDIUneP/t7XXmcXKENUlFe+K4kgOP3H2gimIlOd+E0Kb25SB/iJmJWsmPhAAQPjrFEV3IE0nArq8FW2P3BiV9qlEal4TrFCazGkcZRaDhgCW4f3UyF7w9NJjTGdygchgaT1jC73Q1bySnGjaoPShyWZqc7D4Qxq7dTW2XSxQbl0hextkFDcRa6TY9WYOWJvuRTmaX+pJlcwbWQNrOIXSGsqvWaK7/okg8Zzx5dpkZLkHJfrPDbZrEQgzRSaugbS0bL8orfzybQguzrxYGbgoY2yLPQkzmZ2cHFlZ8TfSL2nUkrkjNcAbNPlUQC611Rgw0VYoqxYeXZYHbK9kABTUDIZF4emCAaWyDFlit1Y85Mi+mLlBlCy8lD4K6akBgt5W/s+g21WqErwX4t1+IUj5srVZZUNq1F5Pegqfd9djpKxBmzIAnjpMgYCj73R0HvzI7CjRpeAxJF224HznsL78/886u207oHwBLGxLmte5AfH3O5Ff2/Yc3SeQKqodTfKWnDELwMKhGhDGaqpb0iaoQgO8xlStK4VK6PM0seSEIgFFy/Swh7z4h10MobIk9psXtirELfuMxO3iMJt2WssEEpYhF6QDqkxv9KozAQx/LQu75cte2EeWlyzXynZy2vp5Megv812vJWZuS1DiJVrH5XoQ6Eh2kPD/U5j07xb9PqC3QFxN2WyGC42xxuwaqqEtpJC7XsaHYS4iagyNx8UdkC83hztkRtzeYqNrjfhinGnjvvbpCP5NnqjUVL7ohvPRhhe1uks2Hb8S/rhmoIWXP+ymS8V434mMOC60ygU/alVypdF8nI3PhqJO0vJOSApQ0wmqBh7A/7Kgcmp1yOjN39clEn8CA/fy6E6N5f0wXGi0pjX1OCTIMGwtEut1whKVuczXjSeR1SmdRvOHLOpqDx2DzhuRDixqwRzlQyNRrUyfXm4CKJLPBaYFvdw8L5agaJbCi7505170fRgwGoRtM3hAZjvyP6TxX0l2tUR24vTp
Content-Type: multipart/alternative; boundary="_000_91B6CE23BD5E4CF9BE239B8A40D6F0B5mitedu_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR01MB4446.prod.exchangelabs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 02856125-0485-4a29-7660-08dba41fead3
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2023 21:28:39.3651 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2mXpTnOTAePxh7SZ7QAKcL6BRo/xs/npr3RN2TB66WG+/d+XmUtGxocNe76jCkbE
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB7251
X-OriginatorOrg: mit.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/sdt5uxVVgztikpUJae5QHjPfIAY>
Subject: Re: [GNAP] RS validation of access tokens
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Aug 2023 21:28:56 -0000

Any key provided would be used to present the access token. A key used to decrypt the resource by the client would need to be some kind of api-specific extension for it to be provided. You could use the same key structures, or even declare as part of your API that it uses the same keys, but GNAP does not provide a mechanism for that kind of information on its own because it’s specific to the resource being protected.

 — Justin

On Aug 23, 2023, at 5:47 PM, Adrian Gropper <agropper@healthurl.com> wrote:

Apologies for not completely understanding the issue and this may be a dumb question.

In our use-case, the resource is typically encrypted at rest. Whatever interaction there is between the CI and AS, does GNAP specifiy how the AS can provide a key to the CI?

Thanks,
Adrian

On Wed, Aug 23, 2023 at 10:19 AM Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:
I had a similar conversation with the researchers. The feature is there largely for symmetric keys, but it’s possible that the AS could provide a key pair back to the client in this field to use asymmetric crypto.

My personal take, as an implementor, is that we can address this with warnings about its intended use, and with a full discussion about the tradeoffs and increased attack surfaces it’s not really relevant whether it’s a symmetric key or an asymmetric one.

Another possible response is to remove the AS-provided key feature entirely and relegate it to an extension. That’s a more drastic change at this stage, of course. I don’t have a good insight into how much this particular feature is used in the wild.

 — Justin

On Aug 23, 2023, at 12:28 PM, Yaron Sheffer <yaronf.ietf@gmail.com<mailto:yaronf.ietf@gmail.com>> wrote:

Hi Justin,

Thank you for clarifying this attack with the researchers.

Regarding your first bullet, I went back to the core protocol and I’m wondering why we allow a key to be included in the Grant Response. The document does not shed any light on use cases for this feature. If this is only useful for symmetric keys (is it?), we could restrict it explicitly to this particular case in order to reduce the attack surface. It is not too late to tweak the protocol if this would improve its security.

Thanks,
                Yaron

From: TXAuth <txauth-bounces@ietf.org<mailto:txauth-bounces@ietf.org>> on behalf of Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>>
Date: Tuesday, 22 August 2023 at 17:49
To: GNAP Mailing List <txauth@ietf.org<mailto:txauth@ietf.org>>
Subject: Re: [GNAP] RS validation of access tokens

This issue was discussed today at the OAuth Security Workshop, I was in attendance along with three of the researchers who had proposed the issue into GitHub. Fundamentally, we came to the understanding that the security property being modeled under attack was not fundamental to GNAP, but it does warrant a reasonable set of warnings for implementors to avoid accidentally stumbling into it.

The proposed outcome is to write or clarify three main points:

- Call out more clearly that a token with an AS-provided key has some of the same attack surfaces as a bearer token. While such a token could not be used directly by the RS, it can be captured and replayed to an unwitting client application by an attacker, with the key intact. Warnings against using and accepting AS-provided keys will be written up. Currently the feature will remain in the core specification with these warnings in the RS draft, though this may warrant a specific cross reference added to core.

- As proposed in the issue below by Yaron, a new section will be written in the RS draft describing the importance of AS choice for token validation and acceptance.

- A new security consideration section in the RS draft that discusses the token substitution attack, the circumstances under which it can occur, and the tradeoffs for those circumstances.


If you have input into any of these items, please suggest text that might help.

Thank you,
 — Justin




On Jul 29, 2023, at 5:54 AM, Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote:

As discussed in the meeting today, the following issue raises a question on the security properties of the RS processing tokens during a specific kind of attack:

https://github.com/ietf-wg-gnap/gnap-resource-servers/issues/56

While the editors believe that this can be addressed sufficiently with a security consideration, the conversation in the room indicated that there is further discussion that needs to be had first. The editors and chairs are planning to reach out to the research team that filed the issue for clarification. With the OAuth Security Workshop coming up, this might prove a good opportunity to discuss the issue with the security and research community. The editors will bring the results of those discussions back to the list.

If you have something to add to the attack and model as described, please add to the discussion on the GitHub issue.

 — Justin
--
TXAuth mailing list
TXAuth@ietf.org<mailto:TXAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/txauth

-- TXAuth mailing list TXAuth@ietf.org<mailto:TXAuth@ietf.org> https://www.ietf.org/mailman/listinfo/txauth

--
TXAuth mailing list
TXAuth@ietf.org<mailto:TXAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/txauth

v2.23.0 | Report a Bug | By Email