Exploring Alternatives to JSON Web Tokens (JWT)

Transcript

1. Exploring Alternatives to JSON Web Tokens (JWT) — Talk 21st

   November, 2018 Wesley Hill Burrows CGI @hakobyte 1

2. Agenda — Explanation of JWTs and their security implications —

   Compare and contrast alternatives to JWT — Which of these alternative tokens should you use 2

3. eyJhbGciOiJIUzI1NiIsInR5c... <- JWT 3

4. JWT — JSON Web Tokens JSON Web Tokens (JWT) is

   a token format (RFC 7519) to securely send information between two parties. JWT’s can be signed (RFC 7515) or encrypted (RFC 7515) and it forms part of the JavaScript Object Signing and Encryption (JOSE) standard. — A JWT is JSON data that is cryptographically signed 4

5. JWT — JSON Web Tokens Algorithm Header (alg) + {

   "sub": "1234567890", "name": "John Doe", "admin": true } + Signature (e.g HMAC, RSA, ...) 5

6. JWT usecases — For verifying data that has not been

   modified — Situations where they are used only once and the tokens expire very quickly — Tempoary download links — Password reset mechanism 6

7. JWT pitfalls — JWT's on their own are not encrypted

   7

8. JWT pitfalls — JWT's on their own are not encrypted

   — Cannot invalidate individual JWT tokens 8

9. JWT pitfalls — JWT's on their own are not encrypted

   — Cannot invalidate JWT tokens — Flaws in the JOSE standard 9

10. JWT pitfalls — JWT's on their own are not encrypted

    — Cannot invalidate JWT tokens — Flaws in the JOSE standard — "Algorithm Header Agility" - Giving developer the choice of cipher algorithm to use, easy to misuse and is very error prone 10

11. JWT pitfalls: Algorithm Header Agility { "alg": "none" } 11

12. JWT pitfalls: Algorithm Header Agility { "alg": "none" } ???

    No Way, JOSE! Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid - Scott Arciszewski (@CiPHPerCoder) 12

13. Alternatives to JWT / JOSE PASETO Branca Macaroons 13

14. PASETO — Platform Agnostic SEcurity TOkens — Versioned Protocols over

    'Algorithm Agility' — Paseto has two versions (v1 (for compatability) and v2 is recommended): — Paseto has two 'purposes': — local - Symmetric Encryption — public - Asymmetric Encryption — github.com/o1egl/paseto - Go Implementation 14

15. Branca — Based on Fernet tokens (Developed by Heroku) Branca

    is a modernised version of Fernet — Uses modern crypto algorithms. XChaCha20-Poly1305 over AES-CBC (Fernet) — Tokens are encrypted and authenticated by default (AEAD) — Payload is not specified, allows payload customisation The difference between Branca and JWT is the encryption scheme used and that the token is encrypted and also authenticated. This means modification of any part of the token it will be detected. Lastly the payload format is not specified so you can customise the payload of a branca token 15

16. Branca github.com/hako/branca - Go Implementation b := branca.NewBranca("supersecretkeyyoushouldnotcommit") // Must

    be 32 bytes long // Encode String to Branca Token. token, err := b.EncodeToString("Hello world!") if err != nil { fmt.Println(err) } fmt.Println(token) // 87y8da.... // Decode Branca Token. message, err := b.DecodeToString(token) if err != nil { fmt.Println(err) // token is expired. return } fmt.Println(message) // Hello world! 16

17. Macaroons — Macaroons are a token made by Google —

    Similar to signed cookies but are designed to delegate authorization data with the use of (First Party or Third Party) caveats — First Party - deals with access of resources, read write and validity restrictions — Third Party - deals with external restrictions — Macaroons can be used in situations in keeping a user authenticated in cross domain situations such as different subdomains. 17

18. Macaroons — github.com/go-macaroon/macaroon - Go Implementation — Macaroons Paper1 —

    Macaroons 101 - Intro to Macaroons by Evan Cordell2 — macaroons.io - Macaroons Playground 2 Macaroons 101: Contextual Confinement Elegent authorization, for a more civilized age 1 Birgisson, A., et.al (2014). Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud. 18

19. Comparison Matrix JWT PASETO Branca Macaroons Token Mitigates Algorithm Agility

    ❌ ✅ ✅ ✅ Digital Signatures (Public-Private Keys) ✅ ✅ v1 & v2 public ❌ ❌ Authenticated ✅ ✅ v1 & v2 local ✅ ✅ Encrypted ❌ not without JWE ✅ v1 & v2 local ✅ ❌ Standardised ✅ ❌ ❌ ❌ Expiration ✅ ✅ v1 & v2 local ✅ ✅ 19

20. Which alternative token should I use? — Use Branca if

    you want a simpler version of PASETO with no digital signatures — Branca & PASETO (v2.local) are the same — Micro Technologies (makers of go-micro) uses Branca for API keys in it's enterprise offering — Use Macaroons in the usecase of delegating authorization, although an alternative to JWT, it may be overkill for a simple usecase — HyperDex uses Macaroons for authorization — Use PASETO if you want a secure and robust replacement to JWT — PASETO's versioned protocols are designed to be safer than JWT, making it unlikely for developers to use PASETO insecurely 20

21. Questions? 21

22. Thanks twitter: @hakobyte github: @hako 22

23. Appendix: PASETO Token format: version.purpose.payload Serialised PASETO token: (e.g v2)

    v2.local.QAxIpVe-ECVNI1z4xQbm_qQYomy... 23

24. Appendix: Branca Token format: Version (1B) | Timestamp (4B) |

    Nonce (24B) | Ciphertext (*B) | Tag (16B) Serialised Branca token: 87y8daMzSkn7PA7JsvrTT0JUq1OhCjw9K8w2eyY... 24

25. Appendix: Macaroons Token format: location https://example.com identifier 123456789 signature 6e104669a...

    Serialised Macaroon token: MDAyMWxvY2F0aW9uIGh0dHBzOi8v... 25

26. Appendix: Links - JWT jwt.io - JWT site Introduction to

    JWT - Introduction to JWT Stop using JWT for sessions - joepie91's post on JWT in the context of sessions 26

27. Appendix: Links - PASETO paseto.io - PASETO site github.com/paragonie/paseto -

    PASETO Specification 27

28. Appendix: Links - Branca branca.io - Branca site github.com/tuupola/branca-spec -

    Branca Specification Branca as an Alternative to JWT? - Post by the creator of Branca, Mika Tuupola 28

29. Appendix: Links - Macaroons macaroons.io - Macaroons site Macaroons Paper

    - Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud Macaroons 101 - Lovely introduction to Macaroons by Evan Cordell 29