JSON Web Token Authentication 
for Mobile Application

Transcript

1. JSON Web Token Authentication
 for Mobile Application Harukasan / Shunsuke

   Michii

2. Agenda • JSON Web Token (JWT) • OAuth 2.0 JWT

   Bearer Token Profile • OAuth 2.0 Client Authentication for Mobile Application • Certificate Pinning

3. JSON Web Token (JWT) ! • HTTP Header΍ΫΤϦύϥϝʔλͷΑ͏ͳαΠζʹ੍ݶ͕͋ΔྖҬͰ࢖༻ ͞ΕΔ͜ͱΛҙਤͨ͠ίϯύΫτͳΫϨʔϜදݱϑΥʔϚοτ •

   JSONΦϒδΣΫτ(จࣈྻ)ʹΤϯίʔυ͢Δ • ӳ୯ޠͷ”jot”ͱಉ͡ൃԻ͕ਪ঑͞Ε͍ͯΔ • Google, Salesforce, Yahoo JapanͰ࠾༻

4. JWE / JWS • ϖΠϩʔυͱͯ͠JWE/JWSͷ2͕ͭ͋ΓɺͦΕͧΕ࢓༷ͱͯ͠෼ׂ͞Εͨ • JSON Web Encryption (JWE):

   ίϯςϯτͷ҉߸ԽΛߦ͏ • JSON Web Segnature (JWS): ίϯςϯτͷॺ໊Λߦ͏ ! • ࢖༻ࣄྫ͕ଟ͍ͷ͸JWS • OAuth 2.0 / OpenID Connect

5. JWT format ewogICJ0eXAiOiJKV1QiLAogICJhbGciOiJIUzI1NiIKfQo .ewogICJpc3MiOiJKV1QiLAogICJzdWIiOiJIUzI1NiIsCi AgImV4cCI6MTQxMjczNTU5NiwuLi4KfQo.NWYzOGY0NmYwY jlkYWY3Mjc0OGI3MWVlNzRhMDRlMGM2ZDlkNzVmNmZkOWJm MGM3ZTViYmE3MjU3OTY4MThjZQo Header.Payload.Signature

6. The structure of JWT(JWS) • ϔομ+ϖΠϩʔυ+γάωνϟͷ3ͭͰߏ੒ • BASE64URLΤϯίʔυͨ͠จࣈྻΛ”.”Ͱ࿈݁ͨ͠จࣈྻͱͯ͠දݱ͞ΕΔ { "typ":"JWT",

   "alg":"HS256" } { "iss":"JWT", "sub":"HS256", "exp":1412735596,... } BASE64URL(HMACSHA256(
 BASE64URL(header) +
 "." + BASE64URL(payload),
 "shared_key")) Header Payload Signature ewogICJ0eXAiOiJKV1QiLAogICJh bGciOiJIUzI1NiIKfQo ewogICJpc3MiOiJKV1QiLAogICJz dWIiOiJIUzI1NiIsCiAgImV4cCI6 MTQxMjczNTU5NiwuLi4KfQo NWYzOGY0NmYwYjlkYWY3Mjc0OGI3 MWVlNzRhMDRlMGM2ZDlkNzVmNmZk OWJmMGM3ZTViYmE3MjU3OTY4MThj ZQo BASE64 URL ENCODED ewogICJ0eXAiOiJKV1QiLAogICJhbGciO iJIUzI1NiIKfQo.ewogICJpc3MiOiJKV1 QiLAogICJzdWIiOiJIUzI1NiIsCiAgImV 4cCI6MTQxMjczNTU5NiwuLi4KfQo.NWYz OGY0NmYwYjlkYWY3Mjc0OGI3MWVlNzRhM DRlMGM2ZDlkNzVmNmZkOWJmMGM3ZTViYm E3MjU3OTY4MThjZQo concat JSON Web Token

7. JWT Header • ΄ͱΜͲͷύϥϝʔλ͸OPTIONALɹ (JWSͷඞਢύϥϝʔλ͸1ͭ) • ໊લۭؒ͸JWTɺJWEɺJWSͷ࢓༷Ͱڞ༗͞Ε͍ͯΔ • ϔομۭؒͷύϥϝʔλ͸ࣗ༝ʹ௥Ճͯ͠ྑ͍ {"typ":"JWT",


   "alg":"HS256"} "JWT"·ͨ͸"urn:ietf:params:oauth:token-type:jwt" ॺ໊ΞϧΰϦζϜ (REQUIRED)

8. Registered claims {"iss":"issuer",
 "sub":"subject", "aud":"audience", "exp":1412745300, "nbf":1412744700, "iat":1412745000,
 "jti":"8046…0c",
 "typ":"type"}

   issuer: ΫϨʔϜͷൃߦऀ subject: ର৅ audience: ར༻ऀ expiration: ༗ޮظݶ not before: ༗ޮʹͳΔ࣌ࠁ issued at: ൃߦ࣌ࠁ JWT ID: Ұҙͳࣝผࢠ(ID) type: ίϯςϯτλΠϓ

9. Signature • ϔομͱϖΠϩʔυΛBASE64URLΤϯίʔυͯ͠ɺ"."Ͱ࿈݁ͨ͠จࣈྻͷ ॺ໊Λܭࢉ͠ɺBASE64URLΤϯίʔυͨ͠΋ͷ • ΞϧΰϦζϜ͕HS256(HMAC SHA-256)ͷ৔߹͸࣍ͷΑ͏ʹͳΔ BASE64URL( HMACSHA256(
 BASE64URL(header)

   + "." + BASE64URL(payload),
 "shared_key"
 )
 )

10. Signature algorithm alg Digital Signature / MAC Algorithm Requirements HS256

    HMAC using SHA-256 Required HS384 HMAC using SHA-384 Optional HS512 HMAC using SHA-512 Optional RS256 RSASSA-PKCS-v1.5 using SHA-256 Recommended RS384 RSASSA-PKCS-v1.5 using SHA-384 Optional RS512 RSASSA-PKCS-v1.5 using SHA-512 Optional ES256 ECDSA using P-256 and SHA-256 Recommended+ ES512 ECDSA using P-384 and SHA-384 Optional PS256 RSASSA-PSS using SHA-256 and MGF1 with SHA-256 Optional PS384 RSASSA-PSS using SHA-384 and MGF1 with SHA-384 Optional PS512 RSASSA-PSS using SHA-512 and MGF1 with SHA-512 Optional

11. Secure Connection with JWT Client Server private key public key

    shared key

12. OAuth 2.0
 JWT Bearer Token Profile

13. OAuth 2.0 JWT Bearer token profile • JWTʹΑΓΞΫηετʔΫϯΛཁٻ͢ΔOAuth2.0ͷ֦ு࢓༷ • JWTΛ༻͍ͯGrant

    AuthorizationΛߦ͏ • JWTΛ༻͍ͯClient AuthenticationΛߦ͏ • Client Authentication͸OAuth 2.0 Assertionsͱͯ͠ඪ४Խ͕ਐΜͰ͍ Δ֦ு࢓༷ • JWSʹΑΓॺ໊Λߦ͏ͷͰൿີ伴ɺ·ͨ͸ڞ༗伴͕࿙Ӯ͠ͳ͍ݶΓ
 τʔΫϯͷվ͟Μ͕೉͍͠ • IDΛ֬ೝ͢Δ͜ͱͰϦϓϨΠ߈ܸΛ๷͙͜ͱ͕ग़དྷΔ

14. JWT Bearer token flow Client Authorization Server private key public

    key grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
 assertion=(JWT token) access_token=(ACCESS TOKEN) … • JWTτʔΫϯΛ࢖༻ͯ͠ΞΫηετʔΫϯΛऔಘ͢Δ

15. JWT for grant authorisation • ϖΠϩʔυʹ͸ҎԼͷ஋Λࢦఆ͢Δ {"iss":"issuer",
 "sub":"subject", "aud":"audience", "exp":1412745300,

    "nbf":1412744700, "iat":1412745000,
 "jti":"8046…0c"} ΫϨʔϜͷൃߦऀͷUIDΛؚΊΔ ର৅(Ϣʔβʔ໊΍ϝʔϧΞυϨε) [REQUIRED] ड৴ऀ(ೝূαʔό) ༗ޮظݶ [REQUIRED] ༗ޮʹͳΔ࣌ࠁ [OPTIONAL] ൃߦ࣌ࠁ [OPTIONAL] Ұҙͳࣝผࢠ [REQUIRED]

16. Grant authentication using JWT • JWTΛassertionύϥϝʔλʹࢦఆͯ͠ϦΫΤετ͢Δ • grant_type͸"urn:ietf:params:oauth:client-assertion-type:jwt-bearer" • αʔό͸ॺ໊Λݕূ͠ݖݶͷaccess_tokenΛฦ͢

    POST /token/oauth2 HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded ! grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer &assertion=eyJhbGciOiJFUzI1NiJ9.eyJpc3Mi[…snip…].J9[…snip…]wP &scope=scope

17. Client authentication in OAuth 2.0 Asserttion Framework for OAuth 2.0

    Client Authentication and Authorization Grants
 http://tools.ietf.org/html/draft-ietf-oauth-assertions-16 • 3rd party applicationͳͲͷΫϥΠΞϯτΛೝূ͢ΔͨΊͷ࢓༷ Relying
 Party Client Token Service Relying
 Party Client Third Party Created Assertion Self-issued Assertion Assertion Assertion

18. Issuing client assertion • ҎԼͷ಺༰ΛؚΊΔ • Client assertionͷൃߦऀ͸ୈ3ऀͰ΋ΫϥΠΞϯτࣗ਎Ͱ΋ྑ͍ {"iss":"issuer",
 "sub":"subject",

    "aud":"audience", "exp":1412745300, "nbf":1412744700, "iat":1412745000,
 "jti":"8046…0c" } ΫϨʔϜͷൃߦऀͷUIDΛؚΊΔ client_id ड৴ऀ(ೝূαʔό) ༗ޮظݶ [REQUIRED] ༗ޮʹͳΔ࣌ࠁ [OPTIONAL] ൃߦ࣌ࠁ [OPTIONAL] Ұҙͳࣝผࢠ [REQUIRED]

19. Client authentication using assertion • ϦΫΤετΛߦ͏ࡍʹClient AssertionΛ෇Ճ͢Δ • client_assertion_type͸
 urn:ietf:params:oauth:client-assertion-type:jwt-bearer

    POST /token/oauth2 HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded ! grant_type=authorization_code
 &code=37ac5695c507be6a15a093268fb7c592 &client_assertion_type=urn%3Aietf%3Aparams%3Aoauth
 %3Aclient-assertion-type%3Ajwt-bearer
 &client_assertion=PHNhbW[…snip…]ZT

20. Grant Authorization
 with Client Authentication in Mobile App

21. Client Authentication in Mobile App Client Server private key public

    key grant_type=password
 &username=(user name)
 &password=(password) &client_assertion_type=urn%3Aietf%3Aparams
 %3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
 &client_assertion=(client assertion) access_token=(ACCESS TOKEN) … 1. Issue Client Assertion 2. Password authorization with client assertion

22. Issuing Client Assertion • Client Assertion͸ϞόΠϧΞϓϦέʔγϣϯࣗ਎͕ൃߦ͢Δ • ΞϓϦέʔγϣϯʹ͸ॺ໊ͷͨΊͷൿີ伴ΛຒΊࠐΜͰ͓͘ { "iss":"(Mobile

    App GUID)",
 "sub":"(client_id)", "aud":"(authorization server URI)", "exp":1412745300, "nbf":1412744700, "iat":1412745000,
 "jti":"(GUID)" } Client Assertion Payload

23. Password Authorization
 with Client Authentication • Ϣʔβͷݖݶೝূʹ͸ύεϫʔυೝূΛ࢖༻͢Δ • ύεϫʔυೝূΛߦ͏ࡍʹclient assertionΛ෇Ճͯ͠ϦΫΤετ͢Δ

    POST /token/oauth2 HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded ! grant_type=password
 &username=username
 &password=password &client_assertion_type=urn%3Aietf%3Aparams%3Aoauth
 %3Aclient-assertion-type%3Ajwt-bearer
 &client_assertion=PHNhbW[…snip…]ZT

24. Security Issue • ΫϥΠΞϯτͷൿີ伴͕࿙ΕͨΒͲ͏͢Δʁ • ೉ಡԽΛ͕Μ͹Δ͔͠ͳ͍ • ϦϦʔεຖʹൿີ伴Λมߋ͢Δ • ΫϥΠΞϯτʹൿີ伴ΛೖΕͣʹΫϥΠΞϯτೝূ͢Δํ๏͕͋Δʁ

25. Pinning TLS Certificate

26. HTTPS Connection • ΫϥΠΞϯτ-αʔόؒͷ௨৴͸HTTPS௨৴ʹΑΓ҉߸Խ͞Ε͍ͯΔ • NSAͱճઢۀऀͱฐࣾΛআ͚͹௨৴಺༰Λ๣डͰ͖Δୈ3ऀ͸ଘࡏ͠ͳ͍ Client Server INCREDIBLE SAFTY

    HTTPS LINE

27. Sniff the access token from the channels • ΫϥΠΞϯτʹෆਖ਼ͳূ໌ॻΛΠϯετʔϧ͢Ε͹ୈ3ऀ͕TLSূ໌ॻΛ
 ͢Γସ͑ͯ௨৴͢Δ͜ͱ͕ग़དྷΔ

    Client MIM
 PROXY HTTPS SELF SIGNED CA CERTIFICATE Man In the Middle ATTACK SELF SIGNED CERTIFICATE HTTPS Server

28. MITM attacks to sniff the access token • ௨৴಺༰͸Ϣʔβʔʹ༰қʹ࿐ఄ͢Δ •

    ΦʔϓϯιʔεͷϓϩΩγ΋ͨ͘͞Μ͋ͬͯศར • ωΠςΟϒΞϓϦέʔγϣϯʹ͓͍ͯ௨৴࿏ͷൿಗੑ͸ΫϥΠΞϯτ
 ར༻ऀͷखʹҕͶΒΕ͍ͯΔ • ΫϥΠΞϯτར༻ऀ͕ނҙʹߦ͑͹؆୯ʹதؒऀ߈ܸ͕Մೳ • ͦ΋ͦ΋ୈ3ऀͰ͸ͳ͍

29. Pinning certificate and public key • TLSূ໌ॻ͕ਖ਼͍͠΋ͷ͔Ͳ͏͔ΫϥΠΞϯτͰݕূΛߦ͏ • αʔόূ໌ॻ·ͨ͸CAূ໌ॻͷݕূΛߦ͏ •

    ݕূʹ͸ূ໌ॻɺ·ͨ͸ެ։伴ͷϑΟϯΨʔϓϦϯτΛ࢖͏ • ެ։伴ͷϑΟϯΨʔϓϦϯτΛ࢖͑͹ূ໌ॻΛൃߦ͠ͳ͓ͯ͠΋ϑΟϯ ΨʔϓϦϯτΛߋ৽͢Δඞཁ͕ͳ͍ • iOSͰ͸ެ։伴ͷϑΟϯΨʔϓϦϯτΛܭࢉ͢Δͷ͕೉͍͠Έ͍ͨʁ

30. Certificate pinning flow Client Server private key public key Obtaining

    fingerprints list of certificate/public key

31. Obtaining list of fingerprints • ϑΟϯΨʔϓϦϯτͷϦετ͸தؒऀ߈ܸʹΑΓվ͟Μ͞ΕΔՄೳੑ͕͋Δ • JWTΛ༻͍ͯϑΟϯΨʔϓϦϯτ͕มߋ͞ΕΔ͜ͱΛ๷͙ { "iss":"(authorization

    server URI)", "aud":"(client app name)", "exp":1412745300, "certs": ["624C18A73174F8E7988CB636CED6334AD8FEBC72"],
 "jti":"(GUID)" }

32. Conclusion • OAuth 2.0ͰJWTʹΑΔGrant AuthorizationΛߦ͏ʹ͸
 OAuth 2.0 JWT Bearer token

    profileΛ࢖͏ • Client-side ApplicationͰ͸ݖݶͷڐՄҎ֎ʹΫϥΠΞϯτೝূ͕
 ඞཁʹͳΔ • TLSΑΓ্ͷϨΠϠʔͰͷೝূॲཧ͕ඞཁʹͳΔ • JSONͰͷ҉߸Խ/ॺ໊͸JWTΛ࢖͏ͱศར

33. References • OAuth Documentation
 http://oauth.net/documentation/ • [RFC6749] The OAuth 2.0

    Authorization Framework
 http://tools.ietf.org/html/rfc6749 • JSON Web Token
 https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27 • JSON Web Signature (JWS)
 http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-33 • JSON Web Encryption (JWE)
 http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-32