JSON Web Token Authentication 
for Mobile Application

Transcript

1. JSON Web Token
   Authentication

   for Mobile Application
   Harukasan / Shunsuke Michii
   

   View Slide

2. Agenda
   • JSON Web Token (JWT)
   • OAuth 2.0 JWT Bearer Token Profile
   • OAuth 2.0 Client Authentication for Mobile Application
   • Certificate Pinning
   

   View Slide

3. JSON Web Token (JWT)
   !
   • HTTP Header΍ΫΤϦύϥϝʔλͷΑ͏ͳαΠζʹ੍ݶ͕͋ΔྖҬͰ࢖༻
   ͞ΕΔ͜ͱΛҙਤͨ͠ίϯύΫτͳΫϨʔϜදݱϑΥʔϚοτ
   • JSONΦϒδΣΫτ(จࣈྻ)ʹΤϯίʔυ͢Δ
   • ӳ୯ޠͷ”jot”ͱಉ͡ൃԻ͕ਪ঑͞Ε͍ͯΔ
   • Google, Salesforce, Yahoo JapanͰ࠾༻
   

   View Slide

4. JWE / JWS
   • ϖΠϩʔυͱͯ͠JWE/JWSͷ2͕ͭ͋ΓɺͦΕͧΕ࢓༷ͱͯ͠෼ׂ͞Εͨ
   • JSON Web Encryption (JWE): ίϯςϯτͷ҉߸ԽΛߦ͏
   • JSON Web Segnature (JWS): ίϯςϯτͷॺ໊Λߦ͏
   !
   • ࢖༻ࣄྫ͕ଟ͍ͷ͸JWS
   • OAuth 2.0 / OpenID Connect
   

   View Slide

5. JWT format
   ewogICJ0eXAiOiJKV1QiLAogICJhbGciOiJIUzI1NiIKfQo
   .ewogICJpc3MiOiJKV1QiLAogICJzdWIiOiJIUzI1NiIsCi
   AgImV4cCI6MTQxMjczNTU5NiwuLi4KfQo.NWYzOGY0NmYwY
   jlkYWY3Mjc0OGI3MWVlNzRhMDRlMGM2ZDlkNzVmNmZkOWJm
   MGM3ZTViYmE3MjU3OTY4MThjZQo
   Header.Payload.Signature
   

   View Slide

6. The structure of JWT(JWS)
   • ϔομ+ϖΠϩʔυ+γάωνϟͷ3ͭͰߏ੒
   • BASE64URLΤϯίʔυͨ͠จࣈྻΛ”.”Ͱ࿈݁ͨ͠จࣈྻͱͯ͠දݱ͞ΕΔ
   {
   "typ":"JWT",
   "alg":"HS256"
   }
   {
   "iss":"JWT",
   "sub":"HS256",
   "exp":1412735596,...
   }
   BASE64URL(HMACSHA256(

   BASE64URL(header) +

   "." + BASE64URL(payload),

   "shared_key"))
   Header
   Payload
   Signature
   ewogICJ0eXAiOiJKV1QiLAogICJh
   bGciOiJIUzI1NiIKfQo
   ewogICJpc3MiOiJKV1QiLAogICJz
   dWIiOiJIUzI1NiIsCiAgImV4cCI6
   MTQxMjczNTU5NiwuLi4KfQo
   NWYzOGY0NmYwYjlkYWY3Mjc0OGI3
   MWVlNzRhMDRlMGM2ZDlkNzVmNmZk
   OWJmMGM3ZTViYmE3MjU3OTY4MThj
   ZQo
   BASE64 URL ENCODED
   ewogICJ0eXAiOiJKV1QiLAogICJhbGciO
   iJIUzI1NiIKfQo.ewogICJpc3MiOiJKV1
   QiLAogICJzdWIiOiJIUzI1NiIsCiAgImV
   4cCI6MTQxMjczNTU5NiwuLi4KfQo.NWYz
   OGY0NmYwYjlkYWY3Mjc0OGI3MWVlNzRhM
   DRlMGM2ZDlkNzVmNmZkOWJmMGM3ZTViYm
   E3MjU3OTY4MThjZQo
   concat
   JSON Web Token
   

   View Slide

7. JWT Header
   • ΄ͱΜͲͷύϥϝʔλ͸OPTIONALɹ (JWSͷඞਢύϥϝʔλ͸1ͭ)
   • ໊લۭؒ͸JWTɺJWEɺJWSͷ࢓༷Ͱڞ༗͞Ε͍ͯΔ
   • ϔομۭؒͷύϥϝʔλ͸ࣗ༝ʹ௥Ճͯ͠ྑ͍
   {"typ":"JWT",

   "alg":"HS256"}
   "JWT"·ͨ͸"urn:ietf:params:oauth:token-type:jwt"
   ॺ໊ΞϧΰϦζϜ (REQUIRED)
   

   View Slide

8. Registered claims
   {"iss":"issuer",

   "sub":"subject",
   "aud":"audience",
   "exp":1412745300,
   "nbf":1412744700,
   "iat":1412745000,

   "jti":"8046…0c",

   "typ":"type"}
   issuer: ΫϨʔϜͷൃߦऀ
   subject: ର৅
   audience: ར༻ऀ
   expiration: ༗ޮظݶ
   not before: ༗ޮʹͳΔ࣌ࠁ
   issued at: ൃߦ࣌ࠁ
   JWT ID: Ұҙͳࣝผࢠ(ID)
   type: ίϯςϯτλΠϓ
   

   View Slide

9. Signature
   • ϔομͱϖΠϩʔυΛBASE64URLΤϯίʔυͯ͠ɺ"."Ͱ࿈݁ͨ͠จࣈྻͷ
   ॺ໊Λܭࢉ͠ɺBASE64URLΤϯίʔυͨ͠΋ͷ
   • ΞϧΰϦζϜ͕HS256(HMAC SHA-256)ͷ৔߹͸࣍ͷΑ͏ʹͳΔ
   BASE64URL(
   HMACSHA256(

   BASE64URL(header) + "." + BASE64URL(payload),

   "shared_key"

   )

   )
   

   View Slide

10. Signature algorithm
    alg Digital Signature / MAC Algorithm Requirements
    HS256 HMAC using SHA-256 Required
    HS384 HMAC using SHA-384 Optional
    HS512 HMAC using SHA-512 Optional
    RS256 RSASSA-PKCS-v1.5 using SHA-256 Recommended
    RS384 RSASSA-PKCS-v1.5 using SHA-384 Optional
    RS512 RSASSA-PKCS-v1.5 using SHA-512 Optional
    ES256 ECDSA using P-256 and SHA-256 Recommended+
    ES512 ECDSA using P-384 and SHA-384 Optional
    PS256 RSASSA-PSS using SHA-256 and MGF1 with SHA-256 Optional
    PS384 RSASSA-PSS using SHA-384 and MGF1 with SHA-384 Optional
    PS512 RSASSA-PSS using SHA-512 and MGF1 with SHA-512 Optional
    

    View Slide

11. Secure Connection with JWT
    Client Server
    private key
    public key
    shared key
    

    View Slide

12. OAuth 2.0

    JWT Bearer Token Profile
    

    View Slide

13. OAuth 2.0 JWT Bearer token profile
    • JWTʹΑΓΞΫηετʔΫϯΛཁٻ͢ΔOAuth2.0ͷ֦ு࢓༷
    • JWTΛ༻͍ͯGrant AuthorizationΛߦ͏
    • JWTΛ༻͍ͯClient AuthenticationΛߦ͏
    • Client Authentication͸OAuth 2.0 Assertionsͱͯ͠ඪ४Խ͕ਐΜͰ͍
    Δ֦ு࢓༷
    • JWSʹΑΓॺ໊Λߦ͏ͷͰൿີ伴ɺ·ͨ͸ڞ༗伴͕࿙Ӯ͠ͳ͍ݶΓ

    τʔΫϯͷվ͟Μ͕೉͍͠
    • IDΛ֬ೝ͢Δ͜ͱͰϦϓϨΠ߈ܸΛ๷͙͜ͱ͕ग़དྷΔ
    

    View Slide

14. JWT Bearer token flow
    Client
    Authorization
    Server
    private key public key
    grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer

    assertion=(JWT token)
    access_token=(ACCESS TOKEN)
    …
    • JWTτʔΫϯΛ࢖༻ͯ͠ΞΫηετʔΫϯΛऔಘ͢Δ
    

    View Slide

15. JWT for grant authorisation
    • ϖΠϩʔυʹ͸ҎԼͷ஋Λࢦఆ͢Δ
    {"iss":"issuer",

    "sub":"subject",
    "aud":"audience",
    "exp":1412745300,
    "nbf":1412744700,
    "iat":1412745000,

    "jti":"8046…0c"}
    ΫϨʔϜͷൃߦऀͷUIDΛؚΊΔ
    ର৅(Ϣʔβʔ໊΍ϝʔϧΞυϨε) [REQUIRED]
    ड৴ऀ(ೝূαʔό)
    ༗ޮظݶ [REQUIRED]
    ༗ޮʹͳΔ࣌ࠁ [OPTIONAL]
    ൃߦ࣌ࠁ [OPTIONAL]
    Ұҙͳࣝผࢠ [REQUIRED]
    

    View Slide

16. Grant authentication using JWT
    • JWTΛassertionύϥϝʔλʹࢦఆͯ͠ϦΫΤετ͢Δ
    • grant_type͸"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
    • αʔό͸ॺ໊Λݕূ͠ݖݶͷaccess_tokenΛฦ͢
    POST /token/oauth2 HTTP/1.1
    Host: www.example.com
    Content-Type: application/x-www-form-urlencoded
    !
    grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer
    &assertion=eyJhbGciOiJFUzI1NiJ9.eyJpc3Mi[…snip…].J9[…snip…]wP
    &scope=scope
    

    View Slide

17. Client authentication in OAuth 2.0
    Asserttion Framework for OAuth 2.0 Client Authentication and
    Authorization Grants

    http://tools.ietf.org/html/draft-ietf-oauth-assertions-16
    • 3rd party applicationͳͲͷΫϥΠΞϯτΛೝূ͢ΔͨΊͷ࢓༷
    Relying

    Party
    Client Token Service
    Relying

    Party
    Client
    Third Party Created Assertion Self-issued Assertion
    Assertion
    Assertion
    

    View Slide

18. Issuing client assertion
    • ҎԼͷ಺༰ΛؚΊΔ
    • Client assertionͷൃߦऀ͸ୈ3ऀͰ΋ΫϥΠΞϯτࣗ਎Ͱ΋ྑ͍
    {"iss":"issuer",

    "sub":"subject",
    "aud":"audience",
    "exp":1412745300,
    "nbf":1412744700,
    "iat":1412745000,

    "jti":"8046…0c" }
    ΫϨʔϜͷൃߦऀͷUIDΛؚΊΔ
    client_id
    ड৴ऀ(ೝূαʔό)
    ༗ޮظݶ [REQUIRED]
    ༗ޮʹͳΔ࣌ࠁ [OPTIONAL]
    ൃߦ࣌ࠁ [OPTIONAL]
    Ұҙͳࣝผࢠ [REQUIRED]
    

    View Slide

19. Client authentication using assertion
    • ϦΫΤετΛߦ͏ࡍʹClient AssertionΛ෇Ճ͢Δ
    • client_assertion_type͸

    urn:ietf:params:oauth:client-assertion-type:jwt-bearer
    POST /token/oauth2 HTTP/1.1
    Host: www.example.com
    Content-Type: application/x-www-form-urlencoded
    !
    grant_type=authorization_code

    &code=37ac5695c507be6a15a093268fb7c592
    &client_assertion_type=urn%3Aietf%3Aparams%3Aoauth

    %3Aclient-assertion-type%3Ajwt-bearer

    &client_assertion=PHNhbW[…snip…]ZT
    

    View Slide

20. Grant Authorization

    with Client Authentication in Mobile App
    

    View Slide

21. Client Authentication in Mobile App
    Client Server
    private key public key
    grant_type=password

    &username=(user name)

    &password=(password)
    &client_assertion_type=urn%3Aietf%3Aparams

    %3Aoauth%3Aclient-assertion-type%3Ajwt-bearer

    &client_assertion=(client assertion)
    access_token=(ACCESS TOKEN)
    …
    1. Issue Client Assertion
    2. Password authorization with client assertion
    

    View Slide

22. Issuing Client Assertion
    • Client Assertion͸ϞόΠϧΞϓϦέʔγϣϯࣗ਎͕ൃߦ͢Δ
    • ΞϓϦέʔγϣϯʹ͸ॺ໊ͷͨΊͷൿີ伴ΛຒΊࠐΜͰ͓͘
    { "iss":"(Mobile App GUID)",

    "sub":"(client_id)",
    "aud":"(authorization server URI)",
    "exp":1412745300,
    "nbf":1412744700,
    "iat":1412745000,

    "jti":"(GUID)" }
    Client Assertion Payload
    

    View Slide

23. Password Authorization

    with Client Authentication
    • Ϣʔβͷݖݶೝূʹ͸ύεϫʔυೝূΛ࢖༻͢Δ
    • ύεϫʔυೝূΛߦ͏ࡍʹclient assertionΛ෇Ճͯ͠ϦΫΤετ͢Δ
    POST /token/oauth2 HTTP/1.1
    Host: www.example.com
    Content-Type: application/x-www-form-urlencoded
    !
    grant_type=password

    &username=username

    &password=password
    &client_assertion_type=urn%3Aietf%3Aparams%3Aoauth

    %3Aclient-assertion-type%3Ajwt-bearer

    &client_assertion=PHNhbW[…snip…]ZT
    

    View Slide

24. Security Issue
    • ΫϥΠΞϯτͷൿີ伴͕࿙ΕͨΒͲ͏͢Δʁ
    • ೉ಡԽΛ͕Μ͹Δ͔͠ͳ͍
    • ϦϦʔεຖʹൿີ伴Λมߋ͢Δ
    • ΫϥΠΞϯτʹൿີ伴ΛೖΕͣʹΫϥΠΞϯτೝূ͢Δํ๏͕͋Δʁ
    

    View Slide

25. Pinning TLS Certificate
    

    View Slide

26. HTTPS Connection
    • ΫϥΠΞϯτ-αʔόؒͷ௨৴͸HTTPS௨৴ʹΑΓ҉߸Խ͞Ε͍ͯΔ
    • NSAͱճઢۀऀͱฐࣾΛআ͚͹௨৴಺༰Λ๣डͰ͖Δୈ3ऀ͸ଘࡏ͠ͳ͍
    Client Server
    INCREDIBLE SAFTY HTTPS LINE
    

    View Slide

27. Sniff the access token from the channels
    • ΫϥΠΞϯτʹෆਖ਼ͳূ໌ॻΛΠϯετʔϧ͢Ε͹ୈ3ऀ͕TLSূ໌ॻΛ

    ͢Γସ͑ͯ௨৴͢Δ͜ͱ͕ग़དྷΔ
    Client
    MIM

    PROXY
    HTTPS
    SELF SIGNED
    CA CERTIFICATE
    Man In the Middle ATTACK
    SELF SIGNED
    CERTIFICATE
    HTTPS Server
    

    View Slide

28. MITM attacks to sniff the access token
    • ௨৴಺༰͸Ϣʔβʔʹ༰қʹ࿐ఄ͢Δ
    • ΦʔϓϯιʔεͷϓϩΩγ΋ͨ͘͞Μ͋ͬͯศར
    • ωΠςΟϒΞϓϦέʔγϣϯʹ͓͍ͯ௨৴࿏ͷൿಗੑ͸ΫϥΠΞϯτ

    ར༻ऀͷखʹҕͶΒΕ͍ͯΔ
    • ΫϥΠΞϯτར༻ऀ͕ނҙʹߦ͑͹؆୯ʹதؒऀ߈ܸ͕Մೳ
    • ͦ΋ͦ΋ୈ3ऀͰ͸ͳ͍
    

    View Slide

29. Pinning certificate and public key
    • TLSূ໌ॻ͕ਖ਼͍͠΋ͷ͔Ͳ͏͔ΫϥΠΞϯτͰݕূΛߦ͏
    • αʔόূ໌ॻ·ͨ͸CAূ໌ॻͷݕূΛߦ͏
    • ݕূʹ͸ূ໌ॻɺ·ͨ͸ެ։伴ͷϑΟϯΨʔϓϦϯτΛ࢖͏
    • ެ։伴ͷϑΟϯΨʔϓϦϯτΛ࢖͑͹ূ໌ॻΛൃߦ͠ͳ͓ͯ͠΋ϑΟϯ
    ΨʔϓϦϯτΛߋ৽͢Δඞཁ͕ͳ͍
    • iOSͰ͸ެ։伴ͷϑΟϯΨʔϓϦϯτΛܭࢉ͢Δͷ͕೉͍͠Έ͍ͨʁ
    

    View Slide

30. Certificate pinning flow
    Client Server
    private key
    public key Obtaining fingerprints list of certificate/public key
    

    View Slide

31. Obtaining list of fingerprints
    • ϑΟϯΨʔϓϦϯτͷϦετ͸தؒऀ߈ܸʹΑΓվ͟Μ͞ΕΔՄೳੑ͕͋Δ
    • JWTΛ༻͍ͯϑΟϯΨʔϓϦϯτ͕มߋ͞ΕΔ͜ͱΛ๷͙
    { "iss":"(authorization server URI)",
    "aud":"(client app name)",
    "exp":1412745300,
    "certs": ["624C18A73174F8E7988CB636CED6334AD8FEBC72"],

    "jti":"(GUID)" }
    

    View Slide

32. Conclusion
    • OAuth 2.0ͰJWTʹΑΔGrant AuthorizationΛߦ͏ʹ͸

    OAuth 2.0 JWT Bearer token profileΛ࢖͏
    • Client-side ApplicationͰ͸ݖݶͷڐՄҎ֎ʹΫϥΠΞϯτೝূ͕

    ඞཁʹͳΔ
    • TLSΑΓ্ͷϨΠϠʔͰͷೝূॲཧ͕ඞཁʹͳΔ
    • JSONͰͷ҉߸Խ/ॺ໊͸JWTΛ࢖͏ͱศར
    

    View Slide

33. References
    • OAuth Documentation

    http://oauth.net/documentation/
    • [RFC6749] The OAuth 2.0 Authorization Framework

    http://tools.ietf.org/html/rfc6749
    • JSON Web Token

    https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27
    • JSON Web Signature (JWS)

    http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-33
    • JSON Web Encryption (JWE)

    http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-32
    

    View Slide