WebAuthn で実現するパスワードレス認証 / nulab-sechack365

Transcript

1. WebAuthnͰ࣮ݱ͢Δ ύεϫʔυϨεೝূ SecHack365 2019 ෱Ԭճ @ψʔϥϘຊࣾ3F 2019/8/22 @kasecato 1

2. 2019೥8݄16೔ (ۚ) ࢲཱେ1೥ͷগ೥ ిࢠܭࢉػ࢖༻࠮ٗͱෆਖ਼ΞΫηεېࢭ๏ҧ൓ͷ༰ٙͰୁั େֶੜ4ਓΛಉ༰ٙͰॻྨૹݕ ͦͷखޱ͸… 2

3. 3

4. ϑΟογϯά 1995೥ͷ AOLʢΠϯλωοτ αʔϏε ϓϩόΠμʣ AOLελοϑΛ૷͍ύεϫʔυΛෆਖ਼ʹૹ৴͔͕ͤͨͬͨ͞ɼ ؂ࢹ͞Ε͍ͯͨ νϟοτ ϧʔϜͷ؂ࢹϑΟϧλճආεΫϦϓτ͕ <><

   ͩͬͨ <>< ͕ڕʹݟ͑ͨ fish (ڕ) + phreaking (ෆਖ਼ʹແྉͰి࿩Λ͔͚Δߦҝ) = Phishing 4

5. ϑΟογϯά͸… 1995೥͔Βະղܾ ηΩϡϦςΟٕज़ͷഊ๺ ೥ؒ5ઍԯԁͷӨڹ (2014೥) 2005೥ 2018೥ 17ສ݅ 104ສ݅ 5

6. 2017೥ Googleࣾһ 8ສ5ઍਓͷϑΟογϯάඃ֐͕ ʹ θϩ݅ 6

7. 7

8. FIDO U2F Google ͸શࣾһʹʮFIDO U2Fʯͷ࢖༻Λٛ຿෇͚ͨ FIDO U2F? Fast Identity Online

   = ૉૣ͍ΦϯϥΠϯೝূ Universal 2nd Factor = Ϣχόʔαϧͳ2ཁૉ ʢ໊લΛฉ͍ͯ΋Α͘Θ͔Βͳ͍ͱࢥͬͨʣ 2ཁૉೝূʹ෺ཧσόΠεΛ࢖༻͢Δ 1. ύεϫʔυೝূ = ஌ࣝͷཁૉ 2. ෺ཧσόΠε = ॴ༗ͷཁૉ ٛ຿Խ 8

9. ೝূͷ3ཁૉ 1975೥ Computer Security Guidelines for Implementing the Privacy Act

   of 1974 (1) Something the person knows; (2) Something the person has; (3) Something the person is. 712೥ ݹࣄهʹొ৔͢Δࡾछͷਆث = has ॴ༗ͷཁૉ 2019೥ͷࢲͨͪ͸ͳͥ2ஈ֊ೝূ͕… FIPS 41 9

10. ͳͥ Google ͕ FIDO ͰϑΟογϯάඃ֐Λ๾໓Ͱ͖ͨͷ͔ʁ 10

11. FIDO ͷجຊίϯηϓτ ެ։伴҉߸Λ༻͍ͨνϟϨϯδϨεϙϯεೝূ ೝূثΛ༻͍ͨൿີ伴ͷੜ੒ͱอޢ origin ʹඥͮ͘ೝূ৘ใͷ؅ཧ ϩʔΧϧͰͷϢʔβʔݕূ ग़య: ΋ͱ΄Μ΍, ʰ

    ʱ, p.9, (Oct, 2018). WebAuthn ຊ @watahani 11

12. 12

13. ެ։伴҉߸Λ༻͍ͨνϟϨϯδϨεϙϯε 1976೥ Diffie ͱ Hellman ͕ެ։伴҉߸ԽͱೝূΛఏҊ 1977೥ Rivest, Shamir ͱ

    Adleman ͕ެ։伴҉߸ํࣜΛߏங 1985೥ Koblitz ͱ Miller ͕ପԁۂઢ҉߸ΛఏҊ RSA 2048 ϏοτΛ ECC 206 Ϗοτఔ౓Ͱ୲อ ૊ࠐΈ޲͚ = FIDO ͷೝূثͰ΋࢖༻ C ≡ (mod N) ME M ≡ (mod N) CD 13

14. ެ։伴҉߸Λ༻͍ͨνϟϨϯδϨεϙϯε 1979೥ࠒ Bob Bosen ͕νϟϨϯδϨεϙϯεೝূΛ࣮૷ TRS-80 ༻ͷήʔϜʮ80 Space Raidersʯͷίϐʔ๷ࢭػೳ ήʔϜىಈը໘ʹදࣔ͞ΕΔϥϯμϜͳ਺

    = νϟϨϯδ ήʔϜ෇ଐͷදͰνϟϨϯδʹରԠ͢Δ਺Λೖྗ = Ϩεϙϯε M ≡ (mod N) CD C ≡ (mod N) ME 14

15. ެ։伴҉߸Λ༻͍ͨνϟϨϯδϨεϙϯε ొ࿥ ϒϥ΢β͸ RP ͔ΒνϟϨϯδΛऔಘ ೝূث͸伴ϖΞΛੜ੒ ൿີ伴ͰνϟϯϨϯδʹॺ໊ = Ϩεϙϯε RP

    ͸ެ։伴Ͱॺ໊Λݕূ ެ։伴Λొ࿥ 15

16. ެ։伴҉߸Λ༻͍ͨνϟϨϯδϨεϙϯε ೝূ ϒϥ΢β͸ RP ͔ΒνϟϨϯδΛऔಘ ೝূث͸ൿີ伴Λಋग़ ൿີ伴ͰνϟϨϯδʹॺ໊ = Ϩεϙϯε RP

    ͸ॺ໊Λݕূ ϢʔβΛೝূ 16

17. ೝূثΛ༻͍ͨൿີ伴ͷੜ੒ͱอޢ 1994೥ FIPS 140-1 2001೥ Security Requirements for Cryptographic Modules

    ଱λϯύੑ ϓϩʔϏϯά߈ܸ ϑΥʔϧτ߈ܸ αΠυνϟωϧ߈ܸ 2019೥9݄ FIPS 140-3 FIPS 140-2 17

18. origin ʹඥͮ͘ೝূ৘ใͷ؅ཧ AppID (rpId) = origin = υϝΠϯ໊ 伴ϖΞͷੜ੒ʹυϝΠϯؚ໊͕·ΕΔ 18

19. ϩʔΧϧͰͷϢʔβʔݕূ ϦϞʔτೝূ ύεϫʔυ͸ωοτϫʔΫ্ʹྲྀΕΔ ύεϫʔυ͸αʔόʹอଘ͞ΕΔ αʔό͔Βͷ৘ใ࿙͍͑ ύεϫʔυͷϦετܕ߈ܸ ϩʔΧϧೝূ ੜମೝূ΍ PIN ͸ωοτϫʔΫ্ʹྲྀΕͳ͍

    ੜମ৘ใ΍ PIN ͸ϩʔΧϧͷσόΠεʹอଘ͞ΕΔ σόΠε͸଱λϯύੑ͕͋Δ 19

20. ͱ͸ Web Authentication: An API for accessing Public Key Credentials

    Level 1 ϒϥ΢βʹ࣮૷͞Εͨ 2 ͭͷ API ొ࿥ = navigator.credentials.create() ೝূ = navigator.credentials.get() ϒϥ΢βͱೝূث͕ձ࿩͢ΔͨΊͷ API ೝূث͔Β伴ϖΞΛੜ੒͢Δ ೝূث͔Βൿີ伴Ͱॺ໊Λੜ੒͢Δ WebAuthn 20

21. ొ࿥ = navigator.credentials.create() Relying Party Server Authenticator challenge, user info,

    relying party info relying party id , user info, relying party info, clientDataHash new public key, credential id, attestation clientDataJSON, attestationObject 1 2 5 4 3 user verification, new keypair, attestation attestationObject Browser RP JavaScript Application 6 0 server validation AuthenticatorAttestationResponse PublicKeyCredentialCreationOptions 21

22. ೝূ = navigator.credentials.get() Relying Party Server Authenticator challenge relying party

    id, clientDataHash authenticatorData signature clientDataJSON, authenticatorData, signature 1 2 5 4 3 user verification, create assertion Browser RP JavaScript Application 6 0 server validation AuthenticatorAssertionResponse PublicKeyCredentialRequestOptions WebAuthnAPI 22

23. ·ͱΊ FIDO ͷجຊίϯηϓτ͕Θ͔ͬͨ ެ։伴҉߸Λ༻͍ͨνϟϨϯδϨεϙϯεೝূ Authenticator Λ༻͍ͨൿີ伴ͷੜ੒ͱอޢ origin ʹඥͮ͘ೝূ৘ใͷ؅ཧ ϩʔΧϧͰͷϢʔβʔݕূ WebAuthn

    ͸ϒϥ΢βʹ࣮૷͞Εͨ 2 ͭͷ API ొ࿥ navigator.credentials.create() ೝূ navigator.credentials.get() WebAuthn ͸ೝূثͱձ࿩͢ΔͨΊͷ API ύεϫʔυΛ࢖Θͣެ։伴ೝূج൫ͰϢʔβೝূͰ͖ͨ 23

24. ࢀߟϊʔτ ຖ೔৽ฉ, ʮωοτόϯΫෆਖ਼઀ଓͰݱۚ࠮औɹ༰ٙͷେֶੜ ୁัɹ໊ݹ԰ʯ, IPA, ʰ৘ใηΩϡϦςΟനॻ2019ʱ, p.20, (August, 2019) σʔϏουɾαϯΨʔ,

    ʰੈքͷ೼ݖ͕ҰؾʹมΘΔ αΠόʔ ׬શฌثʱ, pp.207-224, pp.152-157, (May, 2019) Wikipedia, "Early AOL phishing," https://mainichi.jp/articles/20190817/k00/00m/040/033000c https://en.wikipedia.org/wiki/Phishing#Early_AOL_phishing 24

25. ΪζϞʔυɾδϟύϯ, ʮGoogleࣾһͷϑΟογϯάΛ0ʹͨ͠෺ཧ Google, ʮTitan ηΩϡϦςΟ Ωʔʯ, FIDO, ʮFIDOΞϥΠΞϯεͷԊֵʯ, NIST, "Computer

    Security Guidelines for Implementing the Privacy A Richard E. Smithʰೝূٕज़ ύεϫʔυ͔Βެ։伴·Ͱʱ, p.399, p. security-keys.html https://cloud.google.com/titan https://fidoalliance.org/fido%e3%82%a2%e3%83%a9%e3%82%a4% lang=ja 25

26. ൘૔੐உ, ֎઒੓෉, ʰωοτࣾձͱຊਓೝূ―ݪཧ͔ΒԠ༻· Ͱʱ, p.29, (July, 2010). ΋ͱ΄Μ΍, ʰWebAuthn ຊʱ,

    p.9, (Oct, 2018). ผ࡭೔ܦαΠΤϯεɼʮαΠόʔηΩϡϦςΟʔʯ, p.63, (April, 2016). 㟒ࢁҰஉ, ੁݪ݈, ཥཅ, ʰ҉߸ϋʔυ΢ΣΞͷηΩϡϦςΟʱ, p.39, pp.80-81, (June, 2019). 26

27. NIST, "Security Requirements for Cryptographic Modules," Wikipedia, "FIPS 140-3", Yubico,

    "Key generation," Yubico, "FIDO2/WebAuthn Overview," W3C, "Web Authentication: An API for accessing Public Key Creden https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf https://en.wikipedia.org/wiki/FIPS_140-3 https://developers.yubico.com/U2F/Protocol_details/Key_generatio https://developers.yubico.com/WebAuthn/WebAuthn_Developer_G https://www.w3.org/TR/webauthn/ 27