JSON Web Token Authentication  for Mobile Application

Slide 1

Slide 1 text

JSON Web Token Authentication  for Mobile Application Harukasan / Shunsuke Michii

Slide 2

Slide 2 text

Agenda • JSON Web Token (JWT) • OAuth 2.0 JWT Bearer Token Proﬁle • OAuth 2.0 Client Authentication for Mobile Application • Certiﬁcate Pinning

Slide 3

Slide 3 text

JSON Web Token (JWT) ! • HTTP Header΍ΫΤϦύϥϝʔλͷΑ͏ͳαΠζʹ੍ݶ͕͋ΔྖҬͰ࢖༻ ͞ΕΔ͜ͱΛҙਤͨ͠ίϯύΫτͳΫϨʔϜදݱϑΥʔϚοτ • JSONΦϒδΣΫτ(จࣈྻ)ʹΤϯίʔυ͢Δ • ӳ୯ޠͷ”jot”ͱಉ͡ൃԻ͕ਪ঑͞Ε͍ͯΔ • Google, Salesforce, Yahoo JapanͰ࠾༻

Slide 4

Slide 4 text

JWE / JWS • ϖΠϩʔυͱͯ͠JWE/JWSͷ2͕ͭ͋ΓɺͦΕͧΕ࢓༷ͱͯ͠෼ׂ͞Εͨ • JSON Web Encryption (JWE): ίϯςϯτͷ҉߸ԽΛߦ͏ • JSON Web Segnature (JWS): ίϯςϯτͷॺ໊Λߦ͏ ! • ࢖༻ࣄྫ͕ଟ͍ͷ͸JWS • OAuth 2.0 / OpenID Connect

Slide 5

Slide 5 text

JWT format ewogICJ0eXAiOiJKV1QiLAogICJhbGciOiJIUzI1NiIKfQo .ewogICJpc3MiOiJKV1QiLAogICJzdWIiOiJIUzI1NiIsCi AgImV4cCI6MTQxMjczNTU5NiwuLi4KfQo.NWYzOGY0NmYwY jlkYWY3Mjc0OGI3MWVlNzRhMDRlMGM2ZDlkNzVmNmZkOWJm MGM3ZTViYmE3MjU3OTY4MThjZQo Header.Payload.Signature

Slide 6

Slide 6 text

The structure of JWT(JWS) • ϔομ+ϖΠϩʔυ+γάωνϟͷ3ͭͰߏ੒ • BASE64URLΤϯίʔυͨ͠จࣈྻΛ”.”Ͱ࿈݁ͨ͠จࣈྻͱͯ͠දݱ͞ΕΔ { "typ":"JWT", "alg":"HS256" } { "iss":"JWT", "sub":"HS256", "exp":1412735596,... } BASE64URL(HMACSHA256(  BASE64URL(header) +  "." + BASE64URL(payload),  "shared_key")) Header Payload Signature ewogICJ0eXAiOiJKV1QiLAogICJh bGciOiJIUzI1NiIKfQo ewogICJpc3MiOiJKV1QiLAogICJz dWIiOiJIUzI1NiIsCiAgImV4cCI6 MTQxMjczNTU5NiwuLi4KfQo NWYzOGY0NmYwYjlkYWY3Mjc0OGI3 MWVlNzRhMDRlMGM2ZDlkNzVmNmZk OWJmMGM3ZTViYmE3MjU3OTY4MThj ZQo BASE64 URL ENCODED ewogICJ0eXAiOiJKV1QiLAogICJhbGciO iJIUzI1NiIKfQo.ewogICJpc3MiOiJKV1 QiLAogICJzdWIiOiJIUzI1NiIsCiAgImV 4cCI6MTQxMjczNTU5NiwuLi4KfQo.NWYz OGY0NmYwYjlkYWY3Mjc0OGI3MWVlNzRhM DRlMGM2ZDlkNzVmNmZkOWJmMGM3ZTViYm E3MjU3OTY4MThjZQo concat JSON Web Token

Slide 7

Slide 7 text

JWT Header • ΄ͱΜͲͷύϥϝʔλ͸OPTIONALɹ (JWSͷඞਢύϥϝʔλ͸1ͭ) • ໊લۭؒ͸JWTɺJWEɺJWSͷ࢓༷Ͱڞ༗͞Ε͍ͯΔ • ϔομۭؒͷύϥϝʔλ͸ࣗ༝ʹ௥Ճͯ͠ྑ͍ {"typ":"JWT",  "alg":"HS256"} "JWT"·ͨ͸"urn:ietf:params:oauth:token-type:jwt" ॺ໊ΞϧΰϦζϜ (REQUIRED)

Slide 8

Slide 8 text

Registered claims {"iss":"issuer",  "sub":"subject", "aud":"audience", "exp":1412745300, "nbf":1412744700, "iat":1412745000,  "jti":"8046…0c",  "typ":"type"} issuer: ΫϨʔϜͷൃߦऀ subject: ର৅ audience: ར༻ऀ expiration: ༗ޮظݶ not before: ༗ޮʹͳΔ࣌ࠁ issued at: ൃߦ࣌ࠁ JWT ID: Ұҙͳࣝผࢠ(ID) type: ίϯςϯτλΠϓ

Slide 9

Slide 9 text

Signature • ϔομͱϖΠϩʔυΛBASE64URLΤϯίʔυͯ͠ɺ"."Ͱ࿈݁ͨ͠จࣈྻͷ ॺ໊Λܭࢉ͠ɺBASE64URLΤϯίʔυͨ͠΋ͷ • ΞϧΰϦζϜ͕HS256(HMAC SHA-256)ͷ৔߹͸࣍ͷΑ͏ʹͳΔ BASE64URL( HMACSHA256(  BASE64URL(header) + "." + BASE64URL(payload),  "shared_key"  )  )

Slide 10

Slide 10 text

Signature algorithm alg Digital Signature / MAC Algorithm Requirements HS256 HMAC using SHA-256 Required HS384 HMAC using SHA-384 Optional HS512 HMAC using SHA-512 Optional RS256 RSASSA-PKCS-v1.5 using SHA-256 Recommended RS384 RSASSA-PKCS-v1.5 using SHA-384 Optional RS512 RSASSA-PKCS-v1.5 using SHA-512 Optional ES256 ECDSA using P-256 and SHA-256 Recommended+ ES512 ECDSA using P-384 and SHA-384 Optional PS256 RSASSA-PSS using SHA-256 and MGF1 with SHA-256 Optional PS384 RSASSA-PSS using SHA-384 and MGF1 with SHA-384 Optional PS512 RSASSA-PSS using SHA-512 and MGF1 with SHA-512 Optional

Slide 11

Slide 11 text

Secure Connection with JWT Client Server private key public key shared key

Slide 12

Slide 12 text

OAuth 2.0  JWT Bearer Token Proﬁle

Slide 13

Slide 13 text

OAuth 2.0 JWT Bearer token proﬁle • JWTʹΑΓΞΫηετʔΫϯΛཁٻ͢ΔOAuth2.0ͷ֦ு࢓༷ • JWTΛ༻͍ͯGrant AuthorizationΛߦ͏ • JWTΛ༻͍ͯClient AuthenticationΛߦ͏ • Client Authentication͸OAuth 2.0 Assertionsͱͯ͠ඪ४Խ͕ਐΜͰ͍ Δ֦ு࢓༷ • JWSʹΑΓॺ໊Λߦ͏ͷͰൿີ伴ɺ·ͨ͸ڞ༗伴͕࿙Ӯ͠ͳ͍ݶΓ  τʔΫϯͷվ͟Μ͕೉͍͠ • IDΛ֬ೝ͢Δ͜ͱͰϦϓϨΠ߈ܸΛ๷͙͜ͱ͕ग़དྷΔ

Slide 14

Slide 14 text

JWT Bearer token ﬂow Client Authorization Server private key public key grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer  assertion=(JWT token) access_token=(ACCESS TOKEN) … • JWTτʔΫϯΛ࢖༻ͯ͠ΞΫηετʔΫϯΛऔಘ͢Δ

Slide 15

Slide 15 text

JWT for grant authorisation • ϖΠϩʔυʹ͸ҎԼͷ஋Λࢦఆ͢Δ {"iss":"issuer",  "sub":"subject", "aud":"audience", "exp":1412745300, "nbf":1412744700, "iat":1412745000,  "jti":"8046…0c"} ΫϨʔϜͷൃߦऀͷUIDΛؚΊΔ ର৅(Ϣʔβʔ໊΍ϝʔϧΞυϨε) [REQUIRED] ड৴ऀ(ೝূαʔό) ༗ޮظݶ [REQUIRED] ༗ޮʹͳΔ࣌ࠁ [OPTIONAL] ൃߦ࣌ࠁ [OPTIONAL] Ұҙͳࣝผࢠ [REQUIRED]

Slide 16

Slide 16 text

Grant authentication using JWT • JWTΛassertionύϥϝʔλʹࢦఆͯ͠ϦΫΤετ͢Δ • grant_type͸"urn:ietf:params:oauth:client-assertion-type:jwt-bearer" • αʔό͸ॺ໊Λݕূ͠ݖݶͷaccess_tokenΛฦ͢ POST /token/oauth2 HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded ! grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer &assertion=eyJhbGciOiJFUzI1NiJ9.eyJpc3Mi[…snip…].J9[…snip…]wP &scope=scope

Slide 17

Slide 17 text

Client authentication in OAuth 2.0 Asserttion Framework for OAuth 2.0 Client Authentication and Authorization Grants  http://tools.ietf.org/html/draft-ietf-oauth-assertions-16 • 3rd party applicationͳͲͷΫϥΠΞϯτΛೝূ͢ΔͨΊͷ࢓༷ Relying  Party Client Token Service Relying  Party Client Third Party Created Assertion Self-issued Assertion Assertion Assertion

Slide 18

Slide 18 text

Issuing client assertion • ҎԼͷ಺༰ΛؚΊΔ • Client assertionͷൃߦऀ͸ୈ3ऀͰ΋ΫϥΠΞϯτࣗ਎Ͱ΋ྑ͍ {"iss":"issuer",  "sub":"subject", "aud":"audience", "exp":1412745300, "nbf":1412744700, "iat":1412745000,  "jti":"8046…0c" } ΫϨʔϜͷൃߦऀͷUIDΛؚΊΔ client_id ड৴ऀ(ೝূαʔό) ༗ޮظݶ [REQUIRED] ༗ޮʹͳΔ࣌ࠁ [OPTIONAL] ൃߦ࣌ࠁ [OPTIONAL] Ұҙͳࣝผࢠ [REQUIRED]

Slide 19

Slide 19 text

Client authentication using assertion • ϦΫΤετΛߦ͏ࡍʹClient AssertionΛ෇Ճ͢Δ • client_assertion_type͸  urn:ietf:params:oauth:client-assertion-type:jwt-bearer POST /token/oauth2 HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded ! grant_type=authorization_code  &code=37ac5695c507be6a15a093268fb7c592 &client_assertion_type=urn%3Aietf%3Aparams%3Aoauth  %3Aclient-assertion-type%3Ajwt-bearer  &client_assertion=PHNhbW[…snip…]ZT

Slide 20

Slide 20 text

Grant Authorization  with Client Authentication in Mobile App

Slide 21

Slide 21 text

Client Authentication in Mobile App Client Server private key public key grant_type=password  &username=(user name)  &password=(password) &client_assertion_type=urn%3Aietf%3Aparams  %3Aoauth%3Aclient-assertion-type%3Ajwt-bearer  &client_assertion=(client assertion) access_token=(ACCESS TOKEN) … 1. Issue Client Assertion 2. Password authorization with client assertion

Slide 22

Slide 22 text

Issuing Client Assertion • Client Assertion͸ϞόΠϧΞϓϦέʔγϣϯࣗ਎͕ൃߦ͢Δ • ΞϓϦέʔγϣϯʹ͸ॺ໊ͷͨΊͷൿີ伴ΛຒΊࠐΜͰ͓͘ { "iss":"(Mobile App GUID)",  "sub":"(client_id)", "aud":"(authorization server URI)", "exp":1412745300, "nbf":1412744700, "iat":1412745000,  "jti":"(GUID)" } Client Assertion Payload

Slide 23

Slide 23 text

Password Authorization  with Client Authentication • Ϣʔβͷݖݶೝূʹ͸ύεϫʔυೝূΛ࢖༻͢Δ • ύεϫʔυೝূΛߦ͏ࡍʹclient assertionΛ෇Ճͯ͠ϦΫΤετ͢Δ POST /token/oauth2 HTTP/1.1 Host: www.example.com Content-Type: application/x-www-form-urlencoded ! grant_type=password  &username=username  &password=password &client_assertion_type=urn%3Aietf%3Aparams%3Aoauth  %3Aclient-assertion-type%3Ajwt-bearer  &client_assertion=PHNhbW[…snip…]ZT

Slide 24

Slide 24 text

Security Issue • ΫϥΠΞϯτͷൿີ伴͕࿙ΕͨΒͲ͏͢Δʁ • ೉ಡԽΛ͕Μ͹Δ͔͠ͳ͍ • ϦϦʔεຖʹൿີ伴Λมߋ͢Δ • ΫϥΠΞϯτʹൿີ伴ΛೖΕͣʹΫϥΠΞϯτೝূ͢Δํ๏͕͋Δʁ

Slide 25

Slide 25 text

Pinning TLS Certiﬁcate

Slide 26

Slide 26 text

HTTPS Connection • ΫϥΠΞϯτ-αʔόؒͷ௨৴͸HTTPS௨৴ʹΑΓ҉߸Խ͞Ε͍ͯΔ • NSAͱճઢۀऀͱฐࣾΛআ͚͹௨৴಺༰Λ๣डͰ͖Δୈ3ऀ͸ଘࡏ͠ͳ͍ Client Server INCREDIBLE SAFTY HTTPS LINE

Slide 27

Slide 27 text

Sniff the access token from the channels • ΫϥΠΞϯτʹෆਖ਼ͳূ໌ॻΛΠϯετʔϧ͢Ε͹ୈ3ऀ͕TLSূ໌ॻΛ  ͢Γସ͑ͯ௨৴͢Δ͜ͱ͕ग़དྷΔ Client MIM  PROXY HTTPS SELF SIGNED CA CERTIFICATE Man In the Middle ATTACK SELF SIGNED CERTIFICATE HTTPS Server

Slide 28

Slide 28 text

MITM attacks to sniff the access token • ௨৴಺༰͸Ϣʔβʔʹ༰қʹ࿐ఄ͢Δ • ΦʔϓϯιʔεͷϓϩΩγ΋ͨ͘͞Μ͋ͬͯศར • ωΠςΟϒΞϓϦέʔγϣϯʹ͓͍ͯ௨৴࿏ͷൿಗੑ͸ΫϥΠΞϯτ  ར༻ऀͷखʹҕͶΒΕ͍ͯΔ • ΫϥΠΞϯτར༻ऀ͕ނҙʹߦ͑͹؆୯ʹதؒऀ߈ܸ͕Մೳ • ͦ΋ͦ΋ୈ3ऀͰ͸ͳ͍

Slide 29

Slide 29 text

Pinning certiﬁcate and public key • TLSূ໌ॻ͕ਖ਼͍͠΋ͷ͔Ͳ͏͔ΫϥΠΞϯτͰݕূΛߦ͏ • αʔόূ໌ॻ·ͨ͸CAূ໌ॻͷݕূΛߦ͏ • ݕূʹ͸ূ໌ॻɺ·ͨ͸ެ։伴ͷϑΟϯΨʔϓϦϯτΛ࢖͏ • ެ։伴ͷϑΟϯΨʔϓϦϯτΛ࢖͑͹ূ໌ॻΛൃߦ͠ͳ͓ͯ͠΋ϑΟϯ ΨʔϓϦϯτΛߋ৽͢Δඞཁ͕ͳ͍ • iOSͰ͸ެ։伴ͷϑΟϯΨʔϓϦϯτΛܭࢉ͢Δͷ͕೉͍͠Έ͍ͨʁ

Slide 30

Slide 30 text

Certificate pinning flow Client Server private key public key Obtaining fingerprints list of certificate/public key

Slide 31

Slide 31 text

Obtaining list of ﬁngerprints • ϑΟϯΨʔϓϦϯτͷϦετ͸தؒऀ߈ܸʹΑΓվ͟Μ͞ΕΔՄೳੑ͕͋Δ • JWTΛ༻͍ͯϑΟϯΨʔϓϦϯτ͕มߋ͞ΕΔ͜ͱΛ๷͙ { "iss":"(authorization server URI)", "aud":"(client app name)", "exp":1412745300, "certs": ["624C18A73174F8E7988CB636CED6334AD8FEBC72"],  "jti":"(GUID)" }

Slide 32

Slide 32 text

Conclusion • OAuth 2.0ͰJWTʹΑΔGrant AuthorizationΛߦ͏ʹ͸  OAuth 2.0 JWT Bearer token proﬁleΛ࢖͏ • Client-side ApplicationͰ͸ݖݶͷڐՄҎ֎ʹΫϥΠΞϯτೝূ͕  ඞཁʹͳΔ • TLSΑΓ্ͷϨΠϠʔͰͷೝূॲཧ͕ඞཁʹͳΔ • JSONͰͷ҉߸Խ/ॺ໊͸JWTΛ࢖͏ͱศར

Slide 33

Slide 33 text

References • OAuth Documentation  http://oauth.net/documentation/ • [RFC6749] The OAuth 2.0 Authorization Framework  http://tools.ietf.org/html/rfc6749 • JSON Web Token  https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27 • JSON Web Signature (JWS)  http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-33 • JSON Web Encryption (JWE)  http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-32