Slide 1

Slide 1 text

@maciejtreder WT* is JWT?!

Slide 2

Slide 2 text

What the **** is JWT?! hell

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

I like you

Slide 5

Slide 5 text

I like you I like you I don’t like you!

Slide 6

Slide 6 text

I like you I like you I don’t like you!

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

Symmetric cipher a b c d e f g h i j k l m 1 2 3 4 5 6 7 8 9 10 11 12 13 n o p r s t u v w x y z _ 14 15 16 17 18 19 20 21 22 23 24 25 26 I like you 9 26 12 9 11 5 26 24 15 20

Slide 9

Slide 9 text

What if…?

Slide 10

Slide 10 text

Asymmetric cipher • Private key - used to decrypt the message • Public key - used to encrypt the message • Keys are generated using the one-way function f(p,q) = p*q where p & q are primes • Keys can be used interchangeably

Slide 11

Slide 11 text

RSA key • Select p & q primes • Calculate n = p*q • Calculate φ = (p-1)*(q-1) • Choose such e, relatively prime to φ gcd(φ,e) == 1 • Compute such d, that (ed-1) modφ=0 • Private key = (n,e) • Public key = (n,d) p=11 q=3 n = 11*3 = 33 φ = (11-1)*(3-1) = 20 e = 3 d=7 (ed-1) mod φ = 0 (3d-1) mod 20 = 0 3d-1 = 20n d = (20n + 1)/3 d = (20*1+1)/3 d = 21/3 public key = (n, e) = (33, 3) private key = (n, d) = (33, 7)

Slide 12

Slide 12 text

Asymmetric cipher Mikes public key Mikes private key Kates public key Kates private key

Slide 13

Slide 13 text

Asymmetric cipher c = m^e mod n public key = (n, e) = (33, 3) private key = (n, d) = (33, 7) a b c d e f g h i j k l m m 2 3 4 5 6 7 8 9 10 11 12 13 14 c 8 27 31 26 18 13 17 3 10 11 12 19 5 n o p r s t u v w x y z _ m 15 16 17 18 19 20 21 22 23 24 25 26 27 c 9 4 29 24 28 14 21 22 23 30 16 20 15 I like you 10 15 19 10 12 18 15 16 4 21 m’ = c^d mod n

Slide 14

Slide 14 text

What if…? Mikes public key Mikes private key Kates public key Kates private key

Slide 15

Slide 15 text

Breaking the RSA • Compromising public key gives an attacker the modulus n • Key sizes - 1024 to 4096 bit (from 2^1024 to 2^4096) • p: 109337661836325758176115170347306682871557999846322234541387456711212734562876700082908433028755212749702453145932 22946129064538358581018615539828479146469 • q: 109106169673491102317237340786149226453370608821417489682098342251389760111799933942998101597369044685540217082898 24396553412180514827996444845438176099727 • 1024 bit modulus: 119294134840169509055527211331255649644606569661527638012067481954943056851150333806315957037715620297305000118628 770846689969112892212245457118060574995989517080042105263427376322274266393116193517839570773505632231596681121927 337473973220312512599061231322250945506260066557538238517575390621262940383913963

Slide 16

Slide 16 text

Signing • Write the message • Hash the message • Encrypt hash with your private key • Combine message with hash • Encrypt message+hash with their public key • I like you • f1d049f7b893bf8601c66045b801d590 • xxx-yyy-zzz • I like you.xxx-yyy-zzz • aaa-bbb-ccc

Slide 17

Slide 17 text

Verifying • Receive the message • Decrypt using your private key • Get original message & encrypted hash • Hash the original message • Decrypt received hash using their public key • Compare hashes • aaa-bbb-ccc • I like you.xxx-yyy-zzz • f1d049f7b893bf8601c66045b801d590 • xxx-yyy-zzz -> f1d049f7b893bf8601c66045b801d590

Slide 18

Slide 18 text

Signing

Slide 19

Slide 19 text

Signing + = - =

Slide 20

Slide 20 text

Signing

Slide 21

Slide 21 text

Signing • Create a message • Hash the message • Encrypt hash with private key • Combine message and encrypted hash • From tomorrow everyone in the kingdom must use his le hand to open the door. • F03CF2EF5AFCE429DB88051746F3864B • Vf2Lx/jOUNLoXawCw4disZhrFfqcoNRGDvpG+SbxUX0= • { “message”: “From tomorrow everyone in the kingdom must use his le hand to open door.” “signature”: “Vf2Lx/jOUNLoXawCw4disZhrFfqcoNRGDvpG+SbxUX0=” }

Slide 22

Slide 22 text

Verifying • Get the message • Hash the message • Decrypt the signature • Compare hash with decrypted signature • { “message”: “From tomorrow everyone in the kingdom must use his le hand to open door.” “signature”: “Vf2Lx/jOUNLoXawCw4disZhrFfqcoNRGDvpG+SbxUX0=” } • F03CF2EF5AFCE429DB88051746F3864B • Vf2Lx/jOUNLoXawCw4disZhrFfqcoNRGDvpG+SbxUX0= • F03CF2EF5AFCE429DB88051746F3864B

Slide 23

Slide 23 text

That’s what most people call JWT

Slide 24

Slide 24 text

JSON Web Signature eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJJIGFtIjoiSlNPTiBXZWIgVG9rZW4if Q.NmTt6oAkllTqmLqR-QqKxIgIsIaZIRIcBjNyhPnGziU {"alg":"HS256","typ":"JWT"}.{"I am":"JSON Web Token"}.NmTt6oAkllTqmLqR- QqKxIgIsIaZIRIcBjNyhPnGziU

Slide 25

Slide 25 text

JSON Web Signature eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJJIGFtIjoiSlNPTiBXZWIgVG9rZW4if Q.NmTt6oAkllTqmLqR-QqKxIgIsIaZIRIcBjNyhPnGziU • JOSE Header Javascript Object Signing and Encryption information about token type, encryption algorithm • Payload - message body • Signature - encrypted header and body

Slide 26

Slide 26 text

So.. What the **** is JWT? • JWT does not exist itself • Signed JWT is called JWS (JSON Web Signature) • Encrypted JWT is called JWE (JSON Web Encryption) JWT JWS JWE

Slide 27

Slide 27 text

Registered claims { "alg":"HS256", "typ":"JWT" } { "iss": "authorization-service", "sub": "myself", "aud": "someone", "iat": 1594655553034, "nbf": 1594655553134, "exp": 1594655553234, "jti": 12345 } Algorithm used for signing Token type Issuer Subject (the user) Audience (recipient) Issued at (time at which token was issued) Not before (time before which token is not valid) Expires (time a er which token is not valid) Unique identifier

Slide 28

Slide 28 text

Custom claims { “alg":"RS512", "typ":"JWT" } { "name": "Maciej", "surname": "Treder", "privileges": ["booking_reschedule"], "exp": 1594655553234 } • Public claims - defined at will by those using JWTs. To avoid collisions should be defend in the IANA JSON Web Token Registry • Private claims - custom claims create to share information between parties that agree on using them

Slide 29

Slide 29 text

Pre JWT authorization POST /auth userID

Slide 30

Slide 30 text

Pre JWT authorization POST /auth userID POST /book POST /changeGate POST /cancelFlight

Slide 31

Slide 31 text

Pre JWT authorization POST /auth userID POST /book POST /changeGate POST /cancelFlight canChange? canBook? canCancel?

Slide 32

Slide 32 text

Pre JWT authorization POST /auth userID POST /book POST /changeGate POST /cancelFlight

Slide 33

Slide 33 text

JWT authorization POST /auth {privs: [“booking”], exp: 12345}

Slide 34

Slide 34 text

JWT authorization POST /auth {privs: [“booking”], exp: 12345} POST /book POST /changeGate POST /cancelFlight

Slide 35

Slide 35 text

JWT authorization POST /auth {privs: [“booking”], exp: 12345} POST /book POST /changeGate POST /cancelFlight

Slide 36

Slide 36 text

JWT authorization POST /auth POST /changeGate @PostMapping("/changeGate") public ResponseEntity changeGate( @RequestHeader("jwt-token") Token token, @RequestBody Gate gate ) { DecodedToken decoded = decodeToken(token); if(decoded.hasPrivilege("changeGate") && verifySignature(token)) { changeGate(gate); return this.flightDetails; } throw new AuthorizationFailureException(); } {privs: [“booking”]}

Slide 37

Slide 37 text

JWT authorization verify claim and signature

Slide 38

Slide 38 text

Delegate validation to 3rd parties verify claim and signature

Slide 39

Slide 39 text

Delegate validation to 3rd parties

Slide 40

Slide 40 text

Further reading • JSON web token validation https://learn.akamai.com/en-us/webhelp/api-gateway/api-gateway-user-guide/ GUID-682D1D3F-4CF2-46F2-B16B-5E0E1E991218.html • Protecting JavaScript Microservices on Node.js with JSON Web Tokens and Twilio Authy https://www.twilio.com/blog/protecting-javascript-microservices-node-js-json-web-tokens-twilio- authy

Slide 41

Slide 41 text

OAuth

Slide 42

Slide 42 text

OAuth authenticate access token request resource validate token token valid return resource authenticate client

Slide 43

Slide 43 text

OAuth authenticate access token request resource return resource authenticate client validate token

Slide 44

Slide 44 text

JWKS • What if my key get compromised? • What if want to rotate keys? • What if I want to invalidate someones access? • JSON Web Key Set • A repository of keys (public, private, symmetric)

Slide 45

Slide 45 text

JWKS { "alg":"HS256", "typ":"JWT", "kid":"12", "jku":"https://my-service.com/.well-known/jwks.json" } { "privileges": ["booking_reschedule"] } NmTt6oAkllTqmLqR-QqKxIgIsIaZIRIc

Slide 46

Slide 46 text

JWKS { "keys": [ { "kty": "RSA", "kid": "1", "alg": "RS256", "use": "sig", "e": "AQAB", "n": "ujZ1fTy2k- xc6Fa3Bfqe1T78Zx_oWBkDS1TNgw8Jbvbzfj5wgK5 _xSK5ikNlkOXvBjrsVOnCCJXTNiHZxMtIfARbz91O-5n cuNah1H6WntWrLmaVfiIMaaKoNjDzScG1cIjPITarEV jDb0GI0eH9BKpFz8LUbVlcy2m7IOKbmDt6yusHsj7z OfjlV55dT1FU- q5bfyLXQyCf7Uy2JJAVEutWLMp3Ld53q9mvW47Lh hXKl5pKKbLARJgkccpQdN0bURiggvYjs2SHmZgh6d Ceap1mki4LB2aX-Z4TB- u8GbLq51HPZSpK71rR0QzZozluS5aLE49ciQ6-5u7K HWBbrQ" } ] } Key type Key ID Algorithm Usage Exponent Modulus

Slide 47

Slide 47 text

JWKS Standard attributes: • kty - key type • kid - key ID • alg - algorithm [HMAC, RSA, …] • use - usage • e - exponent number • m - modulus number Chinese remainder algorithm: • p, q - prime factors • dp - d (mod p-1) • dq - d (mod q-1) • qi - q^-1 (mod p) Certificate: • x5c - x.509 certificate chain • x5t - Thumbprint of the x.509 cert

Slide 48

Slide 48 text

JWKS

Slide 49

Slide 49 text

JWKS

Slide 50

Slide 50 text

JWKS { "alg":"HS256", "typ":"JWT", "kid":"12", "jku":"https://my-service.com/.well-known/jwks.json" } { "privileges": ["change_gate"] } NmTt6oAkllTqmLqR-QqKxIgIsIaZIRIc

Slide 51

Slide 51 text

Pitfalls & Vulnerabilities

Slide 52

Slide 52 text

Data Security • JWS payload is encoded not encrypted • Never store sensitive data (ie. credit card numbers) in JWS token • If you want to store sensitive data choose JWE

Slide 53

Slide 53 text

Unsigned JWT • JWT doesn’t need to be signed • Do not rely only on the header when you’re validating the token • “alg”: “none”

Slide 54

Slide 54 text

Error Responses • Pay attention to what you are providing in the error response • https://github.com/jwt-dotnet/jwt/issues/ 61

Slide 55

Slide 55 text

Weak Key • HS256 (HMAC-SHA256) • Token is signed applying the SHA256 twice • When attacker obtains a signed token, he can “easily” retrieve the key (ie. by using the HashCat) • According to documentation, use key which has at least same size as the hash output (256 bit for HS256)

Slide 56

Slide 56 text

Decoding != Verifying • Decoding is enough only for denying access (lack of required claim) • Always verify signature if you want grant someone access • Read library documentation, o en verifying process is available as a separate method

Slide 57

Slide 57 text

“Time” attack • Applies when signature is verified byte-a er-byte • Once bytes doesn’t match then access is denied • Attacker may observe the response time and generate next bytes of the signature

Slide 58

Slide 58 text

jku • Always verify the URL provided as a jku claim { "alg":"HS256", "typ":"JWT", "kid":"12", "jku":"https://attacker.com/.well-known/jwks.json" } { "privileges": ["change_gate"] }

Slide 59

Slide 59 text

jku validation

Slide 60

Slide 60 text

Summary • JWT is o en confused with JWS which is one of it’s implementations • It’s a way of stateless data exchange • JWS is built of JOSE header, payload and signature • It’s a good place too keep not-sensitive data, which value should be verified • Always follow given algorithm best practices (i.e. pass-phrase/key size) • JWE is a good choice if you want to keep data encrypted

Slide 61

Slide 61 text

Resources • JWT.IO https://jwt.io • JSON web token validation https://learn.akamai.com/en-us/webhelp/api-gateway/api-gateway-user-guide/ GUID-682D1D3F-4CF2-46F2-B16B-5E0E1E991218.html • Verify JWT With JSON Web Key Set (JWKS) In API Gateway https://blogs.akamai.com/2019/10/verify-jwt-with-json-web-key-set-jwks-in-api-gateway.html • RFC 7519 - JSON Web Token https://tools.ietf.org/html/rfc7519

Slide 62

Slide 62 text

Resources • Building JavaScript Microservices with Node.js https://www.twilio.com/blog/building-javascript-microservices-node-js • Implementing Eureka and Zuul for Service Discovery and Dynamic Routing in JavaScript Microservices Running on Node.js https://www.twilio.com/blog/eureka-zuul-service-discovery-dynamic-routing-javascript-microservices-node-js • Scaling Node.js JavaScript Microservices on Shared MongoDB Atlas Cloud Persistence Layers https://www.twilio.com/blog/scale-node-js-javascript-microservices-shared-mongodb-atlas • Protecting JavaScript Microservices on Node.js with JSON Web Tokens and Twilio Authy https://www.twilio.com/blog/protecting-javascript-microservices-node-js-json-web-tokens-twilio-authy

Slide 63

Slide 63 text

Feedback https://bit.ly/2DbNOcM

Slide 64

Slide 64 text

@maciejtreder