Downloaded 23 times
![© 2018 Brian Campbell @__b_c
Do you even bind tokens, bro?
Client Server
ClientHello
...
token_binding [24]
token_binding_version [1,0]
key_parameters_list [2,0]
ServerHello
...
token_binding [24]
token_binding_version [1,0]
key_parameters_list [2]
Key Parameters:
(0) rsa2048_pkcs1.5
(1) rsa2048_pss
(2) ecdsap256
Also need extenstions:
Extended Master Secret
Renegotiation Indication
TLS Handshake](https://image.slidesharecdn.com/identiverse2018-campbell-tokenbinding-180705224334/75/Token-Binding-Identiverse-2018-18-2048.jpg)
![© 2018 Brian Campbell @__b_c
Thanks!
[probably no time for] Questions?
Etc.
BRIAN
CAMPBELL
@__b_c
FIN](https://image.slidesharecdn.com/identiverse2018-campbell-tokenbinding-180705224334/75/Token-Binding-Identiverse-2018-28-2048.jpg)
Uploaded byBrian Campbell
Token Binding Identiverse 2018
The document discusses token binding, a security feature that links cookies and tokens to a public-private key pair, enhancing security during TLS handshakes. It covers how bearer tokens work, their vulnerabilities, and the implementation of token binding in various use cases including OpenID Connect and OAuth. Additionally, it mentions the ongoing development of related IETF specifications and the importance of token binding across different browsers and platforms.
More Related Content
Similar to Token Binding Identiverse 2018
![OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...](https://cdn.slidesharecdn.com/ss_thumbnails/gluecon2014-oidc-140521065808-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
Token Binding Identiverse 2018
- 1. © 2018 BrianCampbell @__b_c Token Binding2018 BRIAN CAMPBELL @__b_c
- 2. © 2018 BrianCampbell @__b_c FAQ Who the heck are you?
- 3. © 2018 BrianCampbell @__b_c About Me Distinguished Engineer at Ping Identity & Official Unofficial Identiverse (formerly CIS) Photographer
- 4. © 2018 BrianCampbell @__b_c FAQ Um… Photographer?
- 5. © 2018 BrianCampbell @__b_c Yes, been pretending to have a career as a “photographer” since 2011 “L’Arroseur Arrosé” by David Brossard
- 6. © 2018 BrianCampbell @__b_c FAQ Do you have any actual qualifications?
- 7. © 2018 BrianCampbell @__b_c Mr. Irrelevant
- 8. © 2018 BrianCampbell @__b_c FAQ Didn’t you do this talk last year?
- 9. © 2018 BrianCampbell @__b_c Yes
- 10. © 2018 BrianCampbell @__b_c FAQ Can you just get on with it already?
- 11. © 2018 BrianCampbell @__b_c yes… after just this one more photo
- 12. © 2018 BrianCampbell @__b_c What is a Bearer Token? • A security token with the property that any party in possession of that token (i.e. the "bearer") can use the token to access the associated resources • No other proof beyond just having it is needed
- 13. © 2018 BrianCampbell @__b_c The Problem With Bearer Tokens Two Truths and a Lie
- 14. © 2018 BrianCampbell @__b_c Bearer Tokens are Everywhere
- 15. © 2018 BrianCampbell @__b_c© 2017 Brian Campbell The Room Where It Happens Token Binding for binding tokens
- 16. © 2018 BrianCampbell @__b_c Token Binding Overview • Enables a long-lived binding of cookies or other security tokens to a client generated public-private key pair • Use is negotiated in TLS handshake via TLS extension • Possession of key is proven by signing the EKM (TLS Exported Keying Material) and sending an HTTP header in every request • Cookies and tokens can be bound to the key • Key is scoped to the effective top-level domain + 1 • Federated use-cases supported via referred token binding (vs. provided)
- 17. © 2018 BrianCampbell @__b_c Hello! Do you like my extension?
- 18. © 2018 BrianCampbell @__b_c Do you even bind tokens, bro? Client Server ClientHello ... token_binding [24] token_binding_version [1,0] key_parameters_list [2,0] ServerHello ... token_binding [24] token_binding_version [1,0] key_parameters_list [2] Key Parameters: (0) rsa2048_pkcs1.5 (1) rsa2048_pss (2) ecdsap256 Also need extenstions: Extended Master Secret Renegotiation Indication TLS Handshake
- 19. © 2018 BrianCampbell @__b_c Token Binding over HTTPS Client Server GET /stuff HTTP/1.1 Host: example.com Sec-Token-Binding: AIkAAgBBQLgtRpWFPN66kxhxGrtaKrzcMtHw7HV8 yMk_-MdRXJXbDMYxZCWnCASRRrmHHHL5wmpP3bhYt0ChRDbsMapfh_QAQ N1He3Ftj4Wa_S_fzZVns4saLfj6aBoMSQW6rLs19IIvHze7LrGjKyCfPT KXjajebxp-TLPFZCc0JTqTY5_0MBAAAA HTTP Request • Encoded Token Binding Message – (1 or more) Token Bindings • Type (provided / referred) • Token Binding ID (key type and public key) • Signature over type, key type, and EKM (TLS Exported Keying Material) • Extensions • Proves possession of the private key on the TLS connection • Keys are long-lived and span TLS connections • Keys are generated by the client
- 20. © 2018 BrianCampbell @__b_c Binding Cookies • The most straightforward application binds a cookie to the Token Binding key • Server associates Token Binding ID (key) with cookie & checks on subsequent use • Prevents the cookie from being used by a party that doesn’t have the key • Augments existing authentication and session mechanisms • Transparent to users • No key distribution (or certificates) • Deployment can be phased in
- 21. © 2018 BrianCampbell @__b_c Okay, Just Take It Easy Privacy Nerds Advocates • Token Binding is not a supercookie or new big brother tracking mechanism • Client generates a unique key pair per effective top-level domain + 1 (eTLD+1) – E.g., example.com, www.example.com, and etc.example.com share binding but not example.org or example.co.uk • Same scoping rules and privacy implications as cookies
- 22. © 2018 BrianCampbell @__b_c But what if we need 2Federate? • There’s an HTTP response header that tells the browser that it should reveal the Token Binding ID (the key) used between itself and the RP (referred) in addition to the one used between itself and the IDP (provided) Browser Identity Provider (IDP)Relying Party (RP) HTTP/1.1 302 Found Location: https://idp.example.com Include-Referred-Token-Binding-ID: true GET / HTTP/1.1 Host: idp.example.com Sec-Token-Binding: ARIAAgBBQB-XOPf5ePlf7ikATiAFEGOS503 lPmRfkyymzdWwHCxl0njjxC3D0E_OVfBNqrIQxzIfkF7tWby2Zfya E6XpwTsAQBYqhFX78vMOgDX_Fd_b2dlHyHlMmkIz8iMVBY_reM98O UaJFz5IB7PG9nZ11j58LoG5QhmQoI9NXYktKZRXxrYAAAECAEFAdU FTnfQADkn1uDbQnvJEk6oQs38L92gv-KO-qlYadLoDIKe2h53hSiK wIP98iRj_unedkNkAMyg9e2mY4Gp7WwBAeDUOwaSXNz1e6gKohwN4 SAZ5eNyx45Mh8VI4woL1BipLoqrJRoK6dxFkWgHRMuBROcLGUj5Pi OoxybQH_Tom3gAA two bindings: provided and referred
- 23. © 2018 BrianCampbell @__b_c The Specifications • Base – TLS Extension for Token Binding Protocol Negotiation https://tools.ietf.org/html/draft-ietf-tokbind-negotiation – The Token Binding Protocol https://tools.ietf.org/html/draft-ietf-tokbind-protocol – Token Binding over HTTP https://tools.ietf.org/html/draft-ietf-tokbind-https • OIDC – OpenID Connect Token Bound Authentication http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html • OAuth – OAuth 2.0 Token Binding https://tools.ietf.org/html/draft-ietf-oauth-token-binding • Deployment – HTTPS Token Binding with TLS Terminating Reverse Proxies https://tools.ietf.org/html/draft-ietf-tokbind-ttrp
- 24. © 2018 BrianCampbell @__b_c Base Specifications • Token Binding Negotiation, Protocol, and HTTP basically define what was described in the overview • All 3 IETF drafts are in the final throes of the IETF process, which is getting close* to RFC status Draft support in Google Chrome & Microsoft Edge/IE, .NET Framework, Google servers, open source work in OpenSSL, Apache, NGINX and Java
- 25. © 2018 BrianCampbell @__b_c OpenID Connect Token Bound Authentication • Utilizes the Include-Referred-Token- Binding-ID header and the Referred Token Binding • Binds the ID Token to the Token Binding ID the browser uses between itself and the Relying Party • Defines and uses token binding hash “tbh” member of the JWT confirmation claim “cnf” • OpenID Foundation spec is draft status but is presumably relatively stable
- 26. © 2018 BrianCampbell @__b_c Token Binding for OAuth Too • Binding of access tokens (via referred) – Uses JWT tbh cnf and defines it for token introspection • Binding of refresh tokens (via provided) • Client registration & server metadata • Binding of authorization codes via two PKCE variants – for native app clients – Web server clients • Binding of JWT Authorization Grants and JWT Client Authentication • IETF spec is a working group draft and, while there are no known/expected normative changes, it’s anticipated to be in draft for a considerable time
- 27. © 2018 BrianCampbell @__b_c HTTPS Token Binding with TLS Terminating Reverse Proxies (TTRP) • Defines HTTP headers that enable a proxy and backend server to function together as a single logical server side deployment of HTTPS Token Binding • Spec is an IETF working group draft with some hope of moving quickly
- 28. © 2018 BrianCampbell @__b_c Thanks! [probably no time for] Questions? Etc. BRIAN CAMPBELL @__b_c FIN
Editor's Notes
- #4 “Distinguished” – they ran out of titl
- #6 CIS 2014 in Monterey
- #10 Still believe it’s important Needed to justify coming here Slow process
- #12 Spring of 2016 at IETF 95 Buenos Aires where I got more serious about TB
- #14 From real job vs. pretend aspirational career
- #15 Protections a plenty but compromise still happens Subdomain Takeovers (e.g. Uber in late 2017) Some are critical of on HttpOnly b/c it is narrow but it does this one thing
- #16 Spring 2015 at IETF 92 Dallas Inoculate against use by unauthorized party
- #25 IETF 100 in Singapore just one of the meetings involving this work
- #26 1st discussed in BA hotel room at IETF 95 April 2016
- #27 1st presented by Mike at Berlin IETF 96 July 2016
- #28 First floated the idea at IETF 97 Seoul in Nov 2016