Security Hannes Tschofenig. Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should.

Slides:

Advertisements

Similar presentations

IEEE MEDIA INDEPENDENT HANDOVER DCN: xx-00-sec Title: Initiate An Exercise for Generating a 21a Document Date Submitted: September 21, 2009.

Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Akshat Sharma Samarth Shah

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.

IETF OAuth Proof-of-Possession

Access Control Methodologies

1 IETF OAuth Proof-of-Possession Hannes Tschofenig.

Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

OASIS Reference Model for Service Oriented Architecture 1.0

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Hannes Tschofenig MIT CFP Privacy & Security Working Group Feb. 2 nd 2011.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography for Network Security

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Use Case Development Scott Shorter, Electrosoft Services January/February 2013.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

OAuth Security Hannes Tschofenig Derek Atkins. State-of-the-Art Design Team work late 2012/early 2013 Results documented in Appendix 3 (Requirements)

1 Confidential Authentication Session Hannes Tschofenig.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Chapter 31 Network Security

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

Remotely authenticating against the Service Framework.

SASL-SAML update Klaas Wierenga Kitten WG 9-Nov-2010.

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.

Chapter 21 Distributed System Security Copyright © 2008.

IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Hannes Tschofenig, Blaine Cook. 6/4/2016 IETF #77, SAAG 2 The Problem.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats-01.txt Hannes Tschofenig, Henning Schulzrinne, Murugaraj.

M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:

SEC #11 WG4 Status & Release 1 Outlook Group Name: Source:,, Meeting Date: Agenda Item:

#SummitNow Consuming OAuth Services in Alfresco Share Alfresco Summit 2013 Will Abson

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.

Phil Hunt, Hannes Tschofenig

Computer Communication & Networks

PLUG-N-HARVEST ID: H2020-EU

Securing the CASP Protocol

SharePoint Online Authentication Patterns

Chinese wall model in the internet Environment

Shared Infrastructure

Presentation transcript:

Security Hannes Tschofenig

Goal for this Meeting Use the next 2 hours to determine what the security consideration section of the OAuth draft(s) should contain. Currently, the security consideration section of draft-ietf-oauth-v2-10 is empty. Note: No time to actually write text today. The next couple of slides are an introduction to get the discussion started. – Approaches the topic based on NIST SP

Abstract View on OAuth,-. (* *) `+' User ' : |--- ~~~~~~~~~~: : Service / \ : Management : Interaction / \ : of Resources : : Consent : : : : : +---:-+ Carol : : 1. |Carol| as : : Obtain.'>| | Asserting : : Access.' Party : : Token.' : :.' : : v' : +-: :--+ Bob |Alice| |Bob | as | | 2. Authenticated | | Relying Request Party Access Token

Status: draft-ietf-oauth-v2-10 (with relevance for security) Token: – Token Format not specified – Token Content not specified – Protection of token unspecified. HTTP Basic Authentication used for interaction with the authorization server, see (1) No HTTP-level authentication for authenticated request (2) specified. TLS not mandatory to use for (2) either.

Example Instantiation: Web Server Flow

Security Threats (based on NIST SP ) 1.Token manufacture/modification An attacker may generate a bogus token or modify the token content of an existing token, causing Bob to grant inappropriate access to the Alice. 2.Token disclosure Tokens may contain authentication and attribute statements that include sensitive information. 3.Token redirect An attacker uses the token generated for consumption by Bob to obtain access to a second Relying Party. 4.Token reuse An attacker attempts to use a token that has already been used once with Bob.

Threat Mitigation (based on NIST SP ) Token modification: – Protect the content, or use a reference instead! Token redirect: – Carol must include the identity of the token consumer, Bob. Token disclosure: – Variant (a): Do not include sensitive information – Variant (b): Offer confidentiality protection

Dealing with Token Reuse Approach #1: Confidentiality Protection & extra condition* *: Alice has to make sure it does not distribute the token to entities other than Bob TLS Carol Alice Bob

Dealing with Token Reuse (2) Approach #2: Sender Constraint Token contains information about the legitimate presenter (Alice). Bob has to authenticate Alice first to verify whether the token constraint matches the authenticated identity

Dealing with Token Reuse (3) Approach #3: Key Confirmation Req Token, {Request}SK, {SK}Bob Carol Alice Bob Token,SK, {SK}Bob TLS

Mandatory to implement? Challenge: draft-ietf-oauth-v2-10 does not provide a completely interoperable solution since many aspects are left for bi-lateral agreements between Alice & Bob. – So, what should be mandatory to implement? Key Confirmation Approach – Experience in deployment available from Kerberos. – Other approaches suffer from operational considerations Ensuring that Alice only provides token to Bob Establishing authentication infrastructure Putting proper constraints in the token. MUST implement and use TLS between Alice and Carol (exchange #1)

Additional Security Considerations This slide set focuses on the token exchange. Security for the exchange between Alice and Carol isn’t described in great detail. Main document can only provide requirements for token protection – Will have to be postponed to documents covering the details. Example: Additional security considerations based on properties of individual flows. – Relate to properties provided by operating systems, libraries/application frameworks, and browsers.