JOSE CAN YOU SEE… ‡ A technical overview of JWT and its JOSE underpinnings, which are poised to be the next generation identity token, as well as a look at using one open source implementation. Brian Campbell @__b_c IIW #18 May 2014 ‡ Partial credit for the title goes to Brad Tumy https://twitter.com/brad_tumy/status/33725
A technical overview of JSON Web Token (JWT) and its JOSE underpinnings, which are poised to be the next generation identity token, as well as a look at using one open source implementation (jose4j).
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
JOSE CAN YOU SEE…‡
A technical overview of JWT and its JOSE underpinnings, which are poised to be the next generation identity token, as well as a look at using one open source implementation.
Brian Campbell@__b_c
IIW #18May 2014
‡ Partial credit for the title goes to Brad Tumy
https://twitter.com/brad_tumy/status/3372505030
77552128
2
JWT + JOSE Overview
• JSON Web Token (JWT)– Compact URL-safe means of representing claims to be transferred
between two parties– JWS and/or JWE with JSON claims as the payload
• Javascript Object Signing and Encryption (JOSE)– JSON Web Signature (JWS)
• A way of representing content secured with a digital signature or MAC using JSON data structures and base64url encoding
– JSON Web Encryption (JWE)• Like JWS but for encrypting content
– JSON Web Key (JWK) • JSON data structure representing cryptographic key(s)
three nerds holding a blurry piece of paper they tell me is some kind of award for
OpenID Connect
4
jose4j Overview
• Open source (free as in beer) Java implementation of the JOSE specification suite
– Get yours at https://bitbucket.org/b_c/jose4j
• Relies solely on the JCA APIs for cryptography• 100% (Dammit Mike!) 97.5% Algorithm Support• Reference[able] implementation
– Fact checked the cookbook: http://tools.ietf.org/html/draft-ietf-jose-cookbook-02#appendix-A
• Completely free of intentional NSA backdoors– (but I’m open to “sponsorship” opportunities)
• Production ready: used throughout Ping Identity’s products• Rated the #1 JOSE implementation in the world (based on an unbiased survey of the library
author’s mother)
• Did I mention free? Easy too.• All proceeds from sales go to a charity that provides comfort and support
to dying identity protocols living out their final days• Take a stand against monoculture (did heartbleed teach us nothing?)
• base64url is *almost* like base64 – Both are a means of encoding binary data in a printable ASCII string format– Each 6 bits -> 1 character (from a 64 character alphabet)– 3 bytes -> 4 characters
• But base64url uses a URL safe alphabet rather than the nearly URL safe alphabet of regular base64
– 62 alphanumeric characters– “-” rather than “+”– “_” rather than “/”– Padding “=” is typically omitted
• A remaining unreserved URI character: “.”– This will prove important shortly
The JWTeyJraWQiOiI1IiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJodHRwczpcL1wvaWRwLmV4YW1wbGUuY29tIiwKImV4cCI6MTM1NzI1NTc4OCwKImF1ZCI6Imh0dHBzOlwvXC9zcC5leGFtcGxlLm9yZyIsCiJqdGkiOiJ0bVl2WVZVMng4THZONzJCNVFfRWFjSC5fNUEiLAoiYWNyIjoiMiIsCiJzdWIiOiJCcmlhbiJ9.SbPJIx_JSRM1wluioY0SvfykKWK_yK4LO0BKBiESHu0GUGwikgC8iPrv8qnVkIK1aljVMXcbgYnZixZJ5UOArg
The Header{"kid":"5","alg":"ES256"}
The Payload{"iss":"https:\/\/idp.example.com","exp":1357255788,"aud":"https:\/\/sp.example.org","jti":"tmYvYVU2x8LvN72B5Q_EacH._5A","acr":"2","sub":"Brian"}
The Signature[computery junk]
27
it’s not the size of your token…eyJraWQiOiI1IiwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJodHRwczpcL1wvaWRwLmV4YW1wbGUuY29tIiwKImV4cCI6MTM1NzI1NTc4OCwKImF1ZCI6Imh0dHBzOlwvXC9zcC5leGFtcGxlLm9yZyIsCiJqdGkiOiJ0bVl2WVZVMng4THZONzJCNVFfRWFjSC5fNUEiLAoiYWNyIjoiMiIsCiJzdWIiOiJCcmlhbiJ9.SbPJIx_JSRM1wluioY0SvfykKWK_yK4LO0BKBiESHu0GUGwikgC8iPrv8qnVkIK1aljVMXcbgYnZixZJ5UOArg
• Simpler = Better• Web safe encoding w/ no canonicalization
– Because canonicalization is a four letter word (especially when you spell it c14n)
• Improved Interoperability & (hopefully) More Secure • Eliminates entire classes of attacks
– XSLT Transform DOS, Remote Code Execution, and Bypass
– C14N Hash Collision w/ & w/out comments
– Entity Expansion Attacks
– XPath Transform DOS and Bypass
– External Reference DOS
– Signature Wrapping Attacks†
Brad Hill, pictured here speaking at CIS, is wicked smaht and published some of these attacks
† This poor bastard was the ‘victim’ in my POC of a signature wrapping vulnerability in SAML SSO for Google Apps http://www.google.com/about/appsecurity/hall-of-fame/reward/