W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2019

Re: Man-in-the-middle attack against WebAuthn by a powerful attacker

From: John Bradley <ve7jtb@ve7jtb.com>
Date: Fri, 22 Feb 2019 12:16:28 -0300
To: public-webauthn@w3.org
Message-ID: <47f3c019-110a-21f4-d0b9-05685eb43eb2@ve7jtb.com>
Token Binding is a mitigation if used.   It meets the requirements for 
SP800-63-3 AAL3.

There is a spec for reverse proxies to pass on token binding info.  So 
if properly set up a reverse proxy should be no problem.

It is true that Edge is currently the only browser supporting it.  That 
may change.

So I will grant that the mitigation is not widely available currently.

The certificate thumbprint idea is used in Fido UAF as an option.

It is better than the origin alone.   It still has issues with forward 
proxies.   The browser will  likely have the TLS certificate of the 
proxy not the one for the Authentication server.

I don't think that it would meet the requirements of AAL3 because the 
assertion is not cryptographicly bound to the TLS session as it is in 
token binding.

The thumbprint would need to be added both to CTAP2 and WebAuthn.  It 
could be an extension but is a significant change that browsers would 
need to support.

John B.

On 2/22/2019 2:05 AM, David Waite wrote:
> This attack would imply at least partial control of networking 
> infrastructure (client routing or RP DNS) and of a legitimate CA, 
> meaning it is either an enterprise policy, an attack based on 
> enterprise policy, or state actor attack.
> Typically I would expect this to be solved by some form of certificate 
> transparency or certificate pinning:
> - `HPKP` was a previous solution for this, but was unfortunately 
> abusable and will never see wide adoption
> - Certificate Transparency (and the `Expect-CT` header) allow a site 
> to opt into certificate transparency for browsers that support it
> - Including the TLS thumbprint of the TLS Certificate in 
> `clientDataJSON` (when token binding is not supported) would allow the 
> RP infrastructure to validate against a whitelist of TLS certificates.
> On Thu, Feb 21, 2019 at 2:29 PM Mart Sõmermaa <mart.somermaa@gmail.com 
> <mailto:mart.somermaa@gmail.com>> wrote:
>     Hello!
>     Have you considered that origin validation is not a sufficient
>     countermeasure against man-in-the-middle attacks in case of a
>     powerful attacker who controls responses to user's DNS requests
>     and has a valid certificate that is trusted by the user's browser
>     for the target host?
>     Full details of the attack here:
>     https://gitlab.com/mrts/webauthn-additions/wikis/Man-in-the-middle-attack-against-WebAuthn-by-a-powerful-attacker
>     I have a proposal how to mitigate this, but I would like to hear
>     your thoughts regarding this first.
>     Thanks in advance for looking into this,
>     Mart Sõmermaa
> -- 
> Ping Identity <https://www.pingidentity.com> 	
> David Waite
> Principal Technical Architect, CTO Office
> dwaite@pingidentity.com <mailto:dwaite@pingidentity.com>
> w: 303 468 2855
> Connect with us: 	Glassdoor logo 
> <https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm> 
> LinkedIn logo <https://www.linkedin.com/company/21870> twitter logo 
> <https://twitter.com/pingidentity> facebook logo 
> <https://www.facebook.com/pingidentitypage> youtube logo 
> <https://www.youtube.com/user/PingIdentityTV> Google+ logo 
> <https://plus.google.com/u/0/114266977739397708540> Blog logo 
> <https://www.pingidentity.com/en/blog.html>
> <https://4.pingidentity.com/WB-2019.2.27apiinnovators_lpWebinarRegistration.html?utm_medium=webinar&utm_source=Direct%20to%20Website&utm_campaign=WB-2019.2.27apiinnovators-WEB> 
> /CONFIDENTIALITY NOTICE: This email may contain confidential and 
> privileged material for the sole use of the intended recipient(s). Any 
> review, use, distribution or disclosure by others is strictly 
> prohibited..  If you have received this communication in error, please 
> notify the sender immediately by e-mail and delete the message and any 
> file attachments from your computer. Thank you./ 
Received on Friday, 22 February 2019 15:16:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:02 UTC