Security of REST authentication schemes

Question

Background   I m designing the authentication scheme for a REST web service  This doesn t  really  need to be secure  it s more of a personal project  but I want to make it as secure as possible as an exercise learning experience  I don t want to use SSL since I don t want the hassle and  mostly  the expense of setting it up   These SO questions were especially useful to get me started    RESTful Authentication Best Practices for securing a REST API   web service Examples of the best SOAP REST RPC web APIs  And why do you like them  And what   s wrong with them    I m thinking of using a simplified version of Amazon S3 s authentication  I like OAuth but it seems too complicated for my needs   I m adding a randomly generated nonce  supplied by the server  to the request  to prevent replay attacks   To get to the question    Both S3 and OAuth rely on signing the request URL along with a few selected headers  Neither of them sign the request body for POST or PUT requests  Isn t this vulnerable to a man-in-the-middle attack  which keeps the url and headers and replaces the request body with any data the attacker wants   It seems like I can guard against this by including a hash of the request body in the string that gets signed  Is this secure

User · Answer

Or you could use the known solution to this problem and use SSL  Self-signed certs are free and its a personal project right

User · Answer

REST means working with the standards of the web  and the standard for  secure  transfer on the web is SSL  Anything else is going to be kind of funky and require extra deployment effort for clients  which will have to have encryption libraries available   Once you commit to SSL  there s really nothing fancy required for authentication in principle  You can again go with web standards and use HTTP Basic auth  username and secret token sent along with each request  as it s much simpler than an elaborate signing protocol  and still effective in the context of a secure connection  You just need to be sure the password never goes over plain text  so if the password is ever received over a plain text connection  you might even disable the password and mail the developer  You should also ensure the credentials aren t logged anywhere upon receipt  just as you wouldn t log a regular password   HTTP Digest is a safer approach as it prevents the secret token being passed along  instead  it s a hash the server can verify on the other end  Though it may be overkill for less sensitive applications if you ve taken the precautions mentioned above  After all  the user s password is already transmitted in plain-text when they log in  unless you re doing some fancy JavaScript encryption in the browser   and likewise their cookies on each request   Note that with APIs  it s better for the client to be passing tokens - randomly generated strings - instead of the password the developer logs into the website with  So the developer should be able to log into your site and generate new tokens that can be used for API verification   The main reason to use a token is that it can be replaced if it s compromised  whereas if the password is compromised  the owner could log into the developer s account and do anything they want with it  A further advantage of tokens is you can issue multiple tokens to the same developers  Perhaps because they have multiple apps or because they want tokens with different access levels    Updated to cover implications of making the connection SSL-only

User · Answer

In fact  the original S3 auth does allow for the content to be signed  albeit with a weak MD5 signature     You can simply enforce their optional practice of including a Content-MD5 header in the HMAC  string to be signed    http   s3 amazonaws com doc s3-developer-guide RESTAuthentication html  Their new v4 authentication scheme is more secure   http   docs aws amazon com general latest gr signature-version-4 html

User · Answer

Or you could use the known solution to this problem and use SSL  Self-signed certs are free and its a personal project right

User · Answer

A previous answer only mentioned SSL in the context of data transfer and didn t actually cover authentication   You re really asking about securely authenticating REST API clients   Unless you re using TLS client authentication  SSL alone is NOT a viable authentication mechanism for a REST API   SSL without client authc only authenticates the server  which is irrelevant for most REST APIs because you really want to authenticate the client     If you don t use TLS client authentication  you ll need to use something like a digest-based authentication scheme  like Amazon Web Service s custom scheme  or OAuth 1 0a or even HTTP Basic authentication  but over SSL only    These schemes authenticate that the request was sent by someone expected   TLS  SSL   without client authentication  ensures that the data sent over the wire remains untampered   They are separate - but complementary - concerns   For those interested  I ve expanded on an SO question about HTTP Authentication Schemes and how they work

User · Answer

A previous answer only mentioned SSL in the context of data transfer and didn t actually cover authentication   You re really asking about securely authenticating REST API clients   Unless you re using TLS client authentication  SSL alone is NOT a viable authentication mechanism for a REST API   SSL without client authc only authenticates the server  which is irrelevant for most REST APIs because you really want to authenticate the client     If you don t use TLS client authentication  you ll need to use something like a digest-based authentication scheme  like Amazon Web Service s custom scheme  or OAuth 1 0a or even HTTP Basic authentication  but over SSL only    These schemes authenticate that the request was sent by someone expected   TLS  SSL   without client authentication  ensures that the data sent over the wire remains untampered   They are separate - but complementary - concerns   For those interested  I ve expanded on an SO question about HTTP Authentication Schemes and how they work

User · Answer

REST means working with the standards of the web  and the standard for  secure  transfer on the web is SSL  Anything else is going to be kind of funky and require extra deployment effort for clients  which will have to have encryption libraries available   Once you commit to SSL  there s really nothing fancy required for authentication in principle  You can again go with web standards and use HTTP Basic auth  username and secret token sent along with each request  as it s much simpler than an elaborate signing protocol  and still effective in the context of a secure connection  You just need to be sure the password never goes over plain text  so if the password is ever received over a plain text connection  you might even disable the password and mail the developer  You should also ensure the credentials aren t logged anywhere upon receipt  just as you wouldn t log a regular password   HTTP Digest is a safer approach as it prevents the secret token being passed along  instead  it s a hash the server can verify on the other end  Though it may be overkill for less sensitive applications if you ve taken the precautions mentioned above  After all  the user s password is already transmitted in plain-text when they log in  unless you re doing some fancy JavaScript encryption in the browser   and likewise their cookies on each request   Note that with APIs  it s better for the client to be passing tokens - randomly generated strings - instead of the password the developer logs into the website with  So the developer should be able to log into your site and generate new tokens that can be used for API verification   The main reason to use a token is that it can be replaced if it s compromised  whereas if the password is compromised  the owner could log into the developer s account and do anything they want with it  A further advantage of tokens is you can issue multiple tokens to the same developers  Perhaps because they have multiple apps or because they want tokens with different access levels    Updated to cover implications of making the connection SSL-only

User · Answer

REST means working with the standards of the web  and the standard for  secure  transfer on the web is SSL  Anything else is going to be kind of funky and require extra deployment effort for clients  which will have to have encryption libraries available   Once you commit to SSL  there s really nothing fancy required for authentication in principle  You can again go with web standards and use HTTP Basic auth  username and secret token sent along with each request  as it s much simpler than an elaborate signing protocol  and still effective in the context of a secure connection  You just need to be sure the password never goes over plain text  so if the password is ever received over a plain text connection  you might even disable the password and mail the developer  You should also ensure the credentials aren t logged anywhere upon receipt  just as you wouldn t log a regular password   HTTP Digest is a safer approach as it prevents the secret token being passed along  instead  it s a hash the server can verify on the other end  Though it may be overkill for less sensitive applications if you ve taken the precautions mentioned above  After all  the user s password is already transmitted in plain-text when they log in  unless you re doing some fancy JavaScript encryption in the browser   and likewise their cookies on each request   Note that with APIs  it s better for the client to be passing tokens - randomly generated strings - instead of the password the developer logs into the website with  So the developer should be able to log into your site and generate new tokens that can be used for API verification   The main reason to use a token is that it can be replaced if it s compromised  whereas if the password is compromised  the owner could log into the developer s account and do anything they want with it  A further advantage of tokens is you can issue multiple tokens to the same developers  Perhaps because they have multiple apps or because they want tokens with different access levels    Updated to cover implications of making the connection SSL-only

User · Answer

In fact  the original S3 auth does allow for the content to be signed  albeit with a weak MD5 signature     You can simply enforce their optional practice of including a Content-MD5 header in the HMAC  string to be signed    http   s3 amazonaws com doc s3-developer-guide RESTAuthentication html  Their new v4 authentication scheme is more secure   http   docs aws amazon com general latest gr signature-version-4 html

User · Answer

Remember that your suggestions makes it difficult for clients to communicate with the server  They need to understand your innovative solution and encrypt the data accordingly  this model is not so good for public API  unless you are amazon yahoo google       Anyways  if you must encrypt the body content I would suggest you to check out existing standards and solutions like   XML encryption  W3C standard   XML Security

User · Answer

REST means working with the standards of the web  and the standard for  secure  transfer on the web is SSL  Anything else is going to be kind of funky and require extra deployment effort for clients  which will have to have encryption libraries available   Once you commit to SSL  there s really nothing fancy required for authentication in principle  You can again go with web standards and use HTTP Basic auth  username and secret token sent along with each request  as it s much simpler than an elaborate signing protocol  and still effective in the context of a secure connection  You just need to be sure the password never goes over plain text  so if the password is ever received over a plain text connection  you might even disable the password and mail the developer  You should also ensure the credentials aren t logged anywhere upon receipt  just as you wouldn t log a regular password   HTTP Digest is a safer approach as it prevents the secret token being passed along  instead  it s a hash the server can verify on the other end  Though it may be overkill for less sensitive applications if you ve taken the precautions mentioned above  After all  the user s password is already transmitted in plain-text when they log in  unless you re doing some fancy JavaScript encryption in the browser   and likewise their cookies on each request   Note that with APIs  it s better for the client to be passing tokens - randomly generated strings - instead of the password the developer logs into the website with  So the developer should be able to log into your site and generate new tokens that can be used for API verification   The main reason to use a token is that it can be replaced if it s compromised  whereas if the password is compromised  the owner could log into the developer s account and do anything they want with it  A further advantage of tokens is you can issue multiple tokens to the same developers  Perhaps because they have multiple apps or because they want tokens with different access levels    Updated to cover implications of making the connection SSL-only

User · Answer

Or you could use the known solution to this problem and use SSL  Self-signed certs are free and its a personal project right

User · Answer

Remember that your suggestions makes it difficult for clients to communicate with the server  They need to understand your innovative solution and encrypt the data accordingly  this model is not so good for public API  unless you are amazon yahoo google       Anyways  if you must encrypt the body content I would suggest you to check out existing standards and solutions like   XML encryption  W3C standard   XML Security

User · Answer

If you require the hash of the body as one of the parameters in the URL and that URL is signed via a private key  then a man-in-the-middle attack would only be able to replace the body with content that would generate the same hash   Easy to do with MD5 hash values now at least and when SHA-1 is broken  well  you get the picture   To secure the body from tampering  you would need to require a signature of the body  which a man-in-the-middle attack would be less likely to be able to break since they wouldn t know the private key that generates the signature

User · Answer

Remember that your suggestions makes it difficult for clients to communicate with the server  They need to understand your innovative solution and encrypt the data accordingly  this model is not so good for public API  unless you are amazon yahoo google       Anyways  if you must encrypt the body content I would suggest you to check out existing standards and solutions like   XML encryption  W3C standard   XML Security

User · Answer

If you require the hash of the body as one of the parameters in the URL and that URL is signed via a private key  then a man-in-the-middle attack would only be able to replace the body with content that would generate the same hash   Easy to do with MD5 hash values now at least and when SHA-1 is broken  well  you get the picture   To secure the body from tampering  you would need to require a signature of the body  which a man-in-the-middle attack would be less likely to be able to break since they wouldn t know the private key that generates the signature

User · Answer

Or you could use the known solution to this problem and use SSL  Self-signed certs are free and its a personal project right

User · Answer

If you require the hash of the body as one of the parameters in the URL and that URL is signed via a private key  then a man-in-the-middle attack would only be able to replace the body with content that would generate the same hash   Easy to do with MD5 hash values now at least and when SHA-1 is broken  well  you get the picture   To secure the body from tampering  you would need to require a signature of the body  which a man-in-the-middle attack would be less likely to be able to break since they wouldn t know the private key that generates the signature

User · Answer

If you require the hash of the body as one of the parameters in the URL and that URL is signed via a private key  then a man-in-the-middle attack would only be able to replace the body with content that would generate the same hash   Easy to do with MD5 hash values now at least and when SHA-1 is broken  well  you get the picture   To secure the body from tampering  you would need to require a signature of the body  which a man-in-the-middle attack would be less likely to be able to break since they wouldn t know the private key that generates the signature

User · Answer

Remember that your suggestions makes it difficult for clients to communicate with the server  They need to understand your innovative solution and encrypt the data accordingly  this model is not so good for public API  unless you are amazon yahoo google       Anyways  if you must encrypt the body content I would suggest you to check out existing standards and solutions like   XML encryption  W3C standard   XML Security

[rest] Security of REST authentication schemes

Examples related to rest

Examples related to authentication

Examples related to oauth

Examples related to amazon-s3

Examples related to rest-security