BrowserAuth.net

Toward Stronger Authentication for the Web

This site is dedicated to documenting proposals for stronger web authentication mechanisms. Underlying all the proposals is the idea that asymmetric-key cryptography should replace bearer tokens as the main mechanism for authentication on the web.

What are Bearer Tokens?

A bearer token is a secret that is sent from the client to the server in order to authenticate the client. The token itself asserts the identity of the client independent of the context. Examples of bearer tokens are HTTP cookies and account passwords. Both are sent directly from the client (the browser) to the server. As a consequence, whoever manages to intercept or steal a bearer token will be able to impersonate legitimate clients. For example, stolen or phished passwords can be used to impersonate legitimate users. Stolen cookies can be used to impersonate legitimate browsing sessions.

How does Asymmetric Crypto Help?

Assume that the client has a secret (aka private key) that is known to none but the client. Instead of sending that private key to the server, the client uses the private key to compute a response to the server's challenge. Assume further that there is a corresponding public key that can be used to verify the response that the client calculated. If the server knows this public key, and uses it to verify the client's response, it can authenticate the client without the need for transmitting secrets. This is the basic idea of public-key (or asymmetric) cryptography.

The reason this makes a difference is that the response can be computed on the client side somewhere where malware can't get to the secret, for example in a Trusted Platform Module (TPM). The secret never has to leave the dedicated hardware, thus making it harder for malware to steal the secret and gain persistent, remote ability to impersonate the client.

Overview

Asymmetric key-based authentication consists of multiple layers, which are each described in their own section on this site:

Token Binding provides strong client authentication.
Channel-Bound Cookies provide strongly-authenticated HTTP sessions.
Proof-Key Federation Protocols extend strongly-authenticated HTTP sessions with Identity Providers to strongly-authenticated HTTP sessions with Relying Parties
Strong User Authentication bootstraps the complete stack of layers.

Traditionally, TLS Client Authentication was considered the solution for asymmetric crypto-based authentication on the web. As background and motivation, we explain why TLS Client Authentication has failed as a client authentication mechanism.