Menu
I am currently working on a client-server architecture where all communication between the client and server is conducted using JWS tokens.
When the receiver receives the token, it retrieves the public key URL from the token itself and validates the signature. I am confused about this process. How can we ensure that the public key belongs to the actual sender? It is possible that instead of tampering with the actual token, the entire token was replaced with another valid one.
Let's assume a scenario where a man-in-the-middle attack occurs, and the attacker creates a new JWS token with their own key pair, then replaces the actual token with their own. In this case, receiver will fetch the public key from the token and successfully validate the signatures (as the token is still valid JWS but creator is different).
If the above statement holds true, then how can we consider JWS tamper-evident? If someone can tamper with the token, they can also replace the token entirely. And if the token can be replaced, then the overall purpose of JWS is defeated.
I believe I may be missing something important and not using JWS correctly. Please help.
271
I'm glad to see you're thinking through your current setup and asking questions like this! You've got to try to poke holes in your security setup to see if it starts a leak.
But, the purpose of a JWS is not defeated in the scenario you described. Allow me to explain.
Validating the signature in your scenario just means that the malicious agent's token hasn't been tampered with.
The reason why your scenario is not secure is because the JWS is not from the right source, not that it has been tampered with. It's from the malicious agent. The signature in a JWS is not to provide assurance as to the source of that JWS.
To rectify this, the public key should come from a known trusted source. Not from within the token itself. That's where the flaw in your scenario is. Not with the signature.
You're mixing different security problems.
Your intuition is correct in that the situation you described leads to an unsecure situation, but you are NOT correct in that validating the signature doesn't ensure the token hasn't been tampered with.
Even if a malicious agent swapped the token in a man-in-the-middle attack scenario, using the public key from the url specified within that token still does validate that that token hasn't been tampered with.
The malicious agent can create a JWS with a private key that it owns, and provide the public key from the key pair that would validate that the malicious agent's token. Using that public key to validate the signature only ensures that token hasn't been tampered with.
So, no the purpose of the signature and JWS is not defeated. You're just asking it to do more than its intended purpose, i.e., that it hasn't been tampered with AND it came from the right source.
111
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
