securityssloauthlti

Is verifying the nonce necessary when OAuth request is done over ssl?


My application implements LTI which receives signed requests with OAuth HMAC-SHA1. They look like:

oauth_version:1.0
oauth_nonce:0aaa53c5d8518ahh56203f5eac773023
oauth_timestamp:1497069755
oauth_consumer_key:foo-test
oauth_callback:about:blank
user_id:99
lti_version:LTI-1p0
lti_message_type:basic-lti-launch-request
oauth_signature_method:HMAC-SHA1
oauth_signature:qe5puCiqcU7UjIe/0NZ0oy4M/8c=

The request can ONLY happen over SSL (we implement no other connection options). So I'm trying to determine if there is any purpose in verifying the oauth_nonce. I believe that the purpose of the nonce is entirely to prevent replay attacks which is already a feature of SSL.

Storing the nonce values will cost money and waste time for each user so I only want to do it if it has some value.

Is there value in storing nonces and rejecting any duplicate requests when the request is made over SSL?


Solution

  • Yes and no,

    The SSL/TLS channel itself is protected against replay attacks using the MAC, computed using the MAC secret and the sequence number. (The MAC mechanism is what ensures the TLS communication integrity). See TLS 1.1 specification Appendix F.2

    However, this protecting is only against a third party eavesdropper from seeing that application request, and thus from replaying it with their own separate SSL/TLS connection.

    However, SSL/TLS on its own doesn't necessarily prevent the legitimate initial user from replaying a request. Protocols and applications that require this additional level of protection tend to have nonce-based mechanisms (as the LTI OAuth signature does) at the application level to address this problem.