IETF Logo Mail Archive

Re: [Anima] verification of manufacturer in BRSKI

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 19 February 2018 03:11 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEA511270A3 for <anima@ietfa.amsl.com>; Sun, 18 Feb 2018 19:11:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z0CxL2sULXJP for <anima@ietfa.amsl.com>; Sun, 18 Feb 2018 19:11:53 -0800 (PST)
Received: from mail-pl0-x234.google.com (mail-pl0-x234.google.com [IPv6:2607:f8b0:400e:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3175126CB6 for <anima@ietf.org>; Sun, 18 Feb 2018 19:11:53 -0800 (PST)
Received: by mail-pl0-x234.google.com with SMTP id f4so4941477plr.10 for <anima@ietf.org>; Sun, 18 Feb 2018 19:11:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=TS/TGKKNUeQPMSAlH2W+wn2W4Jn0RYcOqHrPgvpkinI=; b=MDw2OHgNgS4m4dnMfE/5OTXfuTlA5aVyUhdTrQbB006yh43yRvvkSEVJPdXDCqe8Ce uWERhgcFVy98IN4HwvQfv29bql3jundkQCMawobaBw2pNm+tYJg8WY5KflON46pMuwJx xepge3Ligr2IyhNyvDzBWx0crNz06GtUJ+jvxf4E8OjkE8JMs+9dxqU8XHlfnMJX5wb4 3heQKDXlLaja+30xeTnayUfmaCZ7rXUYy2yVWW5IHO5nKJzYvG6pESd7qzY6bglSguD9 qDcgKV48hq7MoKCiuDi/5UA1MmKIgeriORKaI8J2G5H2HSePvCwbeVHDF3EyxrZm3vbx FLgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=TS/TGKKNUeQPMSAlH2W+wn2W4Jn0RYcOqHrPgvpkinI=; b=Tbk7ETRpbBIq3hA+ndOwk/+AO5GRZDxQQk/E6KurKTJ9QK0CmH3zm5ggoDG0A3wD6s bJJEPgKzU6MXa3TtwPgJQca89bB5BDkFFuQIKsTPlfemViZF7qIdHVX4du7Y5+TTpJeA OF0sCQNVF86VHzl1lBp5fBUgB+l6qAGFkHbDqhqYCnXggLTYTtvbRdAR0IUKAR6Lqm4f /HP3Fb//qfGsOlXmajmEUMFGs/IKcJH+r7u8P1ItbhpW2brZAjNgAEK6QJ9FhPPfiP4z Kxz+/AF6ZYUlXS/V1aYkOagn6outb4j1x7iD7fZ7uog1fLLJIgjGuX2u9EazypGC19Cg sQOg==
X-Gm-Message-State: APf1xPAinBCHwa8T8slOQ1uLdfLxmat3xE/WOwSG/DUb2VD58if1pUy8 cfpKG7OyMsEljxlDO657RB38jWES
X-Google-Smtp-Source: AH8x225ggh7OfWz+vpLjYptStIF0wK8RQg9s5TfKBkwgxjhQlUe1ARKmwRvHCxCHniiuNImJwnwnfA==
X-Received: by 2002:a17:902:347:: with SMTP id 65-v6mr12843822pld.0.1519009913204; Sun, 18 Feb 2018 19:11:53 -0800 (PST)
Received: from ?IPv6:2406:e007:7f8b:1:28cc:dc4c:9703:6781? ([2406:e007:7f8b:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id 64sm25076202pgj.39.2018.02.18.19.11.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 18 Feb 2018 19:11:52 -0800 (PST)
Sender: Brian Carpenter <becarpenter46@gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, anima@ietf.org
Cc: Anoop Kumar Pandey <anoop@cdac.in>
References: <003101d3a570$32e4c510$98ae4f30$@cdac.in> <22127.1519000017@obiwan.sandelman.ca>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <cc706b20-6e3f-e4da-4dd1-a1076c708a70@gmail.com>
Date: Mon, 19 Feb 2018 16:11:49 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <22127.1519000017@obiwan.sandelman.ca>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/anima/C6yJSbVRfLqFgzXXAuLhVe-BxG0>
Subject: Re: [Anima] verification of manufacturer in BRSKI
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Feb 2018 03:11:56 -0000

On 19/02/2018 13:26, Michael Richardson wrote:
> 
> {sorry if this is a duplicate, my draft folder says it did not go out}
> 
> Anoop Kumar Pandey <anoop@cdac.in> wrote directly to the draft authors list,
> and then gave me permission to share this on the list:
>     Anoop> This is in context to the RFC detailing process of enrolling a pledge to a
>     Anoop> domain. The major problem with the procedure is that the registrar doesn’t
>     Anoop> verify the manufacturer. It simply verifies the voucher and enrols the
>     Anoop> pledge. If pledge send a self-defined URL of manufacturer where provision for
>     Anoop> issuing fake vouchers is in place, then the registrar can be fooled into
>     Anoop> enrolment [assuming the registrar can’t know all the manufacturers
>     Anoop> exhaustively] and later exploited from inside the domain. Additionally pledge
>     Anoop> and a random manufacturer can also collaborate to do the same.
> 
> You raise a number of issues.
> 
> So let me name them so that we can discuss them easier, and make sure that I
> understand you correctly.
> Probably, we need to add some text to the Security Considerations, and I
> would welcome your help in crafting that text!
> 
>     Anoop> In the similar way a registrar may collaborate with the manufacturer to lure
>     Anoop> a device using fake voucher.
> 
>     Anoop> How can these problems be tackled?
> 
> I agree that the Pledge may point at any Manufacturer (in the form of a MASA)
> that it wishes to.   The following identities exist:
> 
> 1) The Pledge's Identity (PI) in the form an IDevID certificate.
>    (It signs the voucher request to the JRC, and the Client side of the TLS
>    connection from Pledge to JRC)
> 2) The Manufacturer's Identity (MI) which signs the IDevID certificate.
> 3) The MASA Identity (MASA) which signs the voucher.
> 4) The Join Registrar (JRC) which signs the voucher request to the MASA.
>    It also signs the Server side of the TLS connection from Pledge to JRC.
> 5) The Domain PKI Certificate Authority, which signs the LDevID.
> 
> (The MI might be the same as the MASA, but in general the MASA
> may be outsourced.  The Pledge SHOULD have a trusted anchor for both,
> but it can be designed where it has a manufacturer CA which signs both MASA
> and MI certificate)
> 
> Each of these in essence represent a private key!
> I'd like start by ruling out of bounds for this discussion any scenario where
> the attack requires that the private key be leaked, shared or used
> incorrectly.  It's not that they can't happen, but rather that it is a
> problem of TPMs, etc. and not protocol design.
> 
> The Pledge trusts network part works by:
> a) MASA signs VOUCHER.
> b) VOUCHER lists JRC in pinned-domain-cert.
> c) Pledge uses MASA to validate VOUCHER, and therefore validates JRC.
> d) JRC can also audit (verify signatures even) the voucher really comes
>    from MASA, although unless there is a common CA, it may not be able to
>    prove MASA and MI are same entity.
> 
> The JRC trusts Pledge part works by:
> e) MI signs IDevID.
> f) Pledge uses IDevID to identify to JRC.
> g) JRC validates IDevID using MI certificate.
> 
> Now, to translate what you said:
> 
> problem 1.
>     Anoop> The major problem with the procedure is that the registrar doesn’t
>     Anoop> verify the manufacturer.
> 
> To translate, the JRC has no obvious way to verify that the "MI" key belongs
>               to the manufacturer that they care about.
> 
> You actually hit the major reason this is not a problem when you assume:
>    > assuming the registrar can’t know all the manufacturers exhaustively
> 
> We assume that in a managed network that the JRC *can* know all the
> legitimate manufacturers.  The keys can come from sales channel integration
> (via digital "packing slips" perhaps), can be manually loaded by humans, be
> scanned from QR codes on the box, etc.  We believe that this is out of scope.

Yes, but please ensure that the draft states this assumption and states
that how it is achieved is out of scope.

Also note the air-gap case described in section 6.3 bullet 3. That's listed
as a security reduction, but if your threat model considers rogue MASAs
to be a real risk, pre-loading vouchers and then totally disconnecting from
the Internet might even be considered a security improvement.

  Brian
 
> And if the JRC does see a MI that it does not know, then it can ask a human.
> That's one reason we made sure that failures to enroll do not cause the
> Pledge to never try again with that JRC.  It needs to try again later,
> because maybe nobody has answered the "Yes/No" Dialog on the management
> station yet.
> 
> And of course there is the WebPKI.  We aren't saying that MI keys
> (or MASA server TLS keys) MUST be in the WebPKI, but we aren't saying that
> they can't be.  That's not a panacea... between ComodoGate type situations
> and certificates for "C1SC0" in a hard to distinguish font, many social
> engineering attacks could get that "Yes" button pressed.
> 
> 
> problem 2.
>     Anoop> If pledge send a self-defined URL of manufacturer where provision for
>     Anoop> issuing fake vouchers is in place, then the registrar can be fooled into
>     Anoop> enrolment [assuming the registrar can’t know all the manufacturers
>     Anoop> exhaustively] and later exploited from inside the domain.
> 
> The URL of the manufacturer is embedded in the IDevID certificate (section
> 2.3 defines the extension).  So the Pledge can't create this lie itself, it
> requires collaboration with the MI to create an IDevID.  Such an MI can
> point to any MASA it wishes, so long as that device can issue vouchers that
> the Pledge can validate.
> 
> What this means is that JRC always knows the MI that created the Pledge.
> If we can solve problem 1, then it's done.
> 
> problem 3.
>     Anoop> Additionally pledge
>     Anoop> and a random manufacturer can also collaborate to do the same.
> 
> I don't see how this is the case.  The pledge can only collaborate with
> the manufacturer whose IDevID it has.
> 
> problem 4.
>     Anoop> In the similar way a registrar may collaborate with the manufacturer to lure
>     Anoop> a device using fake voucher.
> 
> The Pledge will only trust a voucher signed by MASA.
> Any signature from a different entity will be rejected by the Pledge.
> So a fake voucher is not possible.
> Any voucher created by the real MASA is, by definition, not a fake voucher.
> Can you explain this scenario clearer?
> Or explain what text we need to change to clear up the mis-understanding?
> 
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
> 
> 
> 
> 
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
>

v2.23.0 | Report a Bug | By Email