IETF Logo Mail Archive

Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signing question

Orie Steele <orie@transmute.industries> Mon, 18 March 2024 01:26 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85073C14F5F3 for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 18:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpIaCW1042Xk for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 18:26:43 -0700 (PDT)
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F232C14F604 for <Cfrg@irtf.org>; Sun, 17 Mar 2024 18:26:43 -0700 (PDT)
Received: by mail-pg1-x52e.google.com with SMTP id 41be03b00d2f7-5d4a1e66750so2334761a12.0 for <Cfrg@irtf.org>; Sun, 17 Mar 2024 18:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1710725202; x=1711330002; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=clP6XSGdWzbDjF7tcPfS62KXQuG25ObnYefvfHvsPIA=; b=jeXJGVsG3KTLUy8M0V6j5qM8RzUg8ysVMO08qh1S1SgZh+MZzFo4ZNLSArRGbnJ0OM OyGOaWCNmsZRs4qTY42BNxI96DENaRLaYLOIZ55QdcTrI+UMUnKBndXVP5idxotU2wV5 CnLeiok+RG2bLSPuOv8exJD323I7BTTByEB9fhsUj2bU7Ai/nzOo8D7VJb2HC3eT5pLI uhWsF7fMkYB9/JzmlzGVb7pCGJjHRKEPdbOikouc8rMm7CpR3vf+atK3UvmEe1iUbRDR n5h+PpfsQvTk+uspo5UkIPXF3YuLM45Ly0F8T//5wxoGK564t7ZffrPDSnJly03mKVKQ I/gQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710725202; x=1711330002; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=clP6XSGdWzbDjF7tcPfS62KXQuG25ObnYefvfHvsPIA=; b=YShDhoD6mNg1awnDHg57M0+kKEP+9FbreYju6i0tL3DkCTvSeyl5zrW3qN872ZBqyk DcbZAM+hjIqcrronC21z8O7HSy2MCJ+0sbdQ6/LKrdcNNfZi2LRu5MvZWGGBUNc7JpY/ PZz1hE+Ku6jBKRmzRrekeKUgJsUFSkI9GFfx1bVlwt1zSb95RBGSTaYNnJTn/V5L33m6 3/88uVYDLc86efHHP1egTVkIkxjsWTfeIRwjIwT3bAtnJAf5ipZde6tuNeAGWgYiiibl a+B1B9Pn3V59ksKClKc5Y6Xv/qOiN4Pusq/DLUmBqb9YnilghWoo/CAI9pRJXj+uK4n1 v3RQ==
X-Forwarded-Encrypted: i=1; AJvYcCX3r7UwMgkcqriVwK5ZIkRo3GgEOGXxge6esmYy13VeuRX1yA0nL8SJSY6uzVVBIqWQxv0Stdu9vJW86huf
X-Gm-Message-State: AOJu0Yyc4XbE+Zu/d164j0OcNTwAeHZzHgb/omR5MVh4p0Kq4NPb27mO cKejnTgQhbcHuwMRnWYJIImLKsK+FbeBf+WmLKFNuZttKKVMIzR4oQbF9JY6SgbEuXglhSyJJGb v2lVEUrSkSTZgU4yl7P1Y5AKEPuZuYSRJysQDAw==
X-Google-Smtp-Source: AGHT+IE/diaWoGS94f64G5VUeC5tqrA1D8yblEuv4nOUSHvwr8Q5so+hXkCHgCb9J2zRsJZcXhmdK6G4VEEhX3BfiXI=
X-Received: by 2002:a05:6a21:a5a0:b0:1a1:87df:beff with SMTP id gd32-20020a056a21a5a000b001a187dfbeffmr10612132pzc.4.1710725202548; Sun, 17 Mar 2024 18:26:42 -0700 (PDT)
MIME-Version: 1.0
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie> <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com> <6e71bda8-9fab-473e-98e7-6ed559793ced@cs.tcd.ie> <E85D9536-7FC4-4DA8-8279-360F7B5766A2@ll.mit.edu>
In-Reply-To: <E85D9536-7FC4-4DA8-8279-360F7B5766A2@ll.mit.edu>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 18 Mar 2024 11:26:30 +1000
Message-ID: <CAN8C-_Kigt-_e213feVzL5VWguL2HzpmwyLe9eEvXLSj9Nz8Yg@mail.gmail.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mike Ounsworth <Mike.Ounsworth@entrust.com>, "cfrg@irtf.org" <Cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000001b5930613e54061"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/EYQpdc7cCQK8cSXX1jTAU-0E_q0>
Subject: Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 01:26:47 -0000

I suspect that if CNSA 2.0 had not recommended dilithium (iirc), we
wouldn't be discussing hybrid signatures at all.

If you don't trust ML-DSA, use SLH-DSA, no need to burn in hybrids.

That's been my takeaway.

OS

On Mon, Mar 18, 2024, 8:45 AM Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu>
wrote:

> Look at it this way: you want your firmware updates to remain secure after
> CRQC appears.
>
> If your trust anchor can be re-written - then as soon as I can lay my
> hands on a CRQC, I crack your Classic signing key, create and sign my
> malicious firmware with your key and add my new malicious trust anchors to
> replace yours, and push my update to as many of your devices as I can.
>
> If your trust anchors can't be re-written - i.e., burnt in ROM or such -
> then I'll do all of the above except replacing your trust anchors.
>
> Thus, it seems that the only way to defend against the above kind of
> attack is to load PQ trust anchors now.
> --
> V/R,
> Uri
>
> There are two ways to design a system. One is to make it so simple there
> are obviously no deficiencies.
> The other is to make it so complex there are no obvious deficiencies.
> - C. A. R. Hoare
>
>
>
>
> On 3/17/24, 17:52, "CFRG on behalf of Stephen Farrell" <
> cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org> on behalf of
> stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote:
>
>
>
>
>
>
> On 17/03/2024 21:45, Mike Ounsworth wrote:
> > Stephen.
> >
> > Short answer: firmware verification keys burned into ROM or some
> > other immutable trust store which is itself outside the memory space
> > of the firmware that you can update.
>
>
> Yep, that's the kind of answer I expected, but some details as
> to what and why was more what I was after. You can't of course
> update the ROM unless it's an EPROM or similar but it's not clear
> (to me:-) that the code that causes that key/alg to be used to
> verify new sigs can't be updated.
>
>
> Cheers,
> S.
>
>
> >
> > I am not myself a hardware manufacturer, but I have been lead to
> > believe that this is common practice.
> >
> > - Mike Ounsworth ________________________________ From: CFRG
> > <cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org>> on behalf of
> Stephen Farrell
> > <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> Sent:
> Monday, March 18, 2024 7:41:33 AM
> > To: cfrg@irtf.org <mailto:cfrg@irtf.org> <Cfrg@irtf.org <mailto:
> Cfrg@irtf.org>> Subject: [EXTERNAL] [CFRG] pq
> > firmware signing question
> >
> >
> > Hiya,
> >
> > A number of people have asserted that firmware signing implies
> > distributing a public value now, (or soon) on which they may still
> > have to rely after a CRQC might exist. The implication being that we
> > should start to do this kind of thing now, based on some composite
> > sig-alg, verification of which is assumed to be implemented below the
> > crypto APIs used by relevant applications.
> >
> > I'd like to try tease bits of that apart to better understand what's
> > required.
> >
> > ISTM that firmware signing entirely does allow one to update the
> > signature keys/algs needed for the next signed firmware update and
> > that there is no need, given ongoing updates, to continue to depend
> > on the original key/alg for the public value with which a device was
> > shipped. IOW, update N can update anything, including the sig alg
> > required for update N+1.
> >
> > I don't understand what class of device might be able to load new
> > firmware but not change the verification alg for sigs on subsequent
> > updates. If there are such devices, can someone describe 'em?
> >
> > There does seem to be an exception - a factory-reset of a device
> > would imply returning to depending on the original public value and
> > alg. However, a factory reset also seems to imply that a human can
> > "touch"/control a specific device at a specific point in time so is
> > not an unattended upgrade. And if someone can touch the device, then
> > in many cases it'd be cheaper to replace the whole thing than do a
> > factory reset in the field.
> >
> > And then there's the issue of the specific signing key - it's hard to
> > imagine a system where that can be changed but the verification alg
> > cannot. Are there such systems?
> >
> > All in all, it seems like a lot of firmware signing deployments
> > should be able to allow for the evolution of verification algs, and
> > the set of devices where we now (or soon) need to embed a
> > forever-fixed alg and key for sig verification has to be very small.
> >
> > What am I getting wrong there?
> >
> > Ta, S.
> >
> > Any email and files/attachments transmitted with it are intended
> > solely for the use of the individual or entity to whom they are
> > addressed. If this message has been sent to you in error, you must
> > not copy, distribute or disclose of the information it contains.
> > Please notify Entrust immediately and delete the message from your
> > system.
> >
>
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://mailman.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email