Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signing question
Orie Steele <orie@transmute.industries> Mon, 18 March 2024 01:26 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85073C14F5F3 for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 18:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpIaCW1042Xk for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 18:26:43 -0700 (PDT)
Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F232C14F604 for <Cfrg@irtf.org>; Sun, 17 Mar 2024 18:26:43 -0700 (PDT)
Received: by mail-pg1-x52e.google.com with SMTP id 41be03b00d2f7-5d4a1e66750so2334761a12.0 for <Cfrg@irtf.org>; Sun, 17 Mar 2024 18:26:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1710725202; x=1711330002; darn=irtf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=clP6XSGdWzbDjF7tcPfS62KXQuG25ObnYefvfHvsPIA=; b=jeXJGVsG3KTLUy8M0V6j5qM8RzUg8ysVMO08qh1S1SgZh+MZzFo4ZNLSArRGbnJ0OM OyGOaWCNmsZRs4qTY42BNxI96DENaRLaYLOIZ55QdcTrI+UMUnKBndXVP5idxotU2wV5 CnLeiok+RG2bLSPuOv8exJD323I7BTTByEB9fhsUj2bU7Ai/nzOo8D7VJb2HC3eT5pLI uhWsF7fMkYB9/JzmlzGVb7pCGJjHRKEPdbOikouc8rMm7CpR3vf+atK3UvmEe1iUbRDR n5h+PpfsQvTk+uspo5UkIPXF3YuLM45Ly0F8T//5wxoGK564t7ZffrPDSnJly03mKVKQ I/gQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710725202; x=1711330002; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=clP6XSGdWzbDjF7tcPfS62KXQuG25ObnYefvfHvsPIA=; b=YShDhoD6mNg1awnDHg57M0+kKEP+9FbreYju6i0tL3DkCTvSeyl5zrW3qN872ZBqyk DcbZAM+hjIqcrronC21z8O7HSy2MCJ+0sbdQ6/LKrdcNNfZi2LRu5MvZWGGBUNc7JpY/ PZz1hE+Ku6jBKRmzRrekeKUgJsUFSkI9GFfx1bVlwt1zSb95RBGSTaYNnJTn/V5L33m6 3/88uVYDLc86efHHP1egTVkIkxjsWTfeIRwjIwT3bAtnJAf5ipZde6tuNeAGWgYiiibl a+B1B9Pn3V59ksKClKc5Y6Xv/qOiN4Pusq/DLUmBqb9YnilghWoo/CAI9pRJXj+uK4n1 v3RQ==
X-Forwarded-Encrypted: i=1; AJvYcCX3r7UwMgkcqriVwK5ZIkRo3GgEOGXxge6esmYy13VeuRX1yA0nL8SJSY6uzVVBIqWQxv0Stdu9vJW86huf
X-Gm-Message-State: AOJu0Yyc4XbE+Zu/d164j0OcNTwAeHZzHgb/omR5MVh4p0Kq4NPb27mO cKejnTgQhbcHuwMRnWYJIImLKsK+FbeBf+WmLKFNuZttKKVMIzR4oQbF9JY6SgbEuXglhSyJJGb v2lVEUrSkSTZgU4yl7P1Y5AKEPuZuYSRJysQDAw==
X-Google-Smtp-Source: AGHT+IE/diaWoGS94f64G5VUeC5tqrA1D8yblEuv4nOUSHvwr8Q5so+hXkCHgCb9J2zRsJZcXhmdK6G4VEEhX3BfiXI=
X-Received: by 2002:a05:6a21:a5a0:b0:1a1:87df:beff with SMTP id gd32-20020a056a21a5a000b001a187dfbeffmr10612132pzc.4.1710725202548; Sun, 17 Mar 2024 18:26:42 -0700 (PDT)
MIME-Version: 1.0
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie> <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com> <6e71bda8-9fab-473e-98e7-6ed559793ced@cs.tcd.ie> <E85D9536-7FC4-4DA8-8279-360F7B5766A2@ll.mit.edu>
In-Reply-To: <E85D9536-7FC4-4DA8-8279-360F7B5766A2@ll.mit.edu>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 18 Mar 2024 11:26:30 +1000
Message-ID: <CAN8C-_Kigt-_e213feVzL5VWguL2HzpmwyLe9eEvXLSj9Nz8Yg@mail.gmail.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mike Ounsworth <Mike.Ounsworth@entrust.com>, "cfrg@irtf.org" <Cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000001b5930613e54061"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/EYQpdc7cCQK8cSXX1jTAU-0E_q0>
Subject: Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2024 01:26:47 -0000
I suspect that if CNSA 2.0 had not recommended dilithium (iirc), we wouldn't be discussing hybrid signatures at all. If you don't trust ML-DSA, use SLH-DSA, no need to burn in hybrids. That's been my takeaway. OS On Mon, Mar 18, 2024, 8:45 AM Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote: > Look at it this way: you want your firmware updates to remain secure after > CRQC appears. > > If your trust anchor can be re-written - then as soon as I can lay my > hands on a CRQC, I crack your Classic signing key, create and sign my > malicious firmware with your key and add my new malicious trust anchors to > replace yours, and push my update to as many of your devices as I can. > > If your trust anchors can't be re-written - i.e., burnt in ROM or such - > then I'll do all of the above except replacing your trust anchors. > > Thus, it seems that the only way to defend against the above kind of > attack is to load PQ trust anchors now. > -- > V/R, > Uri > > There are two ways to design a system. One is to make it so simple there > are obviously no deficiencies. > The other is to make it so complex there are no obvious deficiencies. > - C. A. R. Hoare > > > > > On 3/17/24, 17:52, "CFRG on behalf of Stephen Farrell" < > cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org> on behalf of > stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote: > > > > > > > On 17/03/2024 21:45, Mike Ounsworth wrote: > > Stephen. > > > > Short answer: firmware verification keys burned into ROM or some > > other immutable trust store which is itself outside the memory space > > of the firmware that you can update. > > > Yep, that's the kind of answer I expected, but some details as > to what and why was more what I was after. You can't of course > update the ROM unless it's an EPROM or similar but it's not clear > (to me:-) that the code that causes that key/alg to be used to > verify new sigs can't be updated. > > > Cheers, > S. > > > > > > I am not myself a hardware manufacturer, but I have been lead to > > believe that this is common practice. > > > > - Mike Ounsworth ________________________________ From: CFRG > > <cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org>> on behalf of > Stephen Farrell > > <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> Sent: > Monday, March 18, 2024 7:41:33 AM > > To: cfrg@irtf.org <mailto:cfrg@irtf.org> <Cfrg@irtf.org <mailto: > Cfrg@irtf.org>> Subject: [EXTERNAL] [CFRG] pq > > firmware signing question > > > > > > Hiya, > > > > A number of people have asserted that firmware signing implies > > distributing a public value now, (or soon) on which they may still > > have to rely after a CRQC might exist. The implication being that we > > should start to do this kind of thing now, based on some composite > > sig-alg, verification of which is assumed to be implemented below the > > crypto APIs used by relevant applications. > > > > I'd like to try tease bits of that apart to better understand what's > > required. > > > > ISTM that firmware signing entirely does allow one to update the > > signature keys/algs needed for the next signed firmware update and > > that there is no need, given ongoing updates, to continue to depend > > on the original key/alg for the public value with which a device was > > shipped. IOW, update N can update anything, including the sig alg > > required for update N+1. > > > > I don't understand what class of device might be able to load new > > firmware but not change the verification alg for sigs on subsequent > > updates. If there are such devices, can someone describe 'em? > > > > There does seem to be an exception - a factory-reset of a device > > would imply returning to depending on the original public value and > > alg. However, a factory reset also seems to imply that a human can > > "touch"/control a specific device at a specific point in time so is > > not an unattended upgrade. And if someone can touch the device, then > > in many cases it'd be cheaper to replace the whole thing than do a > > factory reset in the field. > > > > And then there's the issue of the specific signing key - it's hard to > > imagine a system where that can be changed but the verification alg > > cannot. Are there such systems? > > > > All in all, it seems like a lot of firmware signing deployments > > should be able to allow for the evolution of verification algs, and > > the set of devices where we now (or soon) need to embed a > > forever-fixed alg and key for sig verification has to be very small. > > > > What am I getting wrong there? > > > > Ta, S. > > > > Any email and files/attachments transmitted with it are intended > > solely for the use of the individual or entity to whom they are > > addressed. If this message has been sent to you in error, you must > > not copy, distribute or disclose of the information it contains. > > Please notify Entrust immediately and delete the message from your > > system. > > > > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://mailman.irtf.org/mailman/listinfo/cfrg >
- [CFRG] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Mike Ounsworth
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] pq firmware signing question Dr. Pala
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Orie Steele
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Kris Kwiatkowski
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Falko Strenzke
- Re: [CFRG] [EXTERNAL] pq firmware signing question John Mattsson
- Re: [CFRG] [EXTERNAL] pq firmware signing question Ilari Liusvaara
- Re: [CFRG] [EXTERNAL] pq firmware signing question Sophie Schmieg
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Michael StJohns