Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signing question
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Sun, 17 March 2024 22:45 UTC
Return-Path: <prvs=58068080e4=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01122C14F61A for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 15:45:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbJ_xtMejgfi for <cfrg@ietfa.amsl.com>; Sun, 17 Mar 2024 15:45:20 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B24D5C14F61E for <Cfrg@irtf.org>; Sun, 17 Mar 2024 15:45:20 -0700 (PDT)
Received: from LLEX2019-03.mitll.ad.local (llex2019-03.llan.ll.mit.edu [172.25.4.99]) by MX3.LL.MIT.EDU (8.17.1.19/8.17.1.19) with ESMTPS id 42HMiAA0120390 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sun, 17 Mar 2024 18:44:10 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=d7cFu1CdGI5rAtuxeuWwHjAIBvM4Wk1gSwqx80F69WC2oG18KDVyDnrZYmwCQi6iBjUXPhUPA/UGIfr6JDduX7/HTkV0sr2N25BMs6t5LaUyN1RQEmKPRU25TM2KD5z9xNhtQQ1/tPcCdYxs1yyPB8irZi4NqeW5FUcPcC89DNvgnZzqCbtYvi6o/9pK4PFZyd9uo02BxS28k4WxX5cevZqKKzjwXD86c/srbWZGqXRp4k9tupAxFH3B2Ja9IMmGrBXzo2HlTBQctidnaCMtP0gXw3PJdSnkrB1Y+JuCCjkZKuEOAzAc14XMfs9nz/JcF0f4JvkAc2rwRYOXJuGBcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O0QWBcNGVAk2SE98hMDQzlT01XQCtxDrR8cxfH4xI7o=; b=EKiWKgvMpgM7myGgUsUXIYv9DTGwvrMC9+GsjwF33MHbV849s+VLOwjwbc0qcmwMrOaGtY5j8ezMIvLv9hg5M3Z0LtLrS2KjAyC3WGVj4/UNKA6Lwu/QAueYP10aMB524hn6kXcbEXUi59/E9W90+HefRfV7+wQ3VeYFGoHzoUKuDL0JP2VK9yaF2Fu9yeMBtAokSStoDkg7i4v+uE2HZ0tg8qV37JJIq/Dk+PnEPw/Wikdm+VNcCrInppdyDNvd0722YGKzmcC0U7xHvmRusfHcD7gwYyX15rpCMAIIU9vOZ0cWwb6qgYJOMwPTFGkBxFefu1veCC1FbNxUC3+zUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Mike Ounsworth <Mike.Ounsworth@entrust.com>, "cfrg@irtf.org" <Cfrg@irtf.org>
Thread-Topic: [EXT] Re: [CFRG] [EXTERNAL] pq firmware signing question
Thread-Index: AQHaeLSUJGxOUjcxL0GaG1fx2OFiRbE8eQKA///MCgA=
Date: Sun, 17 Mar 2024 22:45:07 +0000
Message-ID: <E85D9536-7FC4-4DA8-8279-360F7B5766A2@ll.mit.edu>
References: <73126498-47c2-4f8a-9425-18a3d9cce22c@cs.tcd.ie> <CH0PR11MB5739FD074FF5337C8E4E3DFB9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com> <6e71bda8-9fab-473e-98e7-6ed559793ced@cs.tcd.ie>
In-Reply-To: <6e71bda8-9fab-473e-98e7-6ed559793ced@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.83.24031120
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB1482:EE_
x-ms-office365-filtering-correlation-id: 4d103118-9baa-4de6-9505-08dc46d3e515
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QyfOEBLDd4WRNnMB+2n3iy6Zg2X7yGbIQOcUiZs17u6KY/3sCm0uamjIK3orasvPycaiKklC8GqZDyttCyw32MnnLpqUYis4NPv5VU9mb7rfvUJvgM61brp98MAn0/j8DmR39Rb3wg8DUyAGv3C8oKrFviEqLWeDL6ts7ngpBokdfwnRDlQU6ryUwbhDo5+bg7YEV2KX7vQnYUw87iuVmk+1P+7F8L++4s/5QxaFKljxGvk4nF2lvSRiMPO3YRTBU+EvjJ4/eGWlkNrZDmtFTljNw+gUbjiP+djfwX3dhs363ri8da+Zem5cb8i94PZUj0vyFbfaJpUoIcrXlI+5QWee/b2Kb78Dr4BV3iWBdW+9V564hK/lDlCsBwC383AxNoX8qfiifRLbsX1DikTbc2zF1rTd6F5YAy2dkaun/3l8F06w3r1XpWW26moLoTMY/hU1V+9eBQR//r4tMEmnfk4yUA8VitVS/FEN6DqUGrWcn6NcvC/ndPOPBQz5B7xhF99je1E1JDU+kovDx7R+cz76iP7g3SMYOabRq3oV3rdC6+M+LSEn6rPkMz2tOW1txL4JoVGQxwaV8b+prTndbRBsDBML7wwjO5cN6w5OG3HLX4yEk5XUTPIJLHONQWD+k7eoOV6t5EaqFi5vJvSpfRzgCwgf89bujoqwc0CWfwK/gvpMsoJyvIj3b5hkX9Uyof1wNJ+YXmHzrHOiqmtZGKHhhoK+8q2nmgc1Y6DXpt0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(366007)(38070700009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Ehyn9wjADbUYA64ImPUvADOZ3uTaDjs7+3qu9WeRB0tLo+8K55Nv7E64NISYoF2lLQlEsOe5yTklwcjECEM9ZT+Hmfn/lHadvOCeTw271vCNBlGtiHFoTwVBeFvM/6kHN7oMHveKOthBg/aDPITni5gOQSjxwUi5eHQUdII5BzxxtgpHWELxEpM3u1XjdJ/csQ5I2H5CDWYjC/8vtvyN/WDsswKNMW92iQXDeYRu8/rOjP015MtXPsoRul5Jtn7uHDf9sbw+Apf0m2Mtgqzgn4+GQbOmOeIhvJALkj3uF02h3famiX4dnbfU61dTOHBnYfUsreYDNSrurHmGNGcJj7St4t1QfZbwndLGtfqBMQ6D2Bc1f9uM80ibcIom3wO7uPGVwZ4wZ7bLsLoLyaOeeLh7a0oGuvB5tWQ5qc792ZFp+lrUlycw6wmA5petOuH9Unv2ZyCjH9D/3vM/rBYxJbuJh6jxSmj4X8lAbDu0YX5jDB0meBuciVLxUgEXX3BYw3f5NsqE1LPdmSQtpEDg/41ohkNcmj51+8POeWreWsY4a2Lzl1zyTWLsqP8pZkHO4ybT0+CWKJ+xVCAO8IX9ZxWnUiMcmmV8Qe+jKxX3ZtTwRN43K413GdgT4WxX6vKZqSfuaPXKCjkuKnwshjZkrdQ+LUhnXzJzNI66l/p2R9dpohsrlplYm9j0UHi9v1eOcBrkN/FO3sQc9915IK8AHFiBwHthGvqY9B62LJZ3O8WINMhSK56J5p5ewOqvwSAdLABJdbI076JFZi0FLac6YZFIe8WsN2hQWVmLcjG1cDRQ0+o23VP3+qNiP00YeojezJWvJK8mnuzM7bqhElaaUj9fjFB4/tLW6LcdRlhzV/SmsNgqUBnAgP16z7NO2C/yRLTWfjMHEGLfHiwYSO3FIK2cm/hXnYZd7ST1R4WLjuLbhCZCyZpds2EWdpCCyFmoqBmGH0j+0QGqMrqnJSscTHZIsV5gxMpBVMcpFBPA59cUTrrY3ZCLJd4cIHWz/xp2120m7nEzvrgcNls8YMLMWQPryhULMZ7xDABInMxTM8qYIp3XLgVUGsMVJquj7d1AbgmmuXs7qlOKG/45paC3YEI9vLPbCmPWs5CyqzXMquwTHviDgYd5QtGZxLaXEPwf76TDyjJOb+DqSqr7CJ1SHzvCu14yYU5bEmJYgweYBDUfeCl0Rny8JgPljui0OM4a5mg4rilrdc2kTY2PAuLRk7PcCn/W7fatEY3kX1zdgwi+ez7R3MaKebFN9ZG1ayS2idQVaDIbZKGbGjRezN5jf66DNoNnFU/I5wK1UJJjyqGwtxv0IAP5egjcXT7LCp/MJ9haKEHzGA4LBqbzlDYmqVZHslfkswzksAZg8xT/Zx9aYMDKeJCnraY0oeN4Jcx2+kvGEP/FJ7k4oOxp3gcrdEUMnNptKTgsnl6shrfJ+9YLdHgIHeeuMnOfMJXJ31iGjQqd7WQX0dnZSo/EMqwR2KTTEkFD3NgVlS3QNwZ5w6k=
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3793545907_3059897923"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d103118-9baa-4de6-9505-08dc46d3e515
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2024 22:45:07.5117 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1482
X-Proofpoint-ORIG-GUID: qG8Fx6cmVCIrntACWVhSFYhJl_zPHzqP
X-Proofpoint-GUID: qG8Fx6cmVCIrntACWVhSFYhJl_zPHzqP
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-17_12,2024-03-15_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 mlxscore=0 adultscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 suspectscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2403140000 definitions=main-2403170177
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/UP5z4wpsrKwGt0X8Qg0SQk6nGyA>
Subject: Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signing question
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2024 22:45:23 -0000
Look at it this way: you want your firmware updates to remain secure after CRQC appears. If your trust anchor can be re-written - then as soon as I can lay my hands on a CRQC, I crack your Classic signing key, create and sign my malicious firmware with your key and add my new malicious trust anchors to replace yours, and push my update to as many of your devices as I can. If your trust anchors can't be re-written - i.e., burnt in ROM or such - then I'll do all of the above except replacing your trust anchors. Thus, it seems that the only way to defend against the above kind of attack is to load PQ trust anchors now. -- V/R, Uri There are two ways to design a system. One is to make it so simple there are obviously no deficiencies. The other is to make it so complex there are no obvious deficiencies. - C. A. R. Hoare On 3/17/24, 17:52, "CFRG on behalf of Stephen Farrell" <cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org> on behalf of stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote: On 17/03/2024 21:45, Mike Ounsworth wrote: > Stephen. > > Short answer: firmware verification keys burned into ROM or some > other immutable trust store which is itself outside the memory space > of the firmware that you can update. Yep, that's the kind of answer I expected, but some details as to what and why was more what I was after. You can't of course update the ROM unless it's an EPROM or similar but it's not clear (to me:-) that the code that causes that key/alg to be used to verify new sigs can't be updated. Cheers, S. > > I am not myself a hardware manufacturer, but I have been lead to > believe that this is common practice. > > - Mike Ounsworth ________________________________ From: CFRG > <cfrg-bounces@irtf.org <mailto:cfrg-bounces@irtf.org>> on behalf of Stephen Farrell > <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> Sent: Monday, March 18, 2024 7:41:33 AM > To: cfrg@irtf.org <mailto:cfrg@irtf.org> <Cfrg@irtf.org <mailto:Cfrg@irtf.org>> Subject: [EXTERNAL] [CFRG] pq > firmware signing question > > > Hiya, > > A number of people have asserted that firmware signing implies > distributing a public value now, (or soon) on which they may still > have to rely after a CRQC might exist. The implication being that we > should start to do this kind of thing now, based on some composite > sig-alg, verification of which is assumed to be implemented below the > crypto APIs used by relevant applications. > > I'd like to try tease bits of that apart to better understand what's > required. > > ISTM that firmware signing entirely does allow one to update the > signature keys/algs needed for the next signed firmware update and > that there is no need, given ongoing updates, to continue to depend > on the original key/alg for the public value with which a device was > shipped. IOW, update N can update anything, including the sig alg > required for update N+1. > > I don't understand what class of device might be able to load new > firmware but not change the verification alg for sigs on subsequent > updates. If there are such devices, can someone describe 'em? > > There does seem to be an exception - a factory-reset of a device > would imply returning to depending on the original public value and > alg. However, a factory reset also seems to imply that a human can > "touch"/control a specific device at a specific point in time so is > not an unattended upgrade. And if someone can touch the device, then > in many cases it'd be cheaper to replace the whole thing than do a > factory reset in the field. > > And then there's the issue of the specific signing key - it's hard to > imagine a system where that can be changed but the verification alg > cannot. Are there such systems? > > All in all, it seems like a lot of firmware signing deployments > should be able to allow for the evolution of verification algs, and > the set of devices where we now (or soon) need to embed a > forever-fixed alg and key for sig verification has to be very small. > > What am I getting wrong there? > > Ta, S. > > Any email and files/attachments transmitted with it are intended > solely for the use of the individual or entity to whom they are > addressed. If this message has been sent to you in error, you must > not copy, distribute or disclose of the information it contains. > Please notify Entrust immediately and delete the message from your > system. >
- [CFRG] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Mike Ounsworth
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] pq firmware signing question Dr. Pala
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Orie Steele
- Re: [CFRG] [EXTERNAL] pq firmware signing question Stephen Farrell
- Re: [CFRG] [EXTERNAL] pq firmware signing question Kris Kwiatkowski
- Re: [CFRG] [EXT] Re: [EXTERNAL] pq firmware signi… Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Falko Strenzke
- Re: [CFRG] [EXTERNAL] pq firmware signing question John Mattsson
- Re: [CFRG] [EXTERNAL] pq firmware signing question Ilari Liusvaara
- Re: [CFRG] [EXTERNAL] pq firmware signing question Sophie Schmieg
- Re: [CFRG] [EXTERNAL] pq firmware signing question Scott Fluhrer (sfluhrer)
- Re: [CFRG] [EXTERNAL] pq firmware signing question Michael StJohns