[TLS] TLS and hardware security modules - some issues related to PKCS11
Michael StJohns <msj@nthpermutation.com> Fri, 06 September 2013 04:10 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 894F721E8096 for <tls@ietfa.amsl.com>; Thu, 5 Sep 2013 21:10:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IWYrGehOUlH for <tls@ietfa.amsl.com>; Thu, 5 Sep 2013 21:10:45 -0700 (PDT)
Received: from mail-qc0-f180.google.com (mail-qc0-f180.google.com [209.85.216.180]) by ietfa.amsl.com (Postfix) with ESMTP id 1FC7C11E8253 for <tls@ietf.org>; Thu, 5 Sep 2013 21:10:34 -0700 (PDT)
Received: by mail-qc0-f180.google.com with SMTP id p19so1336542qcv.11 for <tls@ietf.org>; Thu, 05 Sep 2013 21:10:34 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-type:content-transfer-encoding; bh=xLZ1vqmqMyiBhp0R0BKPc7hOy4hGitQKNsbdc7iSfp0=; b=M44wiKckj4MOBs/06+SWUTVeSWSewh/P45ZeOaDr3hw4myQfCcr2vZJ3IfUXZLz4Um Raue8Z+/XviK+4gX5bExSrE7YuUeV8nc8obBBivIRBPxe/5m72eitK1WhwQPy8/Aa9Tm 3uKSyLZyzOSaZPK15YzQIp3Q5byj627W3Gr2VT9OOkFIrFI/Wrnmv9JK/7fJIZcC8J5J luajPjKowHjCYAuYddBs5WhaUVrCsAy0jsOJcj1AuySsJ2IhU+N2i8TJbj2t55GqSVOP w/6xVYKVj+YGVD8H093AGmp7XF2ld3dxBXjE+64lnDdaHqC22Np0BK9VfCOAPKlcQ1tt yfCQ==
X-Gm-Message-State: ALoCoQkV2DR+Osgb9Isaztajm58wDMmLLuhxbBkVctTvBjnUCGnmjSBz0L+kVM1qbb+M2oV02tYr
X-Received: by 10.229.201.67 with SMTP id ez3mr607364qcb.1.1378440634157; Thu, 05 Sep 2013 21:10:34 -0700 (PDT)
Received: from [192.168.1.116] (c-68-83-212-126.hsd1.md.comcast.net. [68.83.212.126]) by mx.google.com with ESMTPSA id a2sm1051926qek.7.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 05 Sep 2013 21:10:33 -0700 (PDT)
Message-ID: <522955BC.8000407@nthpermutation.com>
Date: Fri, 06 Sep 2013 00:10:36 -0400
From: Michael StJohns <msj@nthpermutation.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: tls@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [TLS] TLS and hardware security modules - some issues related to PKCS11
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2013 04:10:51 -0000
HI - I'm currently working with the PKCS11 group in Oasis. One of the items for the new draft (2.40) was adding PKCS11 mechanism definitions for TLS1.2. As part of that, I started looking closely at TLS and its key derivation mechanisms. Hardware Security Modules (HSMs) are used both for cryptographic acceleration, and for protection of key material. The way TLS (1.0, 1.1 and 1.2) does its key derivations pose a number of challenges for that second goal. Consider the typical chain of derived material generated for a TLS connection: (keywrap or key agreement) -> pre-master secret pre-master secret -> master secret master secret -> mac key client -> mac key server -> encrypt key client -> encrypt key server -> client IV (public data) -> server IV (public data) master secret -> client finished "mac" (public data) -> server finished "mac" (public data) All of these are produced through the application of the TLS PRF to a key using a specific "label" and other data. In PKCS11 v2.40, the CKM_TLS_PRF mechanism can be used with a key to produce public data. This is used both to produce the finished verify_data and for the more general use of key exporters. However, as defined, there is no restriction on using that function with any tls "label" and with any other additional data. That basically allows someone who has access to "use" the master_secret with the "key expansion" label and the random data to produce a public version of the mac and encryption keys. In the current PKCS11 draft to fix the above, the CKM_TLS_PRF user accessible mechanism has been deprecated in favor of a TLS KDF that can be used for a key exporter (and produces only private key material), and a TLS MAC that is used to produce the finished message verify data (public data). The latter function doesn't allow a label to be supplied, but instead takes a parameter that references two fixed label values - those associated with the finished message verify_data. That still leaves a second problem. The "key expansion" stage produces both private (key material) and public (iv data) by producing a key stream and then splitting up (based on the sizes of keys needed) into the 4 keys and 2 IVs. o Consider an application that needs to produce 2 128 bit AES keys and 2 IVs (for say GCM). o Consider that an attacker (or a hacked program that's being used to extract keys) re-runs the derivation using the same master key and same random data, this time specifying zero length keys (or 64 bits of keys etc), but still asks for the IV material. The part of the key stream previously assigned to the encryption keys is now assigned to the IV material. Since IVs by their nature are public, the attacker now has direct access to the key material previously used for encryption. Fortunately, TLS1.1 changed the way IVs were calculated making it possible to prohibit that leaking. Unfortunately, the CCM and GCM mechanisms for TLS1.2 decided to use the IV values making impossible to prohibit the leaking. For the current PKCS11 draft, we finessed it by creating two mechanisms - one that created only key material, and one that created key material and IVs. PKCS11 allows a specific key to be constrained to a specific mechanism so that permits some security for the non-AEAD suites. It's not ideal, but its a beginning Going forward (e.g. TLS1.3 and any revision to the TLS1.2 AEAD mechanisms) , I'd like to recommend the following changes to the "key expansion" derivation step (this replaces text in section 6.3 of RFC5256): >> When keys and MAC keys are generated, the master secret is used as an >> entropy source. >> >> To generate the key material, compute >> >> key_block = PRF(SecurityParameters.master_secret, >> "key expansion", >> SecurityParameters.server_random + >> SecurityParameters.client_random); >> >> until enough output has been generated. Then, the key_block is >> partitioned as follows: >> >> client_write_MAC_key[SecurityParameters.mac_key_length] >> server_write_MAC_key[SecurityParameters.mac_key_length] >> client_write_key[SecurityParameters.enc_key_length] >> server_write_key[SecurityParameters.enc_key_length] > *** Change begins here >> iv_subkey [32 bytes] (if IV material is requested) >> >> The IV's are generated by computing >> >> iv_block = PRF (iv_subkey, >> "iv generation", >> SecurityParameters.server_random + >> SecruityParameters.client_random); >> >> until enough output has been generated. Then the iv_block is >> partitioned as follows: >> >> client_write_IV[SecurityParameters.fixed_iv_length] >> server_write_IV[SecurityParameters.fixed_iv_length] >> > Basically, doing it this way places a "firewall" between the private data and the public data that can't be trivially defeated by varying the length of the requested key material. Alternately, the IV production as part of key expansion could be removed completely and crypto suites directed to find another way of selecting the IV. Thanks - Mike
- [TLS] TLS and hardware security modules - some is… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Juraj Somorovsky
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Martin Rex
- Re: [TLS] TLS and hardware security modules - som… Pascal Urien
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Salz, Rich
- Re: [TLS] TLS and hardware security modules - som… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] TLS and hardware security modules - som… Martin Rex
- Re: [TLS] TLS and hardware security modules - som… Salz, Rich
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Nikos Mavrogiannopoulos
- Re: [TLS] TLS and hardware security modules - som… Bill Frantz
- Re: [TLS] TLS and hardware security modules - som… Blumenthal, Uri - 0558 - MITLL
- Re: [TLS] TLS and hardware security modules - som… Juraj Somorovsky
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Juraj Somorovsky
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Paterson, Kenny
- Re: [TLS] TLS and hardware security modules - som… Michael D'Errico
- Re: [TLS] TLS and hardware security modules - som… Nico Williams
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Nico Williams
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Juraj Somorovsky
- Re: [TLS] TLS and hardware security modules - som… Michael StJohns
- Re: [TLS] TLS and hardware security modules - som… Juraj Somorovsky