[Cryptography] What if your CA's HSM was an Android tablet?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Mar 25 21:57:43 EDT 2015
One of the interesting points in this week's regularly-scheduled browser PKI
debacle was that the (intermediate) CA that issued the Google MITM certs was
using a Palo Alto firewall as an HSM. This arises because of the CAB Forum
baseline requirements that:
"The CA SHALL protect its Private Key in a system or device that has been
validated as meeting at least FIPS 140 level 3 or an appropriate Common
Criteria Protection Profile or Security Target, EAL 4 (or higher), which
includes requirements to protect the Private Key and other assets against
known threats."
Until now it had been implicitly assumed that CAs would be using an HSM, but
the requirements really just say "must have a FIPS sticker on it somewhere"
(technically the CA was non-compliant because while the firewall they used had
mostly level 3 specs, the physical protection wasn't there so it only got a
level 2 overall).
So lets look at:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2323
to see what else a CA can use to store its root keys... alongside actual HSMs
there's the usual list of routers and firewalls, but also lots and lots of
disk drives (HDD and SSD), digital cinema projectors, franking machines, and a
whole array of USB keys, alongside more unusual items like satellite modems, a
medication monitor (like the firewall used by the CA, it's mostly level 3 but
only level 2 overall), a barcode reader (as above), Java cards, a handful of
tape drives, and, most interestingly, a family of ARM CPUs targeted at smart
phones, tablets, and thin clients, including among other things the OLPC XO-3
[0].
So, using the interpretation of the CAB Forum requirements pointed out by this
week's MITM CA, you can run your CA using a Dell thin client, a Panasonic
Android tablet, or an OLPC, as its security module.
Or, as has already been demonstrated, a Palo Alto firewall with issues like:
https://securityadvisories.paloaltonetworks.com/Home/Detail/4
https://securityadvisories.paloaltonetworks.com/Home/Detail/3
https://securityadvisories.paloaltonetworks.com/Home/Detail/12
A vulnerability exists whereby an unauthenticated user can execute arbitrary
code as root on the device. (Ref #36983)
This vulnerability can result in arbitrary command execution, and can result
in total compromise of the device.
farce (n): a comic dramatic work using buffoonery and horseplay and typically
including crude characterization and ludicrously improbable situations.
Peter.
[0] The product certified was the PXA610, the OLPC uses the PXA618 which is a
minor rev of the same thing, it's unclear whether the claim is for the
PXA610 platform or the specific PX610 device, and/or how far claims over
what was certified will be stretched.
More information about the cryptography
mailing list