Eliminating Escrows: Towards Stateless, Anonymous Key Recovery

Nathaniel McCallum

Principal Engineer - Red Hat, Inc.

Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █
Booting...

Disk Password: █

Standards (AES, PCI-DSS, etc.)

Yesterday

Automation

Today

Policy

Tomorrow

Automation?

Shh... I'm Secret!

Encryption Key

Shh... I'm Secret!

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"correct battery horse staple"

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"correct battery horse staple"

Standard Password Model

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

Standard Escrow Model?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model?

KDC/CA

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model

KDC/CA

Backups

Key Encryption Key

Encryption Key

Shh... I'm Secret!

"d41d8cd9...ecf8427e"

Escrow

TLS / GSSAPI

Standard Escrow Model

KDC/CA

Backups

HEARTBLEED

Lessons Learned

  • Presuming TLS will protect key transfer is dangerous
  • Complexity increases attack surface
  • Escrows are difficult to deploy
  • X.509 is hard to get right

asymmetric crypto?

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Deo

TLS

Public Key Encryption

Deo Model

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Deo

TLS

Public Key Encryption

Deo Model

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Deo

TLS

Public Key Encryption

Deo Model

CA

Backups

R.I.P.

Deo

"We hardly knew ye!"

Lessons Learned

  • Asymmetric cryptography:
    • makes the server stateless
    • obviates client authentication
  • All the other drawbacks still exist

Key Exchange?

(EC) Diffie-Hellman Key Exchange

S \in_{R} [1, p-1]
SR[1,p1]S \in_{R} [1, p-1]
s = gS
s=gSs = gS
\longleftarrow s
s\longleftarrow s
C \in_{R} [1, p-1]
CR[1,p1]C \in_{R} [1, p-1]
c = gC
c=gCc = gC
c \longrightarrow
cc \longrightarrow
K = gCS = cS
K=gCS=cSK = gCS = cS
K = gSC = sC
K=gSC=sCK = gSC = sC

Client

Server

Binding with ECDH (Insecure)

S \in_{R} [1, p-1]
SR[1,p1]S \in_{R} [1, p-1]
s = gS
s=gSs = gS
\longleftarrow s
s\longleftarrow s
C \in_{R} [1, p-1]
CR[1,p1]C \in_{R} [1, p-1]
c = gC
c=gCc = gC
K = gSC = sC
K=gSC=sCK = gSC = sC

Provisioning

Recovery

Discard: K, C
Discard:K,CDiscard: K, C
c \longrightarrow
cc \longrightarrow
K = xS
K=xSK = xS
\longleftarrow K
K\longleftarrow K
Retain: s, c
Retain:s,cRetain: s, c

Weaknesses:

  1. K is revealed to a passive attacker.
  2. With c, the passive attacker can get K.
  3. Server learns c and therefore K.

 

Resolved: c MUST be private

Server

Client

Server

Client

McCallum-Relyea Key Exchange

S \in_{R} [1, p-1]
SR[1,p1]S \in_{R} [1, p-1]
s = gS
s=gSs = gS
\longleftarrow s
s\longleftarrow s
C \in_{R} [1, p-1]
CR[1,p1]C \in_{R} [1, p-1]
c = gC
c=gCc = gC
K = gSC = sC
K=gSC=sCK = gSC = sC

Provisioning

Recovery

E \in_{R} [1, p-1]
ER[1,p1]E \in_{R} [1, p-1]
Discard: K, C
Discard:K,CDiscard: K, C
x = c + e
x=c+ex = c + e
x \longrightarrow
xx \longrightarrow
y = xS
y=xSy = xS
\longleftarrow y
y\longleftarrow y
K = y - sE
K=ysEK = y - sE
Because: K = gCS + gES - gSE
Because:K=gCS+gESgSEBecause: K = gCS + gES - gSE
Retain: s, c
Retain:s,cRetain: s, c
e = gE
e=gEe = gE

To keep c private, e & E MUST be private.

Server

Client

Server

Client

Who knows what during Recovery?

S \in_{R} [1, p-1]
SR[1,p1]S \in_{R} [1, p-1]
s = gS
s=gSs = gS
c = gC
c=gCc = gC

Client

Passive Attacker

E \in_{R} [1, p-1]
ER[1,p1]E \in_{R} [1, p-1]
x = gC + gE
x=gC+gEx = gC + gE
y = gCS + gES
y=gCS+gESy = gCS + gES
e = gE
e=gEe = gE
s = gS
s=gSs = gS

Server

y = gCS + gES
y=gCS+gESy = gCS + gES
x = gC + gE
x=gC+gEx = gC + gE
y = gCS + gES
y=gCS+gESy = gCS + gES
x = gC + gE
x=gC+gEx = gC + gE
K = gCS + gES - gSE
K=gCS+gESgSEK = gCS + gES - gSE

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Server

MR Exchange

Key Encryption Key

Encryption Key

Shh... I'm Secret!

Server

MR Exchange

Crypto HW

Property Escrow MR Exchange
Server presence during provisioning Required Optional
Server presence during recovery Required Required
Server knowledge of keys Required None
Key transfer Required None
Client authentication Required Optional
Transport encryption Required Optional
End-to-end Encryption Difficult Unneeded

Revocation: ASPAKE?

Tang

  • https://github.com/latchset/tang
  • Server-side daemon
  • Simple: HTTP + JOSE
  • Fast (>2k req/sec)
  • Extremely small
  • Minimal dependencies
  • Fedora 23+
$ dnf install tang

$ systemctl enable --now tangd-update.path
$ systemctl enable --now tangd.socket

$ jose gen -t '{"alg":"ES256"}' \
           -o /var/db/tang/sig.jwk
$ jose gen -t '{"kty":"EC","crv":"P-256","key_ops":["deriveKey"]}' \
           -o /var/db/tang/exc.jwk

Installing a Tang Server

On the client...

Clevis

  • https://github.com/latchset/clevis/
  • Decryption automation and policy framework
  • Minimal dependencies
  • Early boot integration
  • GNOME integration
  • Fedora 24+
$ dnf install clevis

$ echo PT | clevis encrypt tang '{"url":"http://localhost"}' > mydata.jwe
The advertisement is signed with the following keys:
	haD7Y-8VkAyJo6-vdZMrGQXCSfI

Do you wish to trust the advertisement? [yN] y

$ cat mydata.jwe
{"ciphertext":"-O59czAqybvxHdme2t3I5A", ...}

$ clevis decrypt < mydata.jwe
PT

$ sudo systemctl stop tangd.socket

$ clevis decrypt < mydata.jwe
$ echo $?
1

Basic Encryption with Tang

$ clevis bind-luks /dev/sda1 tang '{"url":"http://tang.company.com"}'
The advertisement is signed with the following keys:
	haD7Y-8VkAyJo6-vdZMrGQXCSfI

Do you wish to trust the advertisement? [yN] y
Enter passphrase for /dev/sda1:

$ luksmeta show -d /dev/sda1
0   active empty
1   active cb6e8904-81ff-40da-a84a-07ab9ab5715e
2 inactive empty
3 inactive empty
4 inactive empty
5 inactive empty
6 inactive empty
7 inactive empty

# For root volume unlocking at boot:
$ dnf install clevis-dracut
$ dracut -f
$ reboot

# For removable storage GNOME unlocking:
$ dnf install clevis-udisks2

Disk Binding with Tang

Exploring the ecosystem

Dependency: José

  • https://github.com/latchset/jose
  • JSON Object Signing and Encryption
  • C Library & Command Line Utility
  • Bottom Line: User-Friendly, Standards-Compliant Crypto
$ jose gen -t '{"alg": "A128GCM"}' -o oct.jwk
$ jose gen -t '{"alg": "RSA1_5"}' -o rsa.jwk
$ jose gen -t '{"alg": "ES256"}' -o ec.jwk

$ echo hi | jose enc -i- -k rsa.pub.jwk -o msg.jwe
$ jose dec -i msg.jwe -k rsa.jwk
hi
$ jose dec -i msg.jwe -k oct.jwk
Decryption failed!

$ echo hi | jose sig -i- -k ec.jwk -o msg.jws
$ jose ver -i msg.jws -k ec.pub.jwk
hi
$ jose ver -i msg.jws -k oct.jwk
No signatures validated!

Dependency: LUKSMeta

  • https://github.com/latchset/luksmeta
  • Store metadata in LUKSv1 header gap
  • C library & Command Line Utility
$ echo hi | luksmeta save -d /dev/sdc1 -s 2 -u EC998562-B60D-47F0-A579-DCA8C12F5BF6

$ luksmeta load -d /dev/sdc1 -s 2 -u EC998562-B60D-47F0-A579-DCA8C12F5BF6
hi

$ luksmeta load -d /dev/sdc1 -s 2 -u 12618962-A1E5-48F1-B327-D7C60E20FC02
Slot contains different UUID

the Near Future

José

  • PKCS#11 Support
  • Python Bindings
  • Additional crypto backends
  • Additional algorithms

Clevis

  • Password Pin
  • PKCS#11 Pin (including, in the future, TPM)
  • Support for non-root, non-removable volumes
  • Ext4 encryption support

Tang

  • Binding IDs (Optional; sacrifices anonymity)
  • Revocation (requires Binding IDs)

Patches Welcome!

Questions?

Eliminating Escrows: Towards Stateless, Anonymous Key Recovery

By Nathaniel McCallum

Eliminating Escrows: Towards Stateless, Anonymous Key Recovery

  • 1,156
Loading comments...

More from Nathaniel McCallum