Hi
I'm exploring how to defend against an attacker who can create valid
signatures for cryptographic private keys (e.g., PGP) that users need to
trust when using an operating system such as Debian. A signature like
that can be used in a targetted attacks against one victim.
For example, apt does not have any protection against this threat
scenario, and often unprotected ftp:// or http:// transports are used,
which are easy to man-in-the-middle. Even with https:// there is a
large number of mirror sites out there that can replace content you get.
There is a risk that use of a compromised trusted apt PGP key will not
be noticed. Attackers are also in a good position to deny themselves
out of their actions if they are careful.
Part of my effort is to inventory all trusted private keys that a
distribution needs to manage on their own, or depend on that are managed
by others, and gain some insight how these keys are handled.
Does the Debian project, or any members, publish information on these
topics? Has this been discussed before?
Some questions that I think would be useful to answer include:
1) List of relevant private keys, held by the organization, its members,
or someone else. As far as I can tell from Debian, the list includes
the following PGP trust anchors:
B8B8 0B5B 623E AB6A D877 5C45 B7C5 D7D6 3509 47F8
05AB 9034 0C0C 5E79 7F44 A8C8 254C F3B5 AEC0 A8F0
4D64 FEC1 19C2 0290 67D6 E791 F8D2 585B 8783 D481
1F89 983E 0081 FDE0 18F3 CC96 73A4 F27B 8DD4 7936
AC53 0D52 0F2F 3269 F5E9 8313 A484 4904 4AAD 5C5D
A428 5295 FC7B 1A81 6000 62A9 605C 66F0 0D6C 9793
80D1 5823 B7FD 1561 F9F7 BCDD DC30 D7C2 3CBB ABEE
5E61 B217 265D A980 7A23 C5FF 4DFA B270 CAA9 6DFA
6D33 866E DD8F FA41 C014 3AED DCC9 EFBF 77E1 1517
Compromising any single key on this list leads to trouble. However I
don't think this list is complete. What other keys are there?
I believe there are keys used to sign some component of the boot
phase, compare the 'shim-signed' and 'grub-efi-amd64-signed'
packages. What private keys held by Debian are involved here? What
keys held by others are involved? What other similar packages
exists?
2) For each private key, information about its management and lifecycle.
Relevant questions include:
a) How was the key generated? By whom? On what hardware? What
software? In what environment? What legal jurisdiction apply to
people involved?
b) How is the key stored and protected during its lifetime? What media
is used? Who control the physical storage of the key? How are they
stored and transported? What jurisdiction?
c) Under what policy is the key used? What should it sign? Who
authorize the signing? What hardware and software is used? What
jurisdiction?
d) For externally held keys, what are the legal terms we use the keys
under? What insight into key transparency questions do we have?
What of those can we make public? How do they restrict what we are
allowed to do?
3) Which less visible private keys are indirectly trusted by users of
the distribution? For example, all DD PGP keys are indirectly
trusted since they are permitted to make uploads into the archive.
Host keys used to authorized access to sensitive systems may also be
relevant. I'm primarily thinking SSH private keys to a system that
may have online access to a private key signing oracle. Indirectly,
questions about authentication protocols and authorization methods
are relevant.
To the extent that symmetric shared secrets (rather than asymmetric
public/private keys) are involved, the same question applies.
Other aspects worth exploring?
I understand commercial distributions have different incentives related
to making this information public. They have a commercial interest to
defend, and has usually entered various legal arrangements that create
obstacles related to releasing information. As we've seen with the
WebPKI CA business, that model does not inspire trust and leads to
systematic failures. More transparent approaches like Certificate
Transparency and LetsEncrypt evolved as a consequence.
I believe that Debian is in a good position to improve things and, if
there is interest, could lead the way by documenting a better approach,
and describe how to deal with these concerns in a more transparent way
than what we do today.
Thoughts?
/Simon
Attachment:
signature.asc
Description: PGP signature