Hi I'm exploring how to defend against an attacker who can create valid signatures for cryptographic private keys (e.g., PGP) that users need to trust when using an operating system such as Debian. A signature like that can be used in a targetted attacks against one victim.
For example, apt does not have any protection against this threat scenario, and often unprotected ftp:// or http:// transports are used, which are easy to man-in-the-middle. Even with https:// there is a large number of mirror sites out there that can replace content you get. There is a risk that use of a compromised trusted apt PGP key will not be noticed. Attackers are also in a good position to deny themselves out of their actions if they are careful. Part of my effort is to inventory all trusted private keys that a distribution needs to manage on their own, or depend on that are managed by others, and gain some insight how these keys are handled. Does the Debian project, or any members, publish information on these topics? Has this been discussed before? Some questions that I think would be useful to answer include: 1) List of relevant private keys, held by the organization, its members, or someone else. As far as I can tell from Debian, the list includes the following PGP trust anchors: B8B8 0B5B 623E AB6A D877 5C45 B7C5 D7D6 3509 47F8 05AB 9034 0C0C 5E79 7F44 A8C8 254C F3B5 AEC0 A8F0 4D64 FEC1 19C2 0290 67D6 E791 F8D2 585B 8783 D481 1F89 983E 0081 FDE0 18F3 CC96 73A4 F27B 8DD4 7936 AC53 0D52 0F2F 3269 F5E9 8313 A484 4904 4AAD 5C5D A428 5295 FC7B 1A81 6000 62A9 605C 66F0 0D6C 9793 80D1 5823 B7FD 1561 F9F7 BCDD DC30 D7C2 3CBB ABEE 5E61 B217 265D A980 7A23 C5FF 4DFA B270 CAA9 6DFA 6D33 866E DD8F FA41 C014 3AED DCC9 EFBF 77E1 1517 Compromising any single key on this list leads to trouble. However I don't think this list is complete. What other keys are there? I believe there are keys used to sign some component of the boot phase, compare the 'shim-signed' and 'grub-efi-amd64-signed' packages. What private keys held by Debian are involved here? What keys held by others are involved? What other similar packages exists? 2) For each private key, information about its management and lifecycle. Relevant questions include: a) How was the key generated? By whom? On what hardware? What software? In what environment? What legal jurisdiction apply to people involved? b) How is the key stored and protected during its lifetime? What media is used? Who control the physical storage of the key? How are they stored and transported? What jurisdiction? c) Under what policy is the key used? What should it sign? Who authorize the signing? What hardware and software is used? What jurisdiction? d) For externally held keys, what are the legal terms we use the keys under? What insight into key transparency questions do we have? What of those can we make public? How do they restrict what we are allowed to do? 3) Which less visible private keys are indirectly trusted by users of the distribution? For example, all DD PGP keys are indirectly trusted since they are permitted to make uploads into the archive. Host keys used to authorized access to sensitive systems may also be relevant. I'm primarily thinking SSH private keys to a system that may have online access to a private key signing oracle. Indirectly, questions about authentication protocols and authorization methods are relevant. To the extent that symmetric shared secrets (rather than asymmetric public/private keys) are involved, the same question applies. Other aspects worth exploring? I understand commercial distributions have different incentives related to making this information public. They have a commercial interest to defend, and has usually entered various legal arrangements that create obstacles related to releasing information. As we've seen with the WebPKI CA business, that model does not inspire trust and leads to systematic failures. More transparent approaches like Certificate Transparency and LetsEncrypt evolved as a consequence. I believe that Debian is in a good position to improve things and, if there is interest, could lead the way by documenting a better approach, and describe how to deal with these concerns in a more transparent way than what we do today. Thoughts? /Simon
signature.asc
Description: PGP signature