Security Advisory: CVE-2021-3406 -> suggestions


Kenneth Goldman
 

Is there a way to comment on this in github? I could not find a way other than starting a new issue.

I would suggest (and what I implemented)

1 - Do not verify the EK pub against the EK cert. Just don't send the EK pub at all. Use the value from the EK cert.

2 - Do not verify the AIK name against the AIK pub. Rather, don't send the AIK name at all. Calculate it from the AIK pub.

In general, don't send redundant data. Each instance opens an attack surface if a check is omitted. It's better security to eliminate the redundancy than add checks.

--
Ken Goldman kgoldman@...
914-945-2415 (862-2415)


"Michael Peters" ---02/24/2021 09:23:05 AM---Hello Keylime Community, A security issue was discovered in the Keylime agent and registrar

From: "Michael Peters" <mpeters@...>
To: keylime@groups.io
Date: 02/24/2021 09:23 AM
Subject: [EXTERNAL] [keylime] Security Advisory: CVE-2021-3406
Sent by: main@keylime.groups.io





Hello Keylime Community,

A security issue was discovered in the Keylime agent and registrar
that breaks the cryptographic chain of trust from the Endorsement Key
certificate to agent attestations.

This means that when a TPM 2 is in use on the agent, there is no way
to know whether the quotes are produced by a valid TPM.

This issue has been assigned CVE-2021-3406

Affected Versions:
All versions after Keylime v3.0.0

How do I mitigate this vulnerability?
ACTION REQUIRED: Upgrade to 6.0.0
Prior to upgrading, this vulnerability can be mitigated by not using
TPM 2 on the agent.

Upgrade steps:
Shutdown the verifier, registrar and all agents.
Perform upgrade to version 6.0.0 (database migration is included in the release)
Start up all services, registrar, agent and verifier
Update the agents using the keylime_tenant command `-c update`

Further notes: The 6.0.0 release also introduces the deprecation of
TPM 1.2 and the deep quote function, as per issues #526 and #530

Advisory Notice:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_keylime_keylime_security_advisories_GHSA-2D78f8-2D6c68-2D375m&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=DZCVG43VcL8GTneMZb8k8lEwb-O1GZktFfre1-mlmiA&m=HonjSJGoDsDXKXwtZvZFyAVKSujtARRFPmnPRayJsTU&s=uQthwd4oeApM-2DceX4GIwXpzWizRkMrQBrlMPf1758&e= 

Acknowledgements:
This vulnerability was reported and fixed by Keylime team member
Patrick Uiterwijk.

--
Michael Peters
Keylime (Project Lead)










Michael Peters
 

Ken,

You can see more details from Patrick about the flaw and the fix used here: https://patrick.uiterwijk.org/blog/tpm2-attestation-keylime-vulnerability and yes it's mostly "don't send redundant data" :)

On Wed, Feb 24, 2021 at 9:50 AM Kenneth Goldman <kgoldman@...> wrote:

Is there a way to comment on this in github? I could not find a way other than starting a new issue.

I would suggest (and what I implemented)

1 - Do not verify the EK pub against the EK cert. Just don't send the EK pub at all. Use the value from the EK cert.

2 - Do not verify the AIK name against the AIK pub. Rather, don't send the AIK name at all. Calculate it from the AIK pub.

In general, don't send redundant data. Each instance opens an attack surface if a check is omitted. It's better security to eliminate the redundancy than add checks.

--
Ken Goldman kgoldman@...
914-945-2415 (862-2415)


"Michael Peters" ---02/24/2021 09:23:05 AM---Hello Keylime Community, A security issue was discovered in the Keylime agent and registrar

From: "Michael Peters" <mpeters@...>
To: keylime@groups.io
Date: 02/24/2021 09:23 AM
Subject: [EXTERNAL] [keylime] Security Advisory: CVE-2021-3406
Sent by: main@keylime.groups.io





Hello Keylime Community,

A security issue was discovered in the Keylime agent and registrar
that breaks the cryptographic chain of trust from the Endorsement Key
certificate to agent attestations.

This means that when a TPM 2 is in use on the agent, there is no way
to know whether the quotes are produced by a valid TPM.

This issue has been assigned CVE-2021-3406

Affected Versions:
All versions after Keylime v3.0.0

How do I mitigate this vulnerability?
ACTION REQUIRED: Upgrade to 6.0.0
Prior to upgrading, this vulnerability can be mitigated by not using
TPM 2 on the agent.

Upgrade steps:
Shutdown the verifier, registrar and all agents.
Perform upgrade to version 6.0.0 (database migration is included in the release)
Start up all services, registrar, agent and verifier
Update the agents using the keylime_tenant command `-c update`

Further notes: The 6.0.0 release also introduces the deprecation of
TPM 1.2 and the deep quote function, as per issues #526 and #530

Advisory Notice:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_keylime_keylime_security_advisories_GHSA-2D78f8-2D6c68-2D375m&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=DZCVG43VcL8GTneMZb8k8lEwb-O1GZktFfre1-mlmiA&m=HonjSJGoDsDXKXwtZvZFyAVKSujtARRFPmnPRayJsTU&s=uQthwd4oeApM-2DceX4GIwXpzWizRkMrQBrlMPf1758&e= 

Acknowledgements:
This vulnerability was reported and fixed by Keylime team member
Patrick Uiterwijk.

--
Michael Peters
Keylime (Project Lead)