<<< Date Index >>>     <<< Thread Index >>>

nCipher Advisory #9: Host-side attackers can access secret data



                   nCipher Security Advisory No. 9
              Host-side attackers can access secret data
              ------------------------------------------

SUMMARY
=======

On certain models and firmware combinations, an attacker who is able
to issue commands to an HSM (eg, by having use or control of the host
to which it is connected) may be able to access secret data stored in
the module, including critical application keys.

Modules with vulnerable firmware versions should be upgraded.


ISSUE DESCRIPTION
=================

1. Cause
--------

Due to an implementation error in certain versions of nCipher's HSM
firmware, certain carefully constructed sequences of commands can
yield access to secrets stored in the module's run-time memory.  These
secrets include infrastructure keys used for nCipher's Security World
key management framework as well as application keys.

Not all versions of nCipher's HSM firmware implement all the commands
which are needed to exploit this vulnerability.  Several necessary
commands were originally made available on nCipher's `nForce' series
of key-management HSMs, but were later bundled only with the CodeSafe
(SEE) capability of the `nShield' series of HSMs.


2. Impact
---------

An attacker who can issue commands to the HSM, and is fully aware of
the nature of the vulnerability, can acquire important secrets
including the values of application keys.

Typically, on a host-connected HSM, this would include any attacker
who can run programs on the host either because they are an authorised
user, or because they have successfully attacked the underlying host
operating system or an exposed network application.


3. Who Is Affected
------------------

Summary table - PCI and SCSI HSMs:

 Firmware version   Hardware version    Product     Status
  any                any                 any AO[1]   Not Relevant
  any                nCxxx1x (1st gen)   any KM      Not Vulnerable
  1.66.x or earlier  nCxxx2x (2nd gen)   any KM      Not Vulnerable
  1.67.x - 1.99.x    nCxxx2x (2nd gen)   any KM      Vulnerable
  2.0.0 or later     nCxxx2x (2nd gen)   any KM      See subsection 5
  2.0.x - 2.11.x     nCxxx3x (3rd gen)   any KM      Not Vulnerable
  2.12.0 or later    nCxxx3x (3rd gen)   any KM      See subsection 5

Summary table - network-attached HSMs:

 Image version      Hardware version and product  Status
  2.0.x or earlier   any ethernet-attached HSM     Contact nCipher Support
  2.1.x or later     any ethernet-attached HSM     Not Vulnerable

You are *not* affected if:
 - You are using acceleration-only nCipher modules (ie, modules
   without key storage facilities) [1]; or
 - You are using first-generation nCipher modules, hardware model
   numbers nCxxx1S and nCxxx1P;
 - You are using very old firmware (versions prior to 1.67.0);
 - You are using third-generation nCipher modules (hardware model
   numbers nCxxx3S and nCxxx3P) with firmware 2.11.x or earlier.
 - You have installed firmware introduced by nCipher to address
   this vulnerability (see `Remedy', below, for version numbers).

You *are* affected if:
 - You have any second-generation module (nCxxx2W or nCxxx2P) with
   firmware later than or equal to version 1.67.0 and earlier than
   2.0.0; or
 - You have a second-generation module (nCxxx2W or nCxxx2P) with firmware
   2.0.0 or later, and GeneralSEE is or could be enabled.
 - You have a third-generation modules (nCxxx3S and nCxxx3P) with
   firmware 2.12.0 or later and GeneralSEE is or could be enabled.
See subsection 5 below regarding the interaction of this vulnerability
with the GeneralSEE feature set in firmware versions 2.0.0/2.12.0 and
later.

You are not presently affected, but we recommend that you upgrade, if:
 - You are using a module, with firmware 2.0.0 or later (nCxxx2x), or
   2.12.0 or later (nCxxx3x), and which has never had GeneralSEE
   enabled via an nCipher Feature Enable certificate.

[1] nFast 800, and previous nFast products which provide only
    acceleration (`AO modules') and do not support key management are
    NOT affected.  (Note that the name `nFast' has been used in the
    past to refer to key management products.)  Only modules capable
    of key management (`KM modules') are affected.


4. How To Tell If You Are Affected
----------------------------------

PCI and SCSI HSMs:

 Ensure all modules are in operational mode. Run the enquiry program
 (C:\nfast\bin\enquiry, or /opt/nfast/bin/enquiry) and examine the
 output.  For each module, make the following checks:

 1. Ensure the `mode' field reads `operational'.  If you are unsure how to
    place a module into Operational mode, contact nCipher Support.

 2. Examine the `version' field, which will be of the form A.B.C, where
    A, B and C are numbers.  If the A field is 1, and the B field is a
    number less than or equal to 66, that module is *NOT* affected.

 3. Refer to the table in subsection 3, `Who Is Affected', above.

Network-attached HSMs:

 Look at the LCD screen, which should be at the front page displaying
 `Operational mode' and `Image version: A.B.C' where A, B and C are
 numbers.  If it displays something different, contact nCipher Support.

 If the image version is 2.1.x or later (A is 3 or more, or A is
 equal to 2 and B is 1 or more), the module is *NOT* affected.

 If the image version is 2.0.x or earler (A is 1 or less, or A is
 equal to 2 and B is 0), the module may be affected depending on other
 details of the installation - contact nCipher Support.


5. nShield firmware later than 2.0.0/2.12.0, and GeneralSEE
-----------------------------------------------------------

Recommendation for versions with Status listed as `See subsection 5':

nCipher strongly recommends upgrades for nShield modules in the
following regions: European Union, Australia, Canada, Czech Republic,
Hungary, Japan, New Zealand, Norway, Poland, Switzerland, United
States.

nCipher strongly recommends upgrades for any other modules which have
had or may have the GeneralSEE feature set enabled.

nCipher advises precautionary upgrades for all modules with firmware
versions listed as `See subsection 5' in the table, above.


Discussion:

>From version 2.0.0 (2nd-generation nCipher modules, nCxxx2x) or 2.12.0
(3rd generation, nCxxx3x), certain commands necessary to exploit the
vulnerability were unbundled from nForce modules, and instead bundled
with the CodeSafe (SEE) capability of nShield HSMs.  In these later
versions the vulnerability is present if the GeneralSEE feature set
has been enabled.

Ie, if the Status from the table in subsection 3, above, is `See
subsection 5', then your HSM is vulnerable if it has had the
GeneralSEE feature set enabled, as - in those firmware versions -
vulnerable commands were bundled with GeneralSEE.

GeneralSEE *is* authorised for your module if you have a Feature
Enable smartcard from nCipher with the words `SEE Activation (EU+10)'
printed under the `Features Enabled' heading.

It is possible to determine from the enquiry results whether this
feature set is currently installed in your HSM: check the `features
enabled' field in the enquiry output.  If this field contains
`GeneralSEE' anywhere in the list, the module *is* affected.  If (for
a relevant firmware version) the `features enabled' field does not
appear, or contains numeric flag values, contact nCipher support for
assistance.

However, it may be the case that GeneralSEE was authorised by nCipher
but has not been installed in your module.  In this case the attacker
could enable the features first, using the nCipher Feature Enable
Certificate, before carrying out the attack.  Even if the Feature
Enable Certificate was supplied by nCipher on a Feature Enable
Smartcard, an attacker who obtains the card or a copy of its contents
could install the feature set without physical access to the HSM and
without interrupting operation.

GeneralSEE is not made available for use except in a limited list of
countries, for export control reasons.  The HSM destination regions
for which it may have been enabled are those listed in the
Recommendation above.  Likewise, the GeneralSEE feature set is
rarely sold by nCipher for use on PayShield and nForce modules.  It is
routinely offered for use with nShield modules.

Therefore, all nShield users in the regions listed should upgrade the
firmware.  Any HSM which has had GeneralSEE made available must be
upgraded.

Other users are advised to upgrade the firmware as a precautionary
measure, even if the GeneralSEE flag is not currently set in their HSM
and it is believed that the feature set has not been requested from or
supplied by nCipher.


REMEDY
------

The only effective remedy for a vulnerable module is to upgrade the
firmware to a version which contains a fix for the bug.  A choice of
upgrade versions is available, as follows:

  Vulnerable firmware versions        Fixed firmware version(s)
  ----------------------------        -------------------------
  1.71.11, 1.71.15, 1.71.90           1.71.91

  1.75.15, 1.77.9, 1.77.93, 1.77.97   1.77.98

  1.79.12, 1.79.80, 1.79.81,
  2.0.0 to 2.0.4                      2.0.5

  2.12.0, 2.12.2                      2.12.6 (nCxxx2x modules)
                                      2.12.8 (nCxxx3x modules)

Note that the upgrade files are configured so that once a module has
been upgraded to a fixed version, it cannot be reverted to older
vulnerable versions.  Upgrading therefore permanently fixes the
vulnerability.

Each new version is functionally equivalent to its immediately preceding
version (e.g. 1.77.98 is equivalent to 1.77.97), and contains only the
required fixes for this vulnerability.

After the firmware is upgraded, the HSM will need to be
reindoctrinated into the appropriate Security World using the Security
World Administrator Cards.  The firmware upgrade and world programming
can be performed using any host platform.  Full details regarding
upgrading firmware and programming modules is in the user
documentation.


SOFTWARE DISTRIBUTION AND REFERENCES
====================================

You can obtain copies of this advisory, and supporting documentation,
from the nCipher updates site:

    http://www.ncipher.com/support/advisories/

This advisory will be released publicly (via Bugtraq, the nCipher
website, and elsewhere) two weeks after nCipher customers have received
it. This is to allow time for these customers to update their module
firmware before the vulnerability is public knowledge.

We regret that due to export control regulations, we are unable to
make the firmware updates themselves available on the web site.
Contact nCipher Support for details on obtaining the updated firmware.



NCIPHER SUPPORT
---------------

nCipher customers who require updated software, support or further
information regarding this problem should contact support@xxxxxxxxxxxx

nCipher support can also be reached by telephone:

    Customers in the USA or Canada:   +1 781 994 4008
    Customers in all other countries: +44 1223 723666


Further Information
-------------------

General information about nCipher products:
    http://www.ncipher.com/

User's and Developer's Guides for nCipher products:
    http://www.ncipher.com/documentation.html

If you would like to receive future security advisories from nCipher
please subscribe to the low volume nCipher security-announce mailing
list by sending a message with the single word `subscribe' in the body
to security-announce-request@xxxxxxxxxxxx


Copyright (c) nCipher Corporation Ltd.  2004

    All trademarks acknowledged.

$Id: advisory9.txt,v 1.17 2004/01/30 16:16:30 iwj Exp $