SA#09: Host-side attackers can access secret data

This advisory also available as PGP-signed plaintext.

February 2004

Summary

On certain models and firmware combinations, an attacker who is able to issue commands to an HSM (eg, by having use or control of the host to which it is connected) may be able to access secret data stored in the module, including critical application keys.

Modules with vulnerable firmware versions should be upgraded.

Issue Description

1. Cause

Due to an implementation error in certain versions of nCipher's HSM firmware, certain carefully constructed sequences of commands can yield access to secrets stored in the module's run-time memory. These secrets include infrastructure keys used for nCipher's Security World key management framework as well as application keys.

Not all versions of nCipher's HSM firmware implement all the commands which are needed to exploit this vulnerability. Several necessary commands were originally made available on nCipher's `nForce' series of key-management HSMs, but were later bundled only with the CodeSafe (SEE) capability of the `nShield' series of HSMs.

2. Impact

An attacker who can issue commands to the HSM, and is fully aware of the nature of the vulnerability, can acquire important secrets including the values of application keys.

Typically, on a host-connected HSM, this would include any attacker who can run programs on the host either because they are an authorised user, or because they have successfully attacked the underlying host operating system or an exposed network application.

3. Who Is Affected

Summary table - PCI and SCSI HSMs:

Firmware version	Hardware version	Product	Status
any	any	any AO[1]	Not Relevant
any	nCxxx1x (1st gen)	any KM	Not Vulnerable
1.66.x or earlier	nCxxx2x (2nd gen)	any KM	Not Vulnerable
1.67.x - 1.99.x	nCxxx2x (2nd gen)	any KM	Vulnerable
2.0.0 or later	nCxxx2x (2nd gen)	any KM	See subsection 5
2.0.x - 2.11.x	nCxxx2x (3rd gen)	any KM	Not Vulnerable
2.12.0 or later	nCxxx2x (3rd gen)	any KM	See subsection 5

Summary table - network-attached HSMs:

Image version	Hardware version and product	Status
2.0.x or earlier	any ethernet-attached HSM	Contact nCipher Support
2.1.x or later	any ethernet-attached HSM	Not Vulnerable

You are *not* affected if:
- You are using acceleration-only nCipher modules (ie, modules without key storage facilities) [1]; or
- You are using first-generation nCipher modules, hardware model numbers nCxxx1S and nCxxx1P;
- You are using very old firmware (versions prior to 1.67.0);
- You are using third-generation nCipher modules (hardware model numbers nCxxx3S and nCxxx3P) with firmware 2.11.x or earlier.
- You have installed firmware introduced by nCipher to address this vulnerability (see `Remedy', below, for version numbers).

You *are* affected if:
- You have any second-generation module (nCxxx2W or nCxxx2P) with firmware later than or equal to version 1.67.0 and earlier than 2.0.0; or
- You have a second-generation module (nCxxx2W or nCxxx2P) with firmware 2.0.0 or later, and GeneralSEE is or could be enabled.
- You have a third-generation modules (nCxxx3S and nCxxx3P) with firmware 2.12.0 or later and GeneralSEE is or could be enabled. See subsection 5 below regarding the interaction of this vulnerability with the GeneralSEE feature set in firmware versions 2.0.0/2.12.0 and later.

You are not presently affected, but we recommend that you upgrade, if:

- You are using a module, with firmware 2.0.0 or later (nCxxx2x), or 2.12.0 or later (nCxxx3x), and which has never had GeneralSEE enabled via an nCipher Feature Enable certificate.

[1] nFast 800, and previous nFast products which provide only acceleration (`AO modules') and do not support key management are NOT affected. (Note that the name `nFast' has been used in the past to refer to key management products.) Only modules capable of key management (`KM modules') are affected.

4. How To Tell If You Are Affected

PCI and SCSI HSMs:

Ensure all modules are in operational mode. Run the enquiry program (C:nfastbinenquiry, or /opt/nfast/bin/enquiry) and examine the output. For each module, make the following checks:

1. Ensure the `mode' field reads `operational'. If you are unsure how to place a module into Operational mode, contact nCipher Support.

2. Examine the `version' field, which will be of the form A.B.C, where A, B and C are numbers. If the A field is 1, and the B field is a number less than or equal to 66, that module is *NOT* affected.

3. Refer to the table in subsection 3, `Who Is Affected', above.

Network-attached HSMs:

Look at the LCD screen, which should be at the front page displaying `Operational mode' and `Image version: A.B.C' where A, B and C are numbers. If it displays something different, contact nCipher Support.

If the image version is 2.1.x or later (A is 3 or more, or A is
equal to 2 and B is 1 or more), the module is *NOT* affected.

If the image version is 2.0.x or earler (A is 1 or less, or A is
equal to 2 and B is 0), the module may be affected depending on other details of the installation - contact nCipher Support.

5. nShield firmware later than 2.0.0/2.12.0, and GeneralSEE

Recommendation for versions with Status listed as `See subsection 5':

nCipher strongly recommends upgrades for nShield modules in the following regions: European Union, Australia, Canada, Czech Republic, Hungary, Japan, New Zealand, Norway, Poland, Switzerland, United States.

nCipher strongly recommends upgrades for any other modules which have had or may have the GeneralSEE feature set enabled.

nCipher advises precautionary upgrades for all modules with firmware versions listed as `See subsection 5' in the table, above.

Discussion:

From version 2.0.0 (2nd-generation nCipher modules, nCxxx2x) or 2.12.0 (3rd generation, nCxxx3x), certain commands necessary to exploit the vulnerability were unbundled from nForce modules, and instead bundled with the CodeSafe (SEE) capability of nShield HSMs. In these later versions the vulnerability is present if the GeneralSEE feature set has been enabled.

I.e., if the Status from the table in subsection 3, above, is `See subsection 5', then your HSM is vulnerable if it has had the GeneralSEE feature set enabled, as - in those firmware versions - vulnerable commands were bundled with GeneralSEE.

GeneralSEE *is* authorised for your module if you have a Feature Enable smartcard from nCipher with the words `SEE Activation (EU+10)' printed under the `Features Enabled' heading.

It is possible to determine from the enquiry results whether this feature set is currently installed in your HSM: check the `features enabled' field in the enquiry output. If this field contains `GeneralSEE' anywhere in the list, the module *is* affected. If (for a relevant firmware version) the `features enabled' field does not appear, or contains numeric flag values, contact nCipher support for assistance.

However, it may be the case that GeneralSEE was authorised by nCipher but has not been installed in your module. In this case the attacker could enable the features first, using the nCipher Feature Enable Certificate, before carrying out the attack. Even if the Feature Enable Certificate was supplied by nCipher on a Feature Enable Smartcard, an attacker who obtains the card or a copy of its contents could install the feature set without physical access to the HSM and without interrupting operation.

GeneralSEE is not made available for use except in a limited list of countries, for export control reasons. The HSM destination regions for which it may have been enabled are those listed in the Recommendation above. Likewise, the GeneralSEE feature set is rarely sold by nCipher for use on PayShield and nForce modules. It is routinely offered for use with nShield modules.

Therefore, all nShield users in the regions listed should upgrade the firmware. Any HSM which has had GeneralSEE made available must be upgraded.

Other users are advised to upgrade the firmware as a precautionary measure, even if the GeneralSEE flag is not currently set in their HSM and it is believed that the feature set has not been requested from or supplied by nCipher.

Remedy

The only effective remedy for a vulnerable module is to upgrade the firmware to a version which contains a fix for the bug. A choice of upgrade versions is available, as follows:

Vulnerable firmware versions	Fixed firmware version(s)
1.71.11, 1.71.15, 1.71.90	1.71.91
1.75.15, 1.77.9, 1.77.93, 1.77.97	1.77.98
1.79.12, 1.79.80, 1.79.81, 2.0.0 to 2.0.4	2.0.5
2.12.0, 2.12.2	2.12.6 (nCxxx2x modules) 2.12.8 (nCxxx3x modules)

Note that the upgrade files are configured so that once a module hasbeen upgraded to a fixed version, it cannot be reverted to older vulnerable versions. Upgrading therefore permanently fixes the vulnerability.

Each new version is functionally equivalent to its immediately preceding version (e.g. 1.77.98 is equivalent to 1.77.97), and contains only the required fixes for this vulnerability.

After the firmware is upgraded, the HSM will need to be reindoctrinated into the appropriate Security World using the Security World Administrator Cards. The firmware upgrade and world programming can be performed using any host platform. Full details regarding upgrading firmware and programming modules is in the user documentation.

Software Distribution and References

You can obtain copies of this advisory, and supporting documentation, from the nCipher updates site:

http://www.ncipher.com/support/advisories/

This advisory will be released publicly (via Bugtraq, the nCipher website, and elsewhere) two weeks after nCipher customers have received it. This is to allow time for these customers to update their module firmware before the vulnerability is public knowledge.

We regret that due to export control regulations, we are unable to make the firmware updates themselves available on the web site. Contact nCipher Support for details on obtaining the updated firmware.

nCipher Support

nCipher customers who require updated software, support or further information regarding this problem should contact support@ncipher.com.

nCipher support can also be reached by telephone:

Customers in the USA or Canada:             +1 781 994 4008       
Customers in all other countries:             +44 1223 723666       

Further Information

General information about nCipher products:

http://www.ncipher.com/

nCipher Developer's Guide and nCipher Developer's Reference

http://www.ncipher.com/documentation.html

If you would like to receive future security advisories from nCipher, please subscribe to the low volume nCipher security announce mailing list. To do this, send a mail with the single word `subscribe' in the message body to:

security-announce-request@ncipher.com

© nCipher Corporation Ltd. 2004

All trademarks acknowledged.

$Id: advisory9.txt,v 1.17 2004/01/30 16:16:30 iwj Exp $