security_audits.htm
13.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
<html xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 9">
<meta name=Originator content="Microsoft Word 9">
<link rel=File-List href="./security_audits_files/filelist.xml">
<title>security audits:</title>
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Author>pramila</o:Author>
<o:Template>Normal</o:Template>
<o:LastAuthor>pramila</o:LastAuthor>
<o:Revision>12</o:Revision>
<o:TotalTime>102</o:TotalTime>
<o:Created>2003-09-09T18:59:00Z</o:Created>
<o:LastSaved>2003-09-16T17:36:00Z</o:LastSaved>
<o:Pages>2</o:Pages>
<o:Words>488</o:Words>
<o:Characters>2785</o:Characters>
<o:Company>RouteFree</o:Company>
<o:Lines>23</o:Lines>
<o:Paragraphs>5</o:Paragraphs>
<o:CharactersWithSpaces>3420</o:CharactersWithSpaces>
<o:Version>9.2720</o:Version>
</o:DocumentProperties>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
h1
{mso-style-next:Normal;
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:1;
font-size:16.0pt;
font-family:Arial;
mso-font-kerning:16.0pt;}
h2
{mso-style-next:Normal;
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:2;
font-size:14.0pt;
font-family:Arial;
font-style:italic;}
h3
{mso-style-next:Normal;
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:3;
font-size:13.0pt;
font-family:Arial;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:179970562;
mso-list-type:hybrid;
mso-list-template-ids:-1380527316 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1
{mso-list-id:580067986;
mso-list-type:hybrid;
mso-list-template-ids:-647873080 67698689 67698691 67698689 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2
{mso-list-id:773676101;
mso-list-type:hybrid;
mso-list-template-ids:-152131510 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3
{mso-list-id:1018316231;
mso-list-type:hybrid;
mso-list-template-ids:1577100396 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4
{mso-list-id:1102920221;
mso-list-type:hybrid;
mso-list-template-ids:-481518230 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l5
{mso-list-id:1985233277;
mso-list-type:hybrid;
mso-list-template-ids:877282892 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
</head>
<body lang=EN-US style='tab-interval:.5in'>
<div class=Section1>
<h1>Security Audits</h1>
<p class=MsoNormal>Here is a collection of checklist items to check for
security on the SK and related data, and in future, viewer app and any other BB
apps excluding games.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<h2>SK level checks</h2>
<p class=MsoNormal>Some are sanity checks of player code in libcrypto and
others are data checks from the server.</p>
<p class=MsoNormal>Given the source code on the player and few instances of
server generated certs, tickets (sysapp and general game) and virage data on
players:</p>
<p class=MsoNormal>A list of things to sanity check from a security
perspective:</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<h3>Virage Data Checks</h3>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list .5in'>now we
are using the server generated extra randoms for RNG, so need to compare
on a few BBs that they actually</li>
</ul>
<p class=MsoNormal>look different and random.</p>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list .5in'>same
for key list key: need to visually inspect and check that they are
actually different and random</li>
<li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list .5in'>bbid,
pvt key, hash and boot app key are already tested, just need to inspect
that random values look random across BBs</li>
<li class=MsoNormal style='mso-list:l0 level1 lfo3;tab-stops:list .5in'>check
the code if patch is removed and jtagenable is correct.</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<h3>Manufacturing server checks</h3>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l5 level1 lfo7;tab-stops:list .5in'>all
PKI key card distribution is resolved and distributed to the appropriate
persons/places.</li>
<li class=MsoNormal style='mso-list:l5 level1 lfo7;tab-stops:list .5in'>check
key generation source in the server has the key validation turned on and
propogates the error all the way.</li>
<li class=MsoNormal style='mso-list:l5 level1 lfo7;tab-stops:list .5in'>check
signature on the cert. (the chain was already verified). check the strings
match the correct types.</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<h3>Player Source Audits</h3>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l2 level1 lfo10;tab-stops:list .5in'>do a
quick pass through known security hacks and see if everything is turned on
correctly in libcrypto:</li>
<ul style='margin-top:0in' type=circle>
<li class=MsoNormal style='mso-list:l2 level2 lfo10;tab-stops:list 1.0in'>MOV
attack, Pollard-Rho all those attacks on curve types are avoided because
we use the ones specified in IEEE 1363 spec.</li>
<li class=MsoNormal style='mso-list:l2 level2 lfo10;tab-stops:list 1.0in'>sign/verify
trivial solutions need to be rejected (implemented)</li>
<li class=MsoNormal style='mso-list:l2 level2 lfo10;tab-stops:list 1.0in'>checking
keys are in 233-bit field. (implemented)</li>
<li class=MsoNormal style='mso-list:l2 level2 lfo10;tab-stops:list 1.0in'>because
we use DH, the public key has to be validated (its a license server
attack to try smaller public keys, but we ignore it since</li>
</ul>
</ul>
<p class=MsoNormal>its per BB attack).</p>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l4 level1 lfo13;tab-stops:list .5in'>General
random inputs through APIs</li>
<li class=MsoNormal style='mso-list:l4 level1 lfo13;tab-stops:list .5in'>RNG
doesnt ever return unless FIPS test pass</li>
<li class=MsoNormal style='mso-list:l4 level1 lfo13;tab-stops:list .5in'>check
that all security errors like cert checks and sign checks are propogated
all the way and end up as errors in the viewer app.</li>
<li class=MsoNormal style='mso-list:l4 level1 lfo13;tab-stops:list .5in'>check
that hardcoded root keys are correct, check that final exponent is 0x1001 </li>
<li class=MsoNormal style='mso-list:l4 level1 lfo13;tab-stops:list .5in'>check
that other common exponents 0x3, 0x11, 0x1001 are all supported.</li>
<li class=MsoNormal style='mso-list:l4 level1 lfo13;tab-stops:list .5in'>key
generation and RSA get tested a lot for correctness</li>
<li class=MsoNormal style='mso-list:l4 level1 lfo13;tab-stops:list .5in'>check
all the hard coded strings for server names</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<h3>Documentation (Can be after release)</h3>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l3 level1 lfo16;tab-stops:list .5in'>Make
note in some server visible document: some restrictions in crypto
implementation in player: </li>
</ul>
<p class=MsoNormal style='margin-left:.25in'>so if someone changes the PKI
vendor we know what we have to support:</p>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l3 level1 lfo16;tab-stops:list .5in'>exponents<span
style="mso-spacerun: yes"> </span>> 32 bits not supported. </li>
<li class=MsoNormal style='mso-list:l3 level1 lfo16;tab-stops:list .5in'>only
2048 and 4096 bit openssl compatible PKI (RSA) supported.</li>
<li class=MsoNormal style='mso-list:l3 level1 lfo16;tab-stops:list .5in'>ECC
key generation: how far it is compatible with standards/other devices.</li>
<li class=MsoNormal style='mso-list:l3 level1 lfo16;tab-stops:list .5in'>CRL:
if one CA is revoked, all CAs have to reissue their RLs.</li>
<li class=MsoNormal style='mso-list:l3 level1 lfo16;tab-stops:list .5in'>make
sure all CRL rules are well stated.</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<h3>Server PKIs</h3>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l1 level1 lfo20;tab-stops:list .5in'>Make
sure all certs are manually inspected:</li>
<ul style='margin-top:0in' type=circle>
<li class=MsoNormal style='mso-list:l1 level2 lfo20;tab-stops:list 1.0in'>That
they carry public keys of right size (2048) and signed appropriately.
Validation not necessary since it is part</li>
</ul>
</ul>
<p class=MsoNormal style='text-indent:.25in'>of player tests. </p>
<ul style='margin-top:0in' type=disc>
<ul style='margin-top:0in' type=circle>
<li class=MsoNormal style='mso-list:l1 level2 lfo20;tab-stops:list 1.0in'>Make
sure the strings are correct and match the player</li>
<li class=MsoNormal style='mso-list:l1 level2 lfo20;tab-stops:list 1.0in'>Ensure
the key card distribution is well documented for content signer and
ticket server heirarchies.</li>
</ul>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<h3>Ticket data security checks</h3>
<ul style='margin-top:0in' type=disc>
<li class=MsoNormal style='mso-list:l1 level1 lfo20;tab-stops:list .5in'>CRL
version numbers are all zero</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo20;tab-stops:list .5in'>content
key is 128 bits</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo20;tab-stops:list .5in'>signature
is 2048 bits</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo20;tab-stops:list .5in'>names
match correct string types</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo20;tab-stops:list .5in'>same for
ticket server, name strings are correct and signature length is correct.</li>
<li class=MsoNormal style='mso-list:l1 level1 lfo20;tab-stops:list .5in'>access
rights are correct for general games and sysapp</li>
</ul>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<h2>Viewer app audits </h2>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal>These audits are for checking carefully for potential buffer
overrun attacks, attacks through file system etc. </p>
<p class=MsoNormal>More ideas later on what to look for.</p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
<p class=MsoNormal><![if !supportEmptyParas]> <![endif]><o:p></o:p></p>
</div>
</body>
</html>