OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: nCipher Security Advisory: Operator Cards unexpectedly recoverable
From: nCipher Support (supportNCIPHER.COM)
Date: Tue Dec 12 2000 - 09:06:03 CST


SUMMARY
=======

In certain circumstances, the nCipher security world initialization
software enables the Operator Card Set recovery feature, even when the
user requested that recovery be disabled.

BACKGROUND
==========

nCipher's key management modules (nForce/nShield) are generally used
with nCipher's suite of utilities for managing a `security world'. A
security world is a collection of cryptographic keys, smart cards,
modules and associated data stored on host computers, designed to
prevent unauthorized access to application keys while maintaining
scalability and key availability.

The core security world secrets are protected by Administrator Cards
written by the initialization software and kept safe by the user.

Application keys can either be made available to any nCipher module
appropriately programmed with the user's Administrator Cards or they
can be protected by further smart cards known as Operator Cards.

nCipher offers an `Operator Card Set Recovery' feature that allows
continued key availability even after loss of all the Operator
Card(s). With Operator Card Set Recovery enabled, an additional copy
of the application key is made, protected by recovery information
stored on the Administrator Cards.

ISSUE DESCRIPTION
=================

1. Cause
--------

The command-line security world initialization program `sw-init'
usually prompts the user whether to enable recovery. If the user
answers `no' to the prompt, recovery is disabled as requested.
However, the program also supports a command-line option
`--no-recovery' which suppresses the prompt and should disable the
recovery feature. This option has been found to operate incorrectly
and ENABLES Operator Card Set recovery.

The Install Wizard for nCipher's MSCAPI support software on Windows
2000 offers a check box for controlling the recovery feature, which is
selected (recovery enabled) by default. However, if the user unsets
the recovery check box, the installer invokes `sw-init' with the
`--no-recovery' option which ENABLES recovery.

2. Impact
---------

An attacker who gains control of sufficient Administrator Cards and
passphrases could gain unauthorized access to application keys.

3. Who May Be Affected
----------------------

This problem affects security worlds where:

* the user intended that Operator Card Set recovery be disabled, if
the world was created using `sw-init --no-recovery' using CD versions
3.62 and earlier;

* the user intended that Operator Card Set recovery be disabled and
which were created using Windows 2000 Install Wizard using CD versions
3.62 and earlier.

The problem does not affect security worlds:

* where users requested that Operator Card Set recovery be enabled:
recovery is enabled as requested;

* created with software from CD versions 3.70 and later;

* generated using the nCipher KeySafe key management tool;

* created with `sw-init' if the user answered `no' to the interactive
question about recovery.

4. How To Tell If You Are Affected
----------------------------------

To determine whether recovery is enabled in your security world, run
the `nfkminfo' command line program (in c:\nfast\bin on Windows or
/opt/nfast/bin on other platforms). Output containing:
  World
   generation 1
   state 0x70000 Initialised Useable Recovery !ExistingClient
indicates that recovery is enabled. Output containing:
  World
   generation 1
   state 0x70000 Initialised Useable !Recovery !ExistingClient
indicates that recovery is disabled (note the `!' before `Recovery'
indicating `not').

If you do not have `nfkminfo', contact supportncipher.com.

REMEDY
======

1. Users who have already created a security world and wish to keep it:
-----------------------------------------------------------------------

For users with a security world created with recovery enabled, but
where they intended recovery to be disabled, nCipher supplies a
utility that will retrospectively disable key recovery.

The program works by erasing the key material on the Administrator
Cards that is used in the recovery process. After `killrecov' is run
recovery from Operator Card loss is no longer possible, even for
existing application keys, because information from the Administrator
Cards is needed to decrypt the stored recovery copies of the
application keys.

(i) Obtain the appropriate version of the patch kit for your
    operating system from http://active.ncipher.com/updates

(ii) Follow the instructions described in the `killrecov Usage Guide',
    supplied in the patch kit as krecov.pdf and krecov.htm.

2. Users who want to create new security worlds:
------------------------------------------------

If you want to create a new security world with Operator Card Set
recovery disabled, you have four options:

(i) Upgrade to new software

Contact supportncipher.com to receive the appropriate software
update.

(ii) Patch the current installed software

For users with the defective `sw-init' program, nCipher supplies a
patch program to modify the installed version of `sw-init'. Obtain
the appropriate patch kit for your operating system from the location
listed below and run the `swinit-rcvfix' program. This patches your
installed copy of `sw-init' and reports `mistaken recovery bug now
fixed'.

(iii) Using `sw-init', interactively request that recovery be disabled

If you create your security world with the `sw-init' command-line
program without supplying the command-line options to control
recovery, and answer `no' to its question about recovery, recovery
will be disabled correctly in your new security world.

(iv) Use KeySafe

If you use KeySafe, and request that recovery be disabled, recovery
will be disabled correctly in your new security world.

SECURITY USAGE NOTES
====================

We reproduce here some information from the nForce/nShield User Guide,
concerning good security practices:

* The cards in the Administrator Card Set are only used for recovery
operations and adding extra modules to a security world. At all other
times, these cards should be stored in a safe.

* Never insert a smart card used with nCipher key management into an
untrusted smart card reader.

* Only use the Administrator Card Set in modules connected to trusted
hosts.

SOFTWARE DISTRIBUTION AND REFERENCES
====================================

You can obtain copies of this advisory, patch kits for all nCipher
supported platforms, and supporting documentation, from the nCipher
updates site:

    http://active.ncipher.com/updates

Further information
-------------------

General information about nCipher products:
    http://www.ncipher.com/

nCipher Developer's Guide and nCipher Developer's Reference
    http://www.ncipher.com/documentation.html

nCipher Support
---------------

nCipher customers who require support or further information regarding
this problem should contact supportncipher.com.

$Id: advisory.txt,v 1.8 2000/11/24 15:40:21 iwj Exp $