Cavium (被 Marvell 併購) 在 Snowden leak 中被列為 SIGINT "enabled" vendor

標題可能會有點難懂,比較簡單的意思就是在 Snowden 當年 (2013) 洩漏的資料裡面發現了不太妙的東西,發現 Cavium (現在的 Marvell) 的 CPU 有可能被埋入後門,而他們家的產品被一堆廠商提供的「資安產品」使用。

出自 X (Twitter) 上面提到的:

這段出可以從 2022 年的「Communication in a world of pervasive surveillance」這份文件裡面找到,就在他寫的 page 71 (PDF 的 page 90) 的 note 21:

While working on documents in the Snowden archive the thesis author learned that an American fabless semiconductor CPU vendor named Cavium is listed as a successful SIGINT "enabled" CPU vendor. By chance this was the same CPU present in the thesis author’s Internet router (UniFi USG3). The entire Snowden archive should be open for academic researchers to better understand more of the history of such behavior.

Ubiquiti 直接中槍...

而另一方面,在 Hacker News 上的討論「Snowden leak: Cavium networking hardware may contain NSA backdoor (twitter.com/matthew_d_green)」就讓人頭更痛了,像是當初 Cavium 就有發過新聞稿提到他們是 AWS CloudHSM 的供應商:「Cavium's LiquidSecurity® HSM Enables Hybrid Cloud Users to Synchronize Keys Between AWS CloudHSM and Private Clouds」。

而使用者也確認有從 log 裡面看到看到 Cavium 的記錄:

Ayup. We use AWS CloudHSM to hold our private signing keys for deploying field upgrades to our hardware. And when we break the CI scripts I see Cavium in the AWS logs.

Now I gotta take this to our security team and figure out what to do.

居然是 CloudHSM 這種在架構上幾乎是放在 root of trust 上的東西...

AWS CloudHSM 支援 FIPS 140-2 Level 3 了

AWS CloudHSM 推出了一些新功能:「AWS CloudHSM Update – Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads」。

其中比較特別的是從以前只支援 Level 2 變成支援 Level 3 了:

More Secure – CloudHSM Classic (the original model) supports the generation and use of keys that comply with FIPS 140-2 Level 2. We’re stepping that up a notch today with support for FIPS 140-2 Level 3, with security mechanisms that are designed to detect and respond to physical attempts to access or modify the HSM.

在維基百科裡面有提到 Level 2 與 Level 3 的要求:

Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.

In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper-detection/response circuitry that zeroes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.

主動式偵測以及銷毀算是 Level 3 比 Level 2 安全的地方。

另外就是計價方式的修正,先前有一筆固定的費用,現在變成完全照小時計費了:

Pay As You Go – CloudHSM is now offered under a pay-as-you-go model that is simpler and more cost-effective, with no up-front fees.

Amazon EC2 預定要推出的 Dedicated Hosts

Amazon EC2 愈定要推出新的購買方案:「Coming Soon – EC2 Dedicated Hosts」。

Dedicated Hosts 的租用是以整台主機為單位,以確保整台實體機器不會有其他人使用,對安全性的要求會比較好。這邊拿 c3.xlarge 來舉例,一次就是八台的費用:(這邊「八台」的數字是未定的,真正的數字要等正式公告上線後才知道)

Each host has room for a predefined number of instances of a particular type. For example, a specific host could have room for eight c3.xlarge instances (this is a number that I made up for this post). After you allocate the host, you can then launch up to eight c3.xlarge instances on it.

會有這樣的需求主要還是因為有些軟體還沒有適當的 cloud-based licensing (授權方式),當 BYOL 時 (Bring Your Own License),會需要能夠對實體機器有更多控制權:

We want to make sure that you can continue to derive value from these licenses after you migrate to AWS. In general, we call this model Bring Your Own License, or BYOL. In order to do this while adhering to the terms of the license, you are going to need to control the mapping of the EC2 instances to the underlying, physical servers.

另外這對於安全性理由也多了個解決方案,像是需要實體分離避開各種 side-channel attack。不過 AWS 之前就有提供其他的方法。

對於軟體有支援 CloudHSM 的,可以考慮直接使用這個解決方案,private key 直接放在 HSM 上,而且 AWS 有符合常見的安全標準。

而另外對於有跟美國政府簽約的數據需求,可以用 AWS GovCloud (US),讓一般人根本接觸不到。

對於一般單位的需求,也可以用 Dedicated Instances 來確保實體機器上只有單一客戶,而這也能買 Reserved Instances 確保使用權,以及對應的折扣。

所以這次 Dedicated Hosts 比較像是商業授權上的需求而產生出來的解決方案,而不是安全性需求...

AWS 的 CloudHSM...

AWS 推出 CloudHSM 服務:「AWS CloudHSM - Secure Key Storage and Cryptographic Operations」。

不便宜,看起來是為了需要 NIST FIPS 140-2 需求而設的吧?跑的是 Luna SA - Ethernet-Attached HSM,可以達到 Level 3 的安全性...

然後遇到安全性時的老問題,要怎麼 audit:


感覺上是個口水戰,來拉板凳... XD