WIP: expand documents to support playbooks for managing specific digital assets #10
Loading…
Reference in New Issue
No description provided.
Delete Branch "feat/tamper-proofing-chain-of-custody"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
@ -0,0 +4,4 @@* A polaroid of the laptop tamper evidence should be carried on person at all times* A vacuum sealer, and plastic beads will be necessary in order to be able to re-seal the laptop after useplastic beads, beans, confetti, foam pellets, or other similarly loose non-uniform material
Also any time we say something like this, people ask right away for reference hardware they can go buy.
Any time we suggest any items someone has to source, we should include a minimum of two specific reference products that fit the bill.
Linked to the tamper proofing methods docs and added examples of adequate beads and vacuum sealer.
I also consider different sized and colored plastic beads to be superior to all other filler because:
@ -0,0 +8,4 @@* A polaroid and digital camera are also required2. The laptop can be left stored in a hidden location or ideally in a safeHonestly I would recommend keeping it with them as often as possible, or a safe, or worst case put it in the hands of people whose entire career hinges on full time supervised storage like a bag check at a hotel bellhop.
@ -0,0 +16,4 @@5. Unseal the laptop using the [Unsealing Procedure](tamper-evidence-methods.md#procedure)6. Follow the [coin playbook](TODO)coins won't be the only type of ceremony.
I think it will be easiest to have these split into multiple docs, probably a total of 5.
What if it said "Follow a playbook" instead of "coin playbook"?
wip for tamper proofing and chain of custody docsto expand documents to support playbooks for managing specific digital assetsexpand documents to support playbooks for managing specific digital assetsto WIP: expand documents to support playbooks for managing specific digital assets@ -0,0 +1,32 @@# System RolesThere are several roles which are required to properly operate the QKM system. While it is possible to have an individual perform multiple roles, typically they should only perform one role at a time. It is also recommended to have at least 2 individuals, or ideally the full quorum be used to make decisions pertaining to QKM.we can call back to the threat model levels any time we make a recommendation.
E.g. in this case maybe "It is required to have a minimum of 2 individuals for a Level 2 Threat Model or higher."
@ -0,0 +16,4 @@This is done in order to reduce the likelihood that a threat actor is able to plant a compromised computer in a store.2. Within the store, identify available adequate laptops from the list of [tested hardware](#tested-hardware-airgapos-compatibility). Alternatively bring an SD card with AirgapOS, and test booting to it on the device on the store floor before purchasing it.We will have to provide a document detailing step by step how to disable secure boot and test a laptop for compatibility
Is it actually feasible to ask to disable secure boot and attempt to boot an OS from a medium that we're bringing into the store? I feel like that would be met with a lot of resistance.
We've all done it multiple times in the past. Haven't had resistance so far. If needed Distrust can do additional field work to test more models.
@ -0,0 +18,4 @@2. Within the store, identify available adequate laptops from the list of [tested hardware](#tested-hardware-airgapos-compatibility). Alternatively bring an SD card with AirgapOS, and test booting to it on the device on the store floor before purchasing it.3. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location" (TODO define processing location).Bag should be clearly tied and visible by at least 2 members of the procurement group at all times to remove all reasonable doubt of tampering.
I added a
MUSTclause for using a tamper proof, see through sealable bag for this.@ -0,0 +34,4 @@5. Apply a [tamper proofing](./tamper-evidence-methods.md) method to the device depending on the [device designation](TODO)## Tested Hardware (AirgapOS Compatibility)We should probably have a section of Supported Hardware and a guide on how to check compatibility in the AirgapOS repo, then reference that here.
@ -0,0 +18,4 @@2. Within the store, identify available adequate laptops from the list of [tested hardware](#tested-hardware-airgapos-compatibility). Alternatively bring an SD card with AirgapOS, and test booting to it on the device on the store floor before purchasing it.3. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location", which is ideally just a access controlled space. The bag MUST be a sealable see-through tamper evident bag.So we're unboxing the device at this point to place in a tamper evident bag? I'm assuming this isn't a vacuum sealed bag with confetti, but maybe it is? Should we include a better description of the bags to be used, where to procure them?
I'm also generally unclear on why this is necessary. Won't the device be in the custody of at least two people at this point?
Yes this is separate from the more advanced tamper proofing. No need to unbox, it can be left in the box then put into the bag.
The main point of the see-through bag is to make it harder to replace the hardware while traveling from the store to the location where proper tamper proofing will be applied. Usually these sealable bags have a number on them, so that makes it harder to swap them out. You can each also write a note and include it inside of the bag with a random nonce, that only each individual knows.
Imagine traveling from the store back to the office. Ideally both people keep continual eye contact with the laptop, but you may end up in scenarios where you lose line of sight briefly. For example, someone is getting into the car while holding just a laptop in their hand. You are on one side of the car, and they are on the other. If they are wearing a jacket they could slip it into inner jacket pocket and pull out a different one. You can imagine a number of other scenarios like this where a quick slight of hand is enough to swap the laptop or other hardware, especially when it's small.
It may seem unnecessary but it does practically make things a bit easier in the sense that you can look away for 5 seconds, and be able to verify with high degree of certainty that the laptop wasn't replaced - which you can't do if the laptop is just being carried in a hand (whether in a box or not). You may choose to not do this, but we have done this in person, and having the see-through bag does help.
This makes sense. Please include information on where to source these. I imagine they're pretty big, if they can hold an entire boxed laptop.
@ -0,0 +30,4 @@* MicrophoneEach laptop model is laid out slightly differently so use an online reference and/or read the names of the components which are found in the laptop to determine which parts to remove.For the supported models, please provide the online references to be used. If the idea is that we should be able to find any model of laptop and make these adjustments and that online references are easily discoverable, let's provide some examples of that.
Here is an example. I'll add some to docs:
https://h10032.www1.hp.com/ctg/Manual/c07888733.pdf#%5B%7B%22num%22%3A3909%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2Cnull%2C732%2Cnull%5D
@ -0,0 +40,4 @@* Lenovo 14" Flex 5i FHD Touchscreen 2-in-1 Laptop - Intel Core i3-1215U - 8GB Memory - Intel UHD Graphics, SKU: 6571565, ~USD $379.99To ensure that hardware is compatible, it can be tested by bringing an SD card with AirgapOS loaded on it, and testing booting to a floor model in the store.This is redundant.
Redundant relative to what?
Here:
Above:
But my main concern is actually that I don't know how feasible it is to go disable secure boot and attempt to boot a different OS on a device before purchasing it.
I'm going through these docs top-to-bottom. I'll submit reviews in chunks so that you can start addressing comments.
How are we prioritizing and tracking all of the TODO items here? Especially for items like 'select appropriate equipment', 'find adequate vaults', it would be good to prioritize the things that people could start to move on (e.g., ordering equipment) if the information were there.
@ -0,0 +16,4 @@* Warranty: 1 Year* Privacy Screen: Privacy Screen for Librem 14Will the privacy screen make it more difficult to photograph generated QR codes?
Secrets are never displayed on screen so this is a non-issue. We'll remove it.
@ -0,0 +24,4 @@* Modify the laptop as per order specifications, in this case removing radio cards.* Seal the screws on the bottom of the laptop using glitter of chosen colorIn my experience, the glitter on the screws was difficult to verify from photographs. I personally had a reasonable degree of confidence that the glitter matched the photographs, but I was the only one of three of people who was able to say so with any confidence.
Is there something different we can do here? Have you guys inquired whether Purism is able to do the same sort of vacuum sealing with confetti/beads/whatever that is described in these docs around tamper evidence?
Yes the glitter can be a bit tricky to verify. One thing that helps is glitter with larger pieces in it, which are easier to detect. If you use several types of glitter nail polish, layered, it's much easier to detect. Taking closeups also helps a lot..
I have tried to reach out to Purism about vacuum sealing equipment but they have not responded yet - they have been very slow. I will try to follow up.
@ -0,0 +28,4 @@* Take photographs of the inside of the laptop, then of the outside after it's sealed* The photographs will be signed by Purism and encrypted to the PGP key used for communications to protect the integrity of the imagesFor the image signing: is this an established PGP key with a fingerprint published somewhere? Is there some way for all parties to be certain that the signed images are from Purism and that they have not been replaced by images taken by the individual responsible for procuring the laptop(s)?
Good question / comment. There are several ways to do this, but we likely want a central repository where we have a set of signed keys that are designated for different things.
@ -0,0 +32,4 @@* The firmware verification hardware token can be sent to a separate location from the laptop, and will be tamper sealed using tamper proofing tape* TODO: find out if we can have vacuum sealing with filler as a tamper proofing method be provided by PurismCommented above about the same being done for the laptop itself. If you haven't already, please reach out to Purism on this.
@ -0,0 +2,4 @@This device is intended for use in a secure facility such as a [SCIF](TODO) which has the added assurances of protecting the environment from a wide range of side-channel attacks, as well as protection from physical attacks, and more comprehensive tamper proofing controls.The fixed location should include a work-station which makes it easy to perform the [tamper proofing](tamper-evidence-methods.md#tamper-proofing-station) procedure. This station may consist of a simple frame which holds a LED light, for consistent lightning, as well as a camera stand above it which can be used to take pictures. The camera should have an SD card that easily slides out of it so that the device doesn't leave and re-enter the room, only the SD card does.A consolidated list of materials to purchase would be helpful.
I will make the provisioner document be more prescriptive.
@ -0,0 +10,4 @@* Heads firmware protection (TODO link to document which explains how to set up Purism)* Glitter to prevent physical access to hardware (TODO link to how to properly use glitter for tamper proofing)See previous comments about glitter. This has not provided adequate confidence in the past.
@ -0,0 +24,4 @@2. Print photographs of tamper proofing of the laptop which will be used for the ceremony* Both photos of vacuum sealed bar with filler and glitter on the bottom screws of laptop are required"vacuum sealed bar"? Should this be "vacuum sealed bag"?
@ -0,0 +28,4 @@- [ ] TODO how is hardware token stored (for pureboot/heads)3. Make an entry into the access log, specifying the:How is the access log implemented?
@ -0,0 +58,4 @@{{ #include tamper-evidence-methods.md:vsbwf-procedure-sealing}}2. Remove the SD card from the camera and use chain of custody principles to ensure the integrity of the dataI believe this doesn't affect the rendered output, but the numbering is off here.
@ -1,19 +1,19 @@# IntroductionQuorum Key Management (QKM) is an open source system of playbooks andQuorum Vaulting System (QVM) is an open source system of playbooks andShould be
(QVS).@ -0,0 +16,4 @@* Ensure both primary operators have their [Operator Keys](../../../../../../glossary.md#operator-key)* An additional operator is necessary for fetching and providing the transaction data and the latest SOL `blockhash` from a online computer and transmitting using an SD card to the 2 primary operators conducting the main ceremonyI've read through this a few times and I'm unsure what the third operator is doing. Are they simply the person walking MicroSD cards between online and offline machines?
Let's name which operator is performing each step.
The third operator was removed, so that will simplify things. It's either one of the two operators that can perform an action, and the other offers support and acts as a witness.
@ -0,0 +22,4 @@* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keysLet's add a
TODOhere. No instructions on how to do that.@ -0,0 +48,4 @@* 1 SD card with AirgapOS* Digital camera (TODO selection)Seems like we also need a Polaroid camera and film?
@ -0,0 +68,4 @@{{ #include ../../../../../../secure-boot-sequence.md:content}}0. Load well known PGP keys of proposer and approver, and sign them using operator keys (NOT IMPLEMENTED)Let's add a
TODOhere.Also, for all these steps, which operator is performing them? Which machine is used?
@ -0,0 +82,4 @@6. Tap the key7. Run `keyforkIncomplete command.
This has been fixed.
@ -0,0 +94,4 @@2. Get transaction request(s)* TODO define means (could just be email?)Where does this transaction request get saved? Presumably
icepick workflow sol-get-blockhash-and-broadcastwill expect a well-known location?@ryan can you help here please?
At this point in time, I do not have this fleshed out. My original assumption would be that the information would need to be transferred to the offline machine by-hand, transcribed from pen and paper, but that was unnecessarily complicated.
I believe the data is going to exist as a detached-signed JSON file on an SD card. It should only require plugging in the SD card.
@ -0,0 +96,4 @@* TODO define means (could just be email?)3. Run `icepick workflow sol-get-blockhash-and-broadcast` commandAdd a
TODOhere. I don't see this command implemented inicepick. Will this be an implementation of this logic?This command was updated and it is implemented now.
@ -0,0 +98,4 @@3. Run `icepick workflow sol-get-blockhash-and-broadcast` command* Wait for prompt and plug in fresh SD cardWe have four MicroSD cards in this process. We should have these be marked/labeled and refer to them by their label so we know which one we're talking about in any moment.
Lance had the same comment. I'll update the docs with instructions on labeling and naming SD cards
@ -0,0 +114,4 @@* Wait for SD card prompt and plug in SD card with signed transaction payload2. Wait for the screen to display the transaction information. (NOT IMPLEMENTED)Let's add a
TODOhere.@ -0,0 +120,4 @@* The transaction is constructed* Signatures of tx data are verified against well known keys which were loaded by operators into local GPG keychain and signed by operators (NOT IMPLEMENTED)Let's add a
TODOhere.@ -0,0 +134,4 @@* The still running process from running the command to create the transaction in [Obtain Transaction Request](#obtain-transaction-request) will broadcast the transaction automatically* Await the "completed" messageWhat does this message look like? Is it literally just "completed"?
@ryan can you please share what the message will be?
As we've discussed in the meeting, the message will likely be something along the lines of the Solana blockchain explorer URL to confirm the transaction has been accepted into the cluster. It will look like what I've been posting in my Solana tracker issue.
Because this is broadcast on an online machine, we will assume users will be able to shift-click the link to open in browser and confirm the transaction has posted. It would likely look like what I have below, though the wording may change as time goes on.
@ -0,0 +145,4 @@#### Sealing{{ #include ../../../../../../tamper-evidence-methods.md:vsbwf-procedure-sealing}}Great comments.
For these following points, I'll move them to the provisioner doc and add clarifications. They should be prepared ahead of time by the provisioner:
The points below make me think we should have a paper shredder in the facility. Most of the waste will not have particularly sensitive material, but it would help reduce the amount of information coming out of the facility if we use a level p7 shredder which we can use to dispose of material.
@ -0,0 +34,4 @@* Colored beads* 4 SD cards (2 fresh, formatted as ext4, and 2 cards with prepared data)Are we bringing these MicroSD cards to the location each time? Are they staying on location? The same should be specified for all materials. Which stay in the facility and which are brought in for an operation?
We want all materials to be at the location so that the operator just shows up and can focus on following the ceremony steps. I will move the "requirements" section into the "provisioner" document, making it the provisioner's responsibility to ensure that the location has everything required to carry out ceremonies. The operator's responsibility is to follow the ceremony doc, and if something from the equipment is missing they file an incident report.
Of course, the operator keys and photographs of digital evidence that are printed will have to be brought in by operators
It looks like this has been fast-forward merged into
main?I've gone ahead and added the items we've discussed above as
TODOs so they don't get lost. I'll push that here.7cc0a996aeto8ab0603e818ab0603e81to5c4a29c5675c4a29c567to5bae471906Thanks, I was just about to do that.
Pull request closed