[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Operator cards unexpectedly recoverable

Title: Operator cards unexpectedly recoverable
Released by: nCipher.com
Date: 12th December 2000
Printable version: Click here
SUMMARY

=======



In certain circumstances, the nCipher security world initialization

software enables the Operator Card Set recovery feature, even when the

user requested that recovery be disabled.





BACKGROUND

==========



nCipher's key management modules (nForce/nShield) are generally used

with nCipher's suite of utilities for managing a `security world'.  A

security world is a collection of cryptographic keys, smart cards,

modules and associated data stored on host computers, designed to

prevent unauthorized access to application keys while maintaining

scalability and key availability.



The core security world secrets are protected by Administrator Cards

written by the initialization software and kept safe by the user.



Application keys can either be made available to any nCipher module

appropriately programmed with the user's Administrator Cards or they

can be protected by further smart cards known as Operator Cards.



nCipher offers an `Operator Card Set Recovery' feature that allows

continued key availability even after loss of all the Operator

Card(s).  With Operator Card Set Recovery enabled, an additional copy

of the application key is made, protected by recovery information

stored on the Administrator Cards.





ISSUE DESCRIPTION

=================



1. Cause

--------



The command-line security world initialization program `sw-init'

usually prompts the user whether to enable recovery.  If the user

answers `no' to the prompt, recovery is disabled as requested.

However, the program also supports a command-line option

`--no-recovery' which suppresses the prompt and should disable the

recovery feature.  This option has been found to operate incorrectly

and ENABLES Operator Card Set recovery.



The Install Wizard for nCipher's MSCAPI support software on Windows

2000 offers a check box for controlling the recovery feature, which is

selected (recovery enabled) by default.  However, if the user unsets

the recovery check box, the installer invokes `sw-init' with the

`--no-recovery' option which ENABLES recovery.





2. Impact

---------



An attacker who gains control of sufficient Administrator Cards and

passphrases could gain unauthorized access to application keys.





3. Who May Be Affected

----------------------



This problem affects security worlds where:



* the user intended that Operator Card Set recovery be disabled, if

the world was created using `sw-init --no-recovery' using CD versions

3.62 and earlier;



* the user intended that Operator Card Set recovery be disabled and

which were created using Windows 2000 Install Wizard using CD versions

3.62 and earlier.



The problem does not affect security worlds:



* where users requested that Operator Card Set recovery be enabled:

recovery is enabled as requested;



* created with software from CD versions 3.70 and later;



* generated using the nCipher KeySafe key management tool;



* created with `sw-init' if the user answered `no' to the interactive

question about recovery.





4. How To Tell If You Are Affected

----------------------------------



To determine whether recovery is enabled in your security world, run

the `nfkminfo' command line program (in c:\nfast\bin on Windows or

/opt/nfast/bin on other platforms).  Output containing:

  World

   generation 1

   state      0x70000 Initialised Useable Recovery !ExistingClient

indicates that recovery is enabled.  Output containing:

  World

   generation 1

   state      0x70000 Initialised Useable !Recovery !ExistingClient

indicates that recovery is disabled (note the `!' before `Recovery'

indicating `not').



If you do not have `nfkminfo', contact support@ncipher.com.





REMEDY

======



1. Users who have already created a security world and wish to keep it:

-----------------------------------------------------------------------



For users with a security world created with recovery enabled, but

where they intended recovery to be disabled, nCipher supplies a

utility that will retrospectively disable key recovery.



The program works by erasing the key material on the Administrator

Cards that is used in the recovery process.  After `killrecov' is run

recovery from Operator Card loss is no longer possible, even for

existing application keys, because information from the Administrator

Cards is needed to decrypt the stored recovery copies of the

application keys.



(i) Obtain the appropriate version of the patch kit for your

    operating system from http://active.ncipher.com/updates



(ii) Follow the instructions described in the `killrecov Usage Guide',

    supplied in the patch kit as krecov.pdf and krecov.htm.



2. Users who want to create new security worlds:

------------------------------------------------



If you want to create a new security world with Operator Card Set

recovery disabled, you have four options:



(i) Upgrade to new software



Contact support@ncipher.com to receive the appropriate software

update.



(ii) Patch the current installed software



For users with the defective `sw-init' program, nCipher supplies a

patch program to modify the installed version of `sw-init'.  Obtain

the appropriate patch kit for your operating system from the location

listed below and run the `swinit-rcvfix' program.  This patches your

installed copy of `sw-init' and reports `mistaken recovery bug now

fixed'.



(iii) Using `sw-init', interactively request that recovery be disabled



If you create your security world with the `sw-init' command-line

program without supplying the command-line options to control

recovery, and answer `no' to its question about recovery, recovery

will be disabled correctly in your new security world.



(iv) Use KeySafe



If you use KeySafe, and request that recovery be disabled, recovery

will be disabled correctly in your new security world.





SECURITY USAGE NOTES

====================



We reproduce here some information from the nForce/nShield User Guide,

concerning good security practices:



* The cards in the Administrator Card Set are only used for recovery

operations and adding extra modules to a security world.  At all other

times, these cards should be stored in a safe.



* Never insert a smart card used with nCipher key management into an

untrusted smart card reader.



* Only use the Administrator Card Set in modules connected to trusted

hosts.





SOFTWARE DISTRIBUTION AND REFERENCES

====================================



You can obtain copies of this advisory, patch kits for all nCipher

supported platforms, and supporting documentation, from the nCipher

updates site:



    http://active.ncipher.com/updates



Further information

-------------------



General information about nCipher products:

    http://www.ncipher.com/



nCipher Developer's Guide and nCipher Developer's Reference

    http://www.ncipher.com/documentation.html



nCipher Support

---------------



nCipher customers who require support or further information regarding

this problem should contact support@ncipher.com.







$Id: advisory.txt,v 1.8 2000/11/24 15:40:21 iwj Exp $








(C) 1999-2000 All rights reserved.