ICMC19: KMIP vs PKCS#11: There is no Contest!

Tony Cox, VP Partners, Alliances and Standards, OASIS, Australia

Tony got a question in ICMC 2018 about "which of these two standards will win?" - the answer is BOTH.

The two standards have different scopes and areas of being useful, but both are standards based and should mean that they are vendor independent. Both standards have informative and normative documents updated by the technical committees.

Tony gave a good overview of the specifications, including goals and documents, explaining it all - like what are profiles and what do they mean? Profiles help prove interoperability and do some baseline testing.

KMIP 2.0 is full of loads of new features - hashed passwords, OTP, delegated login, Re-Encrypt (looking forward to post quantum crypto) and PKSC#11 operation... In addition to new features, lots of improvements as well.

PKCS#11 3.0 - out for public review any day now... also has loads of new things! New algorithms, support for Login of a user and AEAD, better functionality support for interaction with KMIP (Like Unique Identifiers). This started from V2.40 errata 1.

Key Manager uses KMIP and HSMs leverage PKCS#11... they work together. Key Manager is higher volume key management, key sharing. An HSM wants to keep the keys locked in.

PKCS#11 over KMIP is essentially giving a standardized way to do PKSC#11 over a network.

The two standards are quite complementary and have many of the same individuals or companies working on both. In the end, by following the standards we are giving the market freedom of choice.

2017: Year in Review

What a year! I can't even begin to remember everything that happened, but here are some highlights and lowlights.

Highlights 

• After 20 years, I left Sun/Oracle and joined Intel as a Director of Software Engineering of Security Solutions Enablement for Data Center.  A long title that means my team works on security related projects, like Open Security Controller, that enable security on the Data Center. 
• I worked at Intel 21 years before, as an intern in their Folsom Engineering Services group (as an admin for Win 3.1, WinNT, Win95, AIX, Irix, SunOS and Solaris).  It was oddly like like putting on a comfortable pair of shoes coming back, but at the same time a very different company. A much faster moving place, a more inclusive place and more inventive place.
• My team has released two versions of Open Security Controller (0.6 and 0.8) this year! (like I said, fast moving!)
• I was appointed to the City of Mountain View's Bicycle/Pedestrian Advisory Committee, where I get to advise the City Council on such things like: transit projects, walk-ability of new building projects, how to improve dangerous and deadly intersections, and where to spend budget to improve biking and walking.  It's pretty fun! The committee definitely has diverse opinions and I have found the last twelve months on the committee to be quite a learning experience.
• I demonstrated, with my Oracle team, PKCS#11 and KMIP on Solaris at the RSA Conference Expo in San Francisco in February 2017.
• I read 24 books, covering 7,937 pages.
• I recorded the narration for 8 audio books for Learning Ally. These books are for the blind and others with reading disabilities.
• I did a police ride-a-long with the Mountain View Police Department! I was amazed at the officers compassion, how well they treated the citizens and how they were quick to de-escalate a situation.  I watched an officer arrest a man who had been drinking "since the early morning" and then brandished a knife at another man at Walmart. The man was belligerent when first approached, yelling and gesticulating.  The officer used calm tones, did a quick and calm search, secured the gentleman and proceeded with his investigation. I watched a situation go from tense to calm in a heartbeat. Yes, I used the word calm repeatedly - but that is the best way to describe what the officer did.
• I was on the Crypto Review Board for BlackHat USA, and got to attend!!
• Additionally, I was on the program review boards for International Cryptographic Module Conference (ICMC) and GreHack!
• I presented on PKCS#11 version 3.0 at ICMC.
• I became secretary of the PKCS#11 technical committee, a role change from co-chair.
• I reviewed scholarship applications for Learning Ally Scholars - every one of the students was incredible!
• My husband and I celebrated 10 years of marriage in Sausalito, CA.
• I saw all of my siblings and my parents this year! Most more than once! I didn't see enough of my nieces and nephews, though...  
• I did a few more Murder Mysteries, did photography for a couple of shows, and sang with the Lyric Victorian Carolers.
• Overall, I volunteered more than 179 hours.
• I went skiing!
• I stayed alive!

Lowlights

• I lost my uncle, Dan Bubb, my Dad's brother, to pneumonia.
• My dear friend Elisa was diagnosed with breast cancer in October and Comcast let her husband go from his job (along with the rest of his division) in December - just before Christmas.  Her battle continues, please consider donating.
• I suffered a major health crisis myself - on my first day of work at Intel, where I learned another highlight: Intel is a compassionate company, they were there when I needed them and helped me to get back on my feet and hit the ground running in my new role!  And, I didn't die :)

Any lowlights or highlights for you?

Here's to 2018!

OASIS PKCS11 TC Published PKCS#11 2.40 Errata 01 and Header Files!

After we released PKCS#11 2.40, the PKCS11 Technical Committee and our public reviewers found some issues. I'm proud of the work the technical committee did with the public to create  Errata documents for PKCS#11 2.40.

These documents, where created, supersede PKCS#11 v2.40. That is,  if there is an updated constant identifier in the Errata, that should be considered correct.  The PKCS#11 2.40 Usage Guide remains the most up to date, and it is a committee note (not a standard).

In addition to the updated errata documents, we are excited to launch our first official set of header files since moving under the OASIS banner (aka "normative computer language definition files"): pkcs11.h, pkcs11f.h, and pkcs11t.h.

The PKCS11 TC has published Approved Errata for PKCS #11 V2.40. See the announcement at https://www.oasis-open.org/news/announcements/pkcs-11-v2-40-approved-erratas-published-by-pkcs-11-tc or use the links below.

• PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Errata 01
  http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os.html
• PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01
  OASIS Standard Incorporating Approved Errata 01
  http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html
• Normative computer language definition files
  http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/

• PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Errata 01
  http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os.html
• PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Plus Errata 01
  OASIS Standard Incorporating Approved Errata 01
  http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html

• PKCS #11 Cryptographic Token Interface Historical Mechanisms Specification Version 2.40 Errata 01
  http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/errata01/os/pkcs11-hist-v2.40-errata01-os.html
• PKCS #11 Cryptographic Token Interface Historical Mechanisms Specification Version 2.40 Plus Errata 01
  OASIS Standard Incorporating Approved Errata 01
  http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/errata01/os/pkcs11-hist-v2.40-errata01-os-complete.html

2015 Wrap Up

Inspired by Cate Huston and @femengineer - instead of focusing on what I didn't finish in 2015 that I had wanted to, I'm going to do a wrap up of what I did accomplish. This is by no means complete, but this is a great time of year for introspection.

For work:

• Increased my team's size and the scope of the work we're doing, though the work still seems to add up faster than I can grow the team.
• People on my team have taken over leading areas, so I can do other things. This is good - they are smarter than I am, and they will make sure the right thing happens at the right time.
• Dusted off my C coding skills and learned the new processes for: using virtual test boxes in our internal cloud, building the gate with the new "lullaby" process, and all the new rules for testing, code review, etc.  I integrated two changesets - one was minor - a few lines.  The other was over 5000 lines  - mostly removal. 
• I've learned: 
• My team will 100% criticize my code, it doesn't matter that I'm their manager.  And they were right, despite the fear and anger from some other senior engineers.
• Coding while managing a large team meant lots of nights and weekends.
• Senior engineers do NOT like to see managers integrate code. They told me so.  But, some of us still do little things.  Then again, we don't usually have time and our team will do it better.
• Crypto Week 2015! I organized an internal crypto themed conference for about 60 people, including folks from our partner companies. This is where we do our big planning and discussions.
• Continued to co-chair the PKCS#11 Technical Committee, which is fun and also a lot of work.
• Spoke at the International Cryptographic Module Conference and the Grace Hopper Celebration of Women in Computing. 
• Co-chaired the Grace Hopper Communities Committee, with more than 100 volunteers writing blogs, video blogging, note taking, speed mentoring, and leading lunch time table topics.  The conference had 12,000 attendees. We started working on this last spring for an October conference.  It was madness, amazing, inspiring and exhausting.
• Led Oracle's participation in the OASIS PKCS#11 Interop booth for RSA. Tons of fun meeting real customers face to face!
• Attended my first BlackHat. This was weird, because I attended 10 or so DefCons (starting with DefCon 2), but only possible thanks to my friend Runa, who gave me a pass :-) 
• Started leading another FIPS 140-2 validation for Solaris 11.3, because I am a glutton for punishment - but also because I think there is merit in these validations. Our algorithms will be better for it.

Personal:

• Built a gorgeous, drought tolerant, demonstration garden with my husband in our front yard. Our grass is gone. In one bed, we have California poppies (which have now spread EVERYWHERE) and a city tree (Chinese Pistache). The next, roses that did beautifully in the hot, dry summer. The next: peppers (bell, jalapeno, serano, pepperocini, poblano, banana, etc etc), tomatoes, herbs and squash. In the arbor we have roses, daisies, and other plants. In pots, we have things like "hot lips" that the hummingbirds LOVE.  Strange old ladies would walk the path in our yard and bring their tripod and take pictures. Pretty cool - and VERY low maintenance.
• Failed to take pictures, but did do a video... but need to post it. :-)
• Went home and took care of my parents when my dad had unexpected urgent surgery. My mom is disabled, so we needed all hands on deck. They are both, thankfully, doing well now.
• Read 29 books. Goodreads thinks I read 30, but one book is on there twice.
• Narrated 5 novels for Learning Ally, for people with dyslexia, blindness or other reading disorders.  That's over 45 hours of final recorded material.  Many more hours in the studio.  They are awesome - please give them money.
• Did a dream vacation with my husband and two friends from NYC to Italy! We visited Serrento, Rome and Florence. We took day trips to the Amalfi Coast, Mount Vesuvius, Pompeii, Lucca, Pisa and a Tuscan villa to learn how to make amazing pizza.  At the end, we stopped by England to see husband's family and friends.  We flew first class on air miles.  We used VRBO and saved a ton of money on lodging, had kitchens and washing machines!
• Hot tip: You need to book first class trips about 10 months in advance, to take advantage of "super saver" rates and must be flexible on dates. We were a little late (only about 8 months out) so we had to pick weird dates/times, and could not get direct home.  We also had to pay tax, which was about as much as buying economy tickets. But, first class was amazing on British Airways' A380. Not so much on the smaller plane back to Philly. 
• Found out my cat has allergies like me. She now takes the same allergy pill I do, but in half the dose. Well, sometimes she takes it. Other times, it's found hours later somewhere else in the house.  Sometimes we crush it into her food. Sometimes she falls for it. She's 14 and climbing all over my desk now as I write this.
• I had a few odd health issues this year, that meant I lost use of one hand for nearly 3 months.  That sucked. No, not RSI. No, I did not crash my bike. Yes, I am doing better. I had to use voice recognition software. It was awful. The worst. It believed I had a thick East Asian accent, and could not be convinced otherwise. Customer support was the worst.  This is the "best" software on the market. HATED IT. 
• But, it helped me to prioritize and focus.  Sorry if your email wasn't answered, but I get hundreds a day and I just couldn't get to them all.
• I lost friends, due to reasons. I found new ones, or good old ones. This is sad and awesome.  Support came from unexpected places, and I am so incredibly thankful for every one of you that called, texted, and hung out.  My anxiety levels have gone down. I no longer have to do everything for another person, just right, for fear of being ostracized. My husband was amazing, as always.  I am not perfect, and thank you to those that understand. I know you aren't either, and I like you that way.
• I managed to ride my bike 65 miles in the Marin Century in August! I want to do it again!
• I raised nearly $1600 in one week for the Valley Fire Victims as a part of the Levi's Grand Fondo. I couldn't do that hard ride, so I served free beer to thousands of thirsty cyclists.
• I was appointed as the official alternate for the Mountain View Bicycle/Pedestrian Advisory Committee - if a vacancy occurs before the next major recruitment process.  I attend nearly every meeting, and I'm getting positive changes done for bicyclists and walkers in Mountain View on a regular basis. This is awesome!

Not too shabby!

Best wishes to you all for 2016!

Valerie

ICMC15: Effective Cryptography—Or: What's Wrong With All These Crypto APIs?

Thorsten Groetker, CTO, Utimaco

Effective cryptography means it needs to work and be secure, but it also has to get you where you need to go quickly and calculate the results fast 

There are many well known crypto APIS - but there's something wrong with all of the.

PKCS#11 and security issues. There are numerous key extraction attacks known. Jolyon Clulow "on the Security of PKCS#11" and the Tookan project ("Attacking and Fixing PKCS#11 Security Tokens". There are CVE entries as well, but they don't necessarily note PKCS#11.

Why does PKCS#11 have these issues? Confusing sest of mechanisms and attributes - you need automated model checkers to determine secure configurations.  Functions are broken into fine grain operations, which opens the door to eavesdropping and insertion attacks. 

[Note: these are the opinions of the speaker, not my own, as with all my blogs from this conference]

PKCS#11 is not the worst of the bunch. These same attacks can be used against Microsoft CryptoAPI (CAPI), JCE/JCA and Mixed APIs. For example, under JCE/JCA there are wrap-decrypt attacks unless they are prevented by underlying devices. For CAPI, exchange keys can be also used to encrypt/decrypt data to open door to wrap-decrypt attacks.

Efficiency is development cost and time to market. If the team is more comfortable with an API, it will be easier for them to adopt and implement. 

"Simplicity is a prerequisite for reliability." - Edsger Dijkstra. (and hence for security)  Authentication should not be an after thought. We need multi-factor and multi-person (Mout of N) authentication. And don't forget about audit logging!

People tend to underesestimate the cost of data transfers - server -> CSP -> Middleware -> Network Appliance -> Driver -> HSM.  

If you implemented your cryptographic functions as atomic HSM commands it will be faster and more secure.

KMIP is trying to come to the rescue with the concept of batched requests.  This addresses some performance issues, but it is not suited as a general crypto programming paradigm.

Crypto apps running within the secure perimeter of an HSM will become the norm. Drivers include security, eas of use, performance, multi-tenancy, custom logging, portability and cost.  Thorsten believes that firewalling and binding a key to a specific app or device will become a hard requirement.

A PKCS#11 host program will have access to 50+ functions, 200 attributes [XXX - something got lost here - mechs were also mentioned] [Note: I don't believe there is really any PKCS#11 library that implements every mech, every attribute, every functions].

Don't forget how dramatically an easy-to-use API combined with firewalling and enabled 3rd party apps can change an established market. Think about how much things have changed from our old Nokia cell phones with buttons to an Android or iOS phone.

Managed languages make this even easier.

But are people really going to develop embedded apps for HSMs?

Introducing CryptoScript: You eed to write a script, load the signed script (automatically compiled under the hood and executed one where it spawns threads and registers functions as commands), and invoke newly registered CryptoScript commands from the host application in high level languages.

Inside the utimaco HSM there's a boot loader, OS, administrative modules , cryptographic modules and SXI (Cryptographic eXtended services Interface). CryptoScript is on top of all that.

The basic concept is to be small, efficient and portable under the MIT license for easy portability.  The language was pared down by removing application program interfaces, native debug I/F, aux lib and OS facilities. They've enhanced this by adding secure managed memory, command handling, authentication and secure messaging. 

CryptoScript does not allow direct memory addressing and no buffer/stack overflows.

Once you've got CryptoScript Modules - they are loaded in a virtual HSM, so they cannot direct the actual HSM file system and memory.

A question from the audience: If PKCS#11 sucks, due to complexity - how does the problem go away just because we implement it on the HSM?  Answer: the attack vector is removed, CryptoScript has better debugging, and it's faster to develop.
 
Post by Valeie Fenwick, syndicated from Security, Beer, Theater and Biking!

RSA & PKCS#11 v2.40 - Official OASIS standards!

I am excited to announce that our new PKCS#11 specifications are *official* OASIS standards!

The PKCS11 technical committee worked hard over the last 2 years to update the last standard draft from 2009 and run it through the OASIS process.  I am very proud of the committee and OASIS
community for reviews, discussion and guidance.

If you'd like  to learn more, please come by the OASIS booth (South Hall, #1921) at the RSA conference this week - myself, other Oracle Solaris security folks and other TC members will be there to answer your questions!

PKCS#11 Webinar Friday (That's Tomorrow!)

Bob Griffin, EMC, and I will be presenting the history of PKCS#11 and where we are going with the standard in our OASIS Technical Committee Friday, March 27, 2015 at 8AM PT.  This is in preparation for our OASIS wide vote for PKCS#11 2.40 to become an official OASIS standard (boy, this process has taken longer than I imagined possible!)

Come along and hear all about it, and ask me and my co-chair questions!

You can register here at the OASIS site.

"See" you there!

Vote for Me!: Open Crypto Standards Talk at RSA

I would like to give a talk on PKCS#11 and KMIP and how you can escape vendor lock in by using open standards at this years upcoming RSA conference, but I can only do it if I can get your vote! This year, RSA is "crowd sourcing" a few talks - the most popular will be sent to their program committee. I only have a chance if I get your vote.

Voting closes on April 2, so please don't delay!

Attendees votes count for double, but even non-attendees can vote. Please check out my talk and vote for me. Thank you!

OASIS PKCS#11 v2.40 in final 15-day public review!

After starting work in February 2013, I am so excited that just 14 months later, our recently formed OASIS technical committee has our first standard revision under the OASIS banner out for final public review.

I am proud of the hard work everyone put forth into this new version of the standard, particularly so of our editors who all integrated changes and fixes with nary a complaint.

PKCS#11 v 2.40 is just what we need to move this cryptographic standard forward into the future.

I'm excited about the new work we're starting on the next revision already!

Check it out and let us know what you think.

Thank you!

Valerie, co-chair OASIS PKCS11 TC
[Update July 2014: Not sure why I said "Final"... some minor mistakes were found, we're cleaning them up and should have another review out shortly!]

Oracle Solaris Cryptographic Framework: Now Fully Validated!

It is with great pleasure that I can announce that Oracle has received our FIPS-140-2 certificates for the userland Solaris Cryptographic Framework as well!

I wrote in December about receiving our certificates for the kernel side.

These new certificates, certificate #2077 for Intel and SPARC64 processors and certificate #2076 for SPARC T4 and T5 processors, completes our story for FIPS-140-2 Level 1 validation for Solaris 11.1.

This was a long and difficult process, and I am very proud of the team of engineers, program managers, testers and documentation folks who made this all happen.

PKCS 11 Technical Committee Face to Face

This week, Oracle hosted the OASIS PKCS 11 Technical Committee's face to face meeting on our Santa Clara campus.

It was a very productive two days, I believe we got through some of the final issues to the next revision of the standard (v2.40).  Work won't finish there, it seems, as all of the committee members are excited about what we can do in the future to make PKCS 11 an even more robust interface for providing cryptographic services to applications and utilities.

As most of you already know, Solaris's user level Cryptographic Framework is a PKCS 11 API, so we're very excited to see the standard progress and evolve.

As co-chair of the committee, I am so proud of everyone's hard work in dusting off the standard and doing the hard work necessary to quickly converge to get the next revision ready to go!

The standard moved from RSA to OASIS earlier this year.