Secret keys are generated externally

Question

Secret keys are generated externally

robputt opened this issue 4 years ago · comments

Mirrors ukhsa-collaboration/COVID-19-app-Android-BETA#14 in iOS app.

https://github.com/nhsx/COVID-19-app-iOS-BETA/blob/370a51857b8a680925adc85bfc2e08936a2fd77d/Sonar/Networking/ConfirmRegistrationRequest.swift#L55-L57

Luke Redpath · Answer 1 · Fri May 08 2020 19:34:24 GMT+0800 (China Standard Time)

As mentioned in the other issue, I don’t think secretKey is the private key that goes with the returned public key. If I remember correctly from the design document, the private key remains on the server and is ultimately what allows the server to match the signed broadcast identifiers to the original installation ID on the server.

Michael Brown · Answer 2 · Fri May 08 2020 23:26:13 GMT+0800 (China Standard Time)

As mentioned in the other issue, I don’t think secretKey is the private key that goes with the returned public key. If I remember correctly from the design document, the private key remains on the server and is ultimately what allows the server to match the signed broadcast identifiers to the original installation ID on the server.

As (now) mentioned in the other issue: the problem is worse than originally reported. secretKey is the key used to prove ownership of the ephemeral key pairs, but since secretKey is known to the server then the server is able to forge signed messages for an arbitrarily chosen fake ephemeral key pair.

Terence Eden · Answer 3 · Sun May 10 2020 16:33:24 GMT+0800 (China Standard Time)

For more information on the technical and security design, please read the report at https://www.ncsc.gov.uk/report/nhs-covid-19-app-privacy-security-report

Michael Brown · Answer 4 · Sun May 10 2020 16:59:24 GMT+0800 (China Standard Time)

For more information on the technical and security design, please read the report at https://www.ncsc.gov.uk/report/nhs-covid-19-app-privacy-security-report

Already read it. Please read and understand the security flaw as described in ukhsa-collaboration/COVID-19-app-Android-BETA#14

Scott Walsh · Answer 5 · Mon May 11 2020 19:24:13 GMT+0800 (China Standard Time)

@edent on Pg5 of that paper :

These are not the only security and privacy promises we make, but seem to be the most important
to explain early in the app’s development.

Assuming integrity of the central server is not great, if it is compromised in the middle of a peak of an outbreak, it means devices will have +20 days of encounter information which may need to be discarded as untrusted,

Terence Eden · Answer 6 · Tue May 19 2020 23:32:28 GMT+0800 (China Standard Time)

For those that haven't already seen it, there's an NCSC blog post about the security questions raised.

https://www.ncsc.gov.uk/blog-post/nhs-covid-19-app-security-two-weeks-on

Terence Eden · Answer 7 · Fri Jun 26 2020 19:06:34 GMT+0800 (China Standard Time)

I'm pasting this message in every active GitHub issue, so you may receive duplicate notifications.

Today, I'm happy to announce that NHSX has released the full git commit history for the Isle of Wight Beta apps.

Android - https://github.com/nhsx/COVID-19-app-Android-BETA
iOS - https://github.com/nhsx/COVID-19-app-iOS-BETA

As discussed, we have redacted API keys, sensitive domain names, and some of the developers' personal details. I am still waiting on final approval to publish the server-side code.

I would like to personally thank the community for your comments, bug reports, and vulnerability disclosures. They all went into helping the development process.

The beta trial of this app has now ended and we've moved to the next phase of app development. It is our intention to publish the source code of future apps as the binaries are released to the public.

Once again, thank you for being part of this.

Terence Eden
Head of Open Technology - NHSX