Qubes Master Signing Key Architecture

NeverCat · July 17, 2023, 4:12am

The following post is a general question/theory post. Potentially someone who knows about the architecture/an actual qubes security team member could answer.

Main Question:

How do you store the QMSK?

Thoughs:

Does one person have the device?
I would imagine it was once under Mrs. Rutkowskas control, but now that she is emeritus, I imagine it is under Mr. Marczykowski-Goreckis possession now.
A single owner of the QMSK seems like a large security vulnerability (I AM NOT CALLING ANYONE IN THE QUBES TEAM UNTRUSTWORTHY, I AM JUST WONDERING IF THERE IS A BETTER WAY TO STORE IT I AM NOT AWARE OF)
(Less important) If the device is physical, which It obviously must be, where is it? Is it in bad jurisdiction?

My current final last thought:

Considering we should be inclined to always be increasing security how do they make sure that not one person is the sole custodian, if they do that. Or if they dont, are there ways to make it multi-custodian?

I have looked into Shamirs Secret Sharing Algorithm a bit, seems promising if the members can meet in person

THANK YOU TO ANYONE WHO RESPONDS AND COULD HELP ME UNDERSTAND BETTER

renehoj · July 17, 2023, 5:19am

It’s more a question of what is the alternative?

https://groups.google.com/g/qubes-devel/c/twkOEaMLtNI/m/lZyGx6_jFCEJ

Of course the canary doesn’t solve all the problems. E.g. if my signing
keys were somehow stolen without our knowledge, it wouldn’t help.
Neither it could help in case me being or becoming a miscreant. And
probably it doesn’t address many other potential problems, which could
only be solved one day with a multi-signature scheme. But anyway, until
that time, this is the best we can do, I think.

gonzalo-bulnes · July 17, 2023, 9:10am

With the disclaimer that I have no idea of how the Qubes OS team manages those questions: just a small note to share that I have seen teams treat those topics with discretion as a matter of operational security. (I see that posture as related to the theory of deterrence, of which uncertainty is a key aspect.)

That is to say that few public details don’t necessarily mean that a process is brittle or that anything shady is going on.

You’ll often hear of secrecy as a bad practice in some security contexts, but it is worth keeping in mind what is true for a cryptographic algorithm is not necessarily true for an operational process.

NeverCat · July 17, 2023, 2:07pm

This is something I have not considered. The possibility of a well made system existing but being kept from the public. I suppose there are some things we don’t know, or maybe shouldn’t know. I do believe that a well devised system could be made public (Shamirs Secret Sharing?), but I understand that if they see that the QMSK architecture works it should be fine. Since we have a root of trust in those individuals we should trust them to understand security measures.

adw · July 17, 2023, 5:30pm

Last I heard, that’s the case:

Today, during a ceremony at an undisclosed location, Marek Marczykowski-Górecki has received the Qubes Master Key from Joanna Rutkowska. pic.twitter.com/7PjXI5S2GH
— Qubes OS (@QubesOS) November 23, 2018

There’s an open issue for this:

github.com/QubesOS/qubes-issues

Consider generating new shared Qubes Master Signing Key

opened 01:12PM - 19 May 17 UTC

rootkovska

T: enhancement C: other P: major cryptography security project management

I think it's a nobrainer to state that it would be beneficial for everybody, i.e…. the project, its users, and even myself, if we could get a new Qubes Master Signing Key (QMSK), such that could be **shared** between N parties, of which M would be required to meet in order to use the key to sign other keys (i.e. the specific Release Signing Keys). For this effort to make sense, there are a few additional requirements though: 1. There should be just one key, usable the same way as standard GPG keys are used to sign/verify software. The solution that N people have just N keys and all of them sign the other keys, is simply not acceptable from the user point of view. 2. None of the N holders should be able to walk away with the full QMSK after any of the signing ceremony. 3. The owner of the laptop on which the creation and/or any of the further ceremonies take place, should also not be able to steal the QMSK. The recent discussion on qubes-devel [1] has encouraged me to think again about this problem and I've come up with the following idea which I'd like that we further discuss: 1. Assuming we have a laptop that _approximates_ the idea of a stateless laptop [2] reasonably well (of course, I'm realistic enough to know we won't have any True Stateless Laptop anytime soon). Let's call this laptop: **Laptop**. Also, we shall defer the discussion about how well should this approximation be, until some later time. Meanwhile I'm more interested in discussing other aspects of this proposal. 2. The Laptop runs **Tails** and uses encrypted persistent partition (likely LUKS-based, like the standard Persistence mode in Tails does), which is called **Persistent Partition**. The Persistent Partition is unlockable with a keyfile, which we shall call: the **Keyfile**. 3. During the **Initial Ceremony**, we generate: 1) the new QMSK, and 2) the Keyfile which will be used for the Persistent Partition encryption. The Keyfile is then used to mount the Persistent Partition and the new QMSK is moved onto this partition. 4. Still at the Initial Ceremony, the keyfile is split among N parties, creating N **Shared Keys**. This likely could be achieved using the `ssss` program (don't remember if it's part of the standard Tails distro, if not, we should use something that is, or convince Tails people to include it :) 5. The original Keyfile is then destroyed (here's where one of the benefits of using Tails for this exercise become clear, another benefit: we can use nearly arbitrary old machine as the Laptop) 6. Subsequently, whenever there is a need to use the QMSK, e.g. to sign the new Qubes Release Key, at least M out of N parties needs to meet, boot the Laptop using Tails, plug at least M USB sticks, combine the M Shared Keys, recreate the Keyfile, then mount the Persistent Partition. 7. Once the Persistent Partition gets mounted, we can create new keys (e.g. Release Signing Key), and sign them with the Master Key. Also, in case we needed to sign some other keys (e.g. other people's key), we the the trick suggested by @petertodd might be used: a one-time-use Binding Keys could be created, and signed by the QMSK. Note: I'm not really convinced about the idea of bi-directional signing (i.e. to have the binding key also sign the QMSK) -- this seems like some superficial trick, not really needed by us. 8. Once the keys are ready for export, we can copy them to some ephemeral fs, unmount the Persistent Partition (plus some make sure the memory with secrets also got wiped...), and subsequently export the keys, even using something like a USB stick... Open issues: 1. What's the best way to import the Shared Keys? Plugging USB sticks obviously endangers the laptop to some attacks... Using HSMs does not change much hear, as these are... also USB devices. One option is to keep them on some read-only mediums (DVD), of course encrypted with some user-only-known passphrase. 2. It seems to me that the Persistent Partition could be also burnt to such a DVD, for even if we are going to be generating new keys there, these would be exported and no problem if we discard them from the Persistent Partition. 3. The choice of M and N. Right now I'm thinking M = 2, N = 3 (me, Marek, plus somebody only we know who). Other options might be possible though. 4. Will we ever have a need to sign any keys non-generated on the Laptop? Likely not: only Release Keys, and these should then sign individual developer's keys. Does this make most of the discussion in [1] futile, or am I missing something? /cc @marmarek @andrewdavidwong @woju @petertodd [1] https://groups.google.com/d/msg/qubes-devel/XreFo6RM47Q/U_jmqK5SBgAJ [2] https://blog.invisiblethings.org/papers/2015/state_harmful.pdf

NeverCat · July 17, 2023, 6:15pm

Thank you so much! @adw