nCipher Security Advisory No. 8
payShield library may verify bad requests
-----------------------------------------
SUMMARY
=======
When a command is issued to the payShield SPP library it may return
Status_OK regardless of what the real reply status was.
ISSUE DESCRIPTION
=================
1. Problem
----------
When a command is sent through the SPP library the library may query
its HSMs to ensure they are responsive and working properly. When this
check is triggered and successful the response to the original command
will always be Status_OK, regardless of what status code the HSM returned.
Although an error message will be printed to the payShield log this error
is not communicated to the calling function.
During constant use this event will occur once every three minutes,
regardless of the number of threads or HSMs employed.
2. Impact
---------
The issue is in the host-side library and applications only. Existing
payShield installations and keys are not compromised and may continue
to be used with the new software.
The issue does not reveal any information about secret keys or data, it
only leads to a risk of false-positive verifications.
If the command being processed when the modules query is triggered is
supposed to return a non-0 status code, this status will be lost.
For example, an invalid PIN verification attempt will result in
Status_VerifyFailed being returned from the HSM, but the library call
SPP_VerifyPVV() may return Status_OK, making it appear that the PIN was
valid. If an attacker had sole access to the payShield application and
were able to flood it with invalid requests then they would eventually
get an 'OK' response.
One way to detect this would be retrospective review of payShield error
logs.
3. Who Is *Not* Affected
------------------------
Customers not using payShield are unaffected.
Customers not using versions 1.3.12, 1.5.18 and 1.6.18 of the SPP library
are unaffected.
Also, customers who use payShield solely for 'none' and 'HMAC' key
establishment (ie those not using the SPP library for payments processing)
are not affected.
However, we still suggest that these customers update their software in
order to avoid potential future use of affected software.
4. Who May Be Affected
----------------------
Application developers linking against versions 1.3.12, 1.5.18 and 1.6.18
of the SPP library and their end-users will be affected. If your version
number is between 1.3.12 and 1.6.18 but does not appear in the list,
please contact nCipher support and quote your version number.
5. How To Tell If You Are Affected
----------------------------------
Run the ncversions utility on the development machine and look for
"emvspp devel". If this includes "1.3.12", "1.5.18" or "1.6.18" then you
are affected. If you do not have ncversions then look in the file
$NFAST_HOME/lib/versions/emvspp-devel-atv.txt
for this information
This version number can also be queried by calling the library functions
SPP_GetLibVersion() or SPP_PrintLibVersion().
Alternatively flood your application with bad verification requests (for
example modify the value of the pvv key vector in knownvectors.h, rebuild
the sppbenchmark example and run the pvv benchmark test) and watch for
Status_OK. If you are affected then 1 command in any 3 minute window will
return Status_OK. All others will return the appropriate error code.
REMEDY
======
1. Detection
------------
In existing applications linked against affected versions of the library
any erroneous 'OK' response can be detected through log auditing, this is
not a means of prevention. A normal failure report will print 2
consecutive messages:
<time> [Error] In <function>, SEEJob reply status not OK
(status VerifyFailed)
<time> [Error] In SPP_<function>, Sending SEEJob failed
(status VerifyFailed)
But an affected application will only report:
<time> [Error] In <function>, SEEJob reply status not OK
(status VerifyFailed)
Higher levels of reporting will also print 'OK' [Info] messages after the
[Error].
2. Work-around
--------------
There is a work-around to this problem, but it is more intrusive than
relinking with the new library. Since the issue only affects one call in
any three-minute period the work-around is to make each call into
the SPP library twice and check both error codes.
3. Recommended course of action
-------------------------------
Developer customers should update their software and re-link their
applications with the fixed library at the earliest opportunity.
This is more effective and less intrusive than the work-around.
End users should contact their application vendor for an updated
application.
SOFTWARE DISTRIBUTION AND REFERENCES
====================================
You can obtain copies of this advisory, and supporting documentation,
from the nCipher updates site:
http://www.ncipher.com/support/advisories/
We regret that due to export control regulations, we are unable to
make the software updates themselves available on the web site.
Contact nCipher Support for details on obtaining the updated software.
Updated software is available now for the following platforms:
Windows, Linux, Solaris
New releases will soon be available on the following platforms (for which
affected software was not shipped):
AIX5.1, HPUX11, Linux(nethsm)
Please inform nCipher Support of your current software version so that
you may receive the most appropriate upgrade.
The new software does not affect FIPS validation.
NCIPHER SUPPORT
===============
nCipher customers who require updated software, support or further
information regarding this problem should contact support@ncipher.com.
nCipher support can also be reached by telephone:
Customers in the USA or Canada: +1 781 994 4008
Customers in all other countries: +44 1223 723666
Customers in all other countries outside of the USA and Canada can
call the USA number in the event that they receive the advisory
outside of UK support hours (09:00 - 17:30).
Further Information
===================
General information about nCipher products:
http://www.ncipher.com/
nCipher Developer's Guide and nCipher Developer's Reference
http://www.ncipher.com/documentation.html
If you would like to receive future security advisories from nCipher,
please subscribe to the low volume nCipher security-announce mailing
list. To do this, send a mail with the single word `subscribe' in
the message body to: security-announce-request@ncipher.com.
(c) nCipher Corporation Ltd. 2003
All trademarks acknowledged. nCipher and payShield are trade
marks of nCipher Corporation Limited.
$Id: advisory8.txt,v 1.5 2003/12/12 11:51:12 jgeater Exp $
