More Related Content Similar to Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 (20) More from Amazon Web Services (20) Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Innovating FIPS crypto validation in the
Cloud
Alan Halachmi
Sr. Manager, Solutions Architecture
AWS
S E P 3 2 1
2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
Context
Proposal
Status
New approaches
4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
“ThestructureandtherulesunderwhichtheCAVPandCMVPoperateworkedwell
forthelevel ofthetechnologyutilizedbytheFederalGovernmentatthetimewhen
theprogramswerecreatedmorethantwodecadesago. Astechnologyhas
advancedhowever,thealgorithmandmoduletestingprocessesnolongersatisfy
currentday industryandgovernmentoperationalneeds.Testingandvalidationof
testresultsareexceedinglylong,wellbeyond typicalproductdevelopmentcycles
acrossa widerangeoftechnologies.Becauseofthehumaneffortinvolvedin all
stagesofthisprocess,thepossibilityforsubjectivityanderrorsishigh.“
—National Institute of Standards and Technology
5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Historical view
• FIPS 140-1 issued January 1994
• CAVP and CMVP created mid-1995
• FIPS 140-2 issued May 2001
• Operational environment
“A third-party cloud system that provides its own operating environment, such as an operating system and
hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure,
and Google Cloud) shall not be used.”
6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Historical view
• FIPS 140-1 issued January 1994
• CAVP and CMVP created mid-1995
• FIPS 140-2 issued May 2001
• Operational environment
“A third-party cloud system that provides its own operating environment, such as an operating system and
hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure,
and Google Cloud) shall not be used.”
7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Historical view
• FIPS 140-1 issued January 1994
• CAVP and CMVP created mid-1995
• FIPS 140-2 issued May 2001
• Operational environment
“A third-party cloud system that provides its own operating environment, such as an operating system and
hardware upon which the tester has no control (possible examples are: Amazon Web Services, Microsoft Azure,
and Google Cloud) shall not be used.”
• Specific valid configuration
• Performance of validated modules
8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Module validation
Step 1: Cryptographic Algorithm Validation Program (CAVP)
Step 2: Cryptographic Module Validation Program (CMVP)
Step 3: Conformant implementation
9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Module Validation
Step 1: Cryptographic Algorithm Validation Program
Step 2: Cryptographic Module Validation Program
Step 3: Conformant implementation
https://csrc.nist.gov/CSRC/media/Presentatio
ns/Testing-to-FIPS-140-2-Derived-Test-
Requirements/images-media/CMVP2606.pdf
10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Work to date
• Automated Cryptographic Validation Testing (ACVT): Algorithms
• Three working groups defined
• Algorithms
• Modules
• Cloud
• Starting with algorithms
• Pilot started in 2018
• Allows first-party accreditation of the company/organization
• All new algorithm submissions must use ACVT program by mid-2020
11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Work to date
• Automated Cryptographic Validation Testing (ACVT): Algorithms
• Three working groups defined
• Algorithms
• Modules
• Cloud
• Starting with algorithms
• Pilot started in 2018
• Allows first-party accreditation of the company/organization
• All new algorithm submissions must use ACVT program by mid-2020
13. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Tenets for cloud validation
• Continuous validation
• Shared responsibility
• Minimal coordination
• Consistent application
• Leverage existing investments
14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key terms
UserspaceKernelspace
Operating environment SCM operating
environment
Application/user interaction
API calls/system calls
Consumer
Hypervisor
Infrastructure as a service (IaaS)
Hardware
CPU Memory Storage
FIPS 140 test harness
Execute test routines
Software
Firm/soft
Software
Test
harness
Operating system
Customer-provided
entities
• SCM
• Operating
system
Software cryptographic module
Cloud service
provider offers:
AP IaaS
15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Step 1: Submit industry
framework certification
Submit for
certification
check with
ACVT
Hypervisor
Hardware
CPU Memory Storage
Kernelspace
Operating environment
FedRAMP
or similar
certified
platform
Certificate accepted
Cloud assurance framework
16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Testautomation
Security testing
Performance testing
Functional testing
FIPS 140 test harness
Execute test routines
Hypervisor
Hardware
Microkernel
Code build
or other
change
Deploy change
Test
results
Step 2: Integrate NIST
software test harnessCloud assurance framework
Constrain scope of testing to
relevant service functions
17. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Submit
for ACVT
review
UserspaceKernelspace
Operating environment
Operating system
OE is validated for SCM FIPS
140 operation
Hardware
CPU Memory Storage
Hypervisor
IaaS AP
Test harness
AP attributes
Software cryptographic module
Generate
DTR
evaluation
data
Deploy
SCM
Step 3: Validate SCM on
operational environmentCloud assurance framework
18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud assurance framework: Outcomes
• Composeable validation
• Continuous validation
• Reuse of attestations
20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Modules in the cloud
• Draft proposal shared with NIST and industry
• Agreement on general outlines of the proposal
• Detailed guidance underway, including ConOps
22. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
New validation approaches
Proofs: 360 BC → AD 1970s
Examples
• Euclid: Infinitude of primes
• Gödel: Incompleteness theorem
• Turing: Entschedungsproblem
• …
• …
• …
• …
Arguments found by humans and
double-checked by humans
23. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
→ 2001
Euclid: Infinitude of primes
Gödel: Incompleteness theorem
Turing: Entschedungsproblem
Four-color theorem
Odd-order theorem
Automated reasoning in mathematical logic
Arguments found by humans and
double-checked by machines
24. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Arguments found by machines and
double-checked by machines
Automated reasoning in mathematical logic
• …
• …
• Airbus 360 primary flight control software
• Bombardier ILLBV950L2 railway interlocking
system
• Mars Rover data management subsystem
• …
• …
• …
25. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Arguments found by machines and
double-checked by machines
• …
• …
• …
• High-confidence device drivers
• Memory safety
• API usage rules
• Termination
• …
• …
• …
Automated reasoning in mathematical logic
26. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Arguments found by machines and
double-checked by machines
Automated reasoning in mathematical logic
• …
• …
• Key pieces of AWS infrastructure?
• Customer solutions built on AWS?
• Software cryptographic modules?
• …
• …
27. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
A grid of bugs
Program states
28. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
A grid of bugs
Program states
Granting access
to authorized user
Processing a
transaction
29. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
A grid of bugs
Program states
Granting access
to authorized user
Processing a
transaction
Granting access
to unauthorized user
30. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Software security as a game
31. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Defender’s turn: Pick 10 squares
Test cases From
Development
Red teaming
Penetration testing
…
32. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Defender’s turn: Fix problems
33. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Defender’s turn: Fix problems
34. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Attacker’s turn: Pick 10 (or 20, or…)
35. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Attacker’s turn: Pick 10 (or 20, or…)
36. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Attacker advantage
• General per-round odds favor attacker
Find all orange squares vs. find any orange square
• Attacker generally has more time
Windows XP is 15 years old now
37. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Verification/formal methods
Cover much more of the state space by discovering and leveraging the underlying
structure
38. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Formal methods: Characterize state
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
i mod 13 = 0
i mod 8 = i div 8
39. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Formal methods: Characterize state
i mod 13 ≠ 0
i mod 8 ≠ i div 8
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
40. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Formal methods: Characterize state
i mod 13 ≠ 0
i mod 8 ≠ i div 8
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
41. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Formal methods: Characterize state
i mod 13 ≠ 0
i mod 8 ≠ i div 8
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
0 1 2 3 4 5 6 7
8 9 10 11 12 13 14 15
16 17 18 19 20 21 22 23
24 25 26 27 28 29 30 31
32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47
48 49 50 51 52 53 54 55
56 57 58 59 60 61 62 63
42. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Verification/formal methods
Cover much more of the state space by discovering and leveraging the underlying
structure
In the limit, can prove that code is correct in all cases
Method: Characterize the good behavior and show that this is the only behavior
that can occur
This is now at a viable cost/benefit point for critical, broadly deployed code
44. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon s2n: A TLS implementation
• Inspired by TLS vulnerabilities discovered by researchers in other
implementations
• Written with security and performance as primary goals
• Drops some arguably insecure/less secure features
• Result: Much smaller, clearer, and more auditable code
• OpenSSL TLS is 70,000 lines of C code
• s2n is only 6,000
• Used in production at Amazon
44
45. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous integration
Proofs run automatically on code changes
Proof failure is a build failure
Proof is independent of exact C code, and it depends on only
Interfaces (arguments and structure layouts)
Function call structure
Proof is easily adapted
Function body changes → likely no proof changes
Interface changes → similarly sized proof changes
Call structure changes → tiny proof changes
46. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Proof
metrics
47. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
See all the details in a research paper
that was presented at the 30th
International Conference on Computer
Aided Verification
Peer-reviewed paper
available
48. Thank you!
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Alan Halachmi
halachmi@amazon.com