Post-quantum was a strong theme at this year’s RSA Conference. Many organisations are now examining how to prepare against the threat of quantum computers breaking existing asymmetric cryptography. Seeing the need to protect PCs against quantum computer attacks, we recently announced a new generation of Business PCs with quantum-resistant protection for firmware [1]. Our 5th generation Endpoint Security Controller, built into the latest HP Business PCs, is a major security upgrade that provides our customers with post-quantum cryptographic protection in the critical area of PC firmware.
The Endpoint Security Controller verifies the integrity of the firmware using a quantum-resistant signature check in addition to the existing RSA signature check. This establishes a quantum-resistant hardware security foundation for the PC upon which the software stack can be secured against quantum computer attacks. Without this, an attacker with a powerful enough quantum computer could run malware at the most privileged level and compromise device security, all the way down to the firmware, bypassing any form of software security, quantum-resistant or not.
This PC firmware protection upgrade is an exciting project that I began working on when I joined HP as Chief Cryptographer. Today, I sat down with two of the lead technologists behind this innovation to discuss why HP acted, and how they went about making design choices. Jeff Jeansonne is a Distinguished Technologist and Senior Hardware and Firmware Security Architect for HP Business PCs, and Thalia Laing is a Principal Cryptographer and Security Researcher in the Security Lab at HP Labs.
Protecting against the quantum threat now
Tommy Charles:
Let me first ask you this. Since quantum computers capable of threatening asymmetric cryptography are expected to be some years off, why is HP introducing quantum resistance in Business PCs now?
Thalia Laing:
Cryptography used in devices may need to be relied on for years. To determine when we would need to introduce quantum resistance, we considered three principal factors. Firstly, the migration time to design quantum-resistant protection into a product and get it to customers, secondly, how long the cryptographic protection needs to last for – called the shelf life – and finally the quantum threat timeline. We set these factors out in more detail in our recent blog about anticipating the quantum threat [2].
For our Business PCs, we assessed that the migration would require several years to design upgraded hardware, manufacture and test it, and then get it into the hands of customers. Furthermore, since the cryptographic protection is in hardware, it is not upgradeable. As PCs become more sustainable through repurposing, renewal and reuse, the typical lifespan of a PC is growing. So, with these constraints and the need for PCs to be secure in the field for their entire lifetime, we had to consider the quantum threat to our customers almost a decade ahead.
We concluded that now is the right time to act because of the reasonable possibility that a quantum computer will break existing asymmetric cryptography within the next ten years. It was hard to quantify the risk, but to illustrate the current perception using the most recent survey from the Global Risk Institute [3], expert predictions now average out to an estimated probability of between 4% and 11% by 2028 and between 17% and 31% by 2033. Clearly these levels of cybersecurity risk are not acceptable in these timescales given that a quantum break would require a global hardware refresh. Our customers rely on PCs to protect data and systems that are essential for their business, including critical and sensitive industries upon whose resilience and security our societies depend. To compound the challenge, we may not even know when attackers first obtain sufficiently powerful quantum computers to realise this threat because they may try to keep such a capability secret. Furthermore, we know that nation-state and well-funded cybercrime groups are already investing plenty of effort to target critical infrastructure around the world.
Having considered the quantum threat and its consequences to endpoint security we knew that we had to act sooner rather than later to give our customers the protection they need. Namely, to protect them from the risk of the quantum threat being realised before their new PCs reach end-of-life.
“For over two decades, the HP Security Lab has been working to stay ahead of computer threats through technology research and innovation. Firmware with quantum-resistant protection is no exception and represents a huge step forward in securing our digital world for the quantum era.” – Boris Balacheff, HP Fellow and Chief Technologist for Security Research and Innovation, Security Lab at HP Labs
The Endpoint Security Controller
Tommy:
HP’s quantum-resistant protection of firmware starts from the Endpoint Security Controller (ESC) hardware in HP Business PCs. Can you say more about the ESC and what protections it provides?
Jeff Jeansonne:
The ESC is a hardware chip and is the first PC component that gets power when the system starts up. One of the ESC’s main roles is to ensure the first mutable (i.e. changeable) firmware code that runs when the PC is powered on is as expected. It checks the firmware is HP code that hasn’t been altered or replaced with other, potentially malicious, code prior to execution. This check is achieved by verifying a cryptographic signature. Only if the signature is verified successfully will the ESC have assurance that the firmware is as expected and proceed to execution. This signature verification process uses a public key, which is unique to HP, and both the public key and the verification process are programmed into the ESC in Read Only Memory (ROM), meaning that after it is programmed it cannot be changed.
Tommy:
So, what is it about this firmware code that is so crucial that its provenance and integrity need to be protected by the hardware itself?
Jeff:
The mutable code the ESC checks is called firmware and consists of firmware code for the ESC and so-called BIOS firmware code for the main CPU. This firmware is low-level code responsible for, amongst other things, the configuration and control of hardware components, and particularly, booting the rest of the PC. This firmware plays a major role in ensuring that the hardware is configured securely, and that the operating system is loaded securely. A successful attack on the firmware could enable a malicious actor to undermine the security of the operating system, achieve persistent control of the device in a way that is almost undetectable, exfiltrate data, or even choose to be destructive and attempt to brick the hardware itself. So, verifying the integrity of the firmware is vital for the security of the PC and its software and data.
The fact that the signature verification process and HP’s public key are put into the immutable ESC ROM during the design phase of the chip offers the best security guarantee for firmware integrity because an attacker cannot replace HP’s public key with a malicious key or bypass the verification procedure. And as Thalia explained, these mechanisms cannot be updated in the field during the life of a device, which is what makes them a priority for migration to quantum-resistant schemes.
The quantum threat to PC firmware
Tommy:
Can you tell me more about the quantum threat to PC firmware that made you identify firmware protection as a priority for migration to quantum-resistant algorithms?
Thalia:
The threat is that RSA, the cryptographic signature algorithm currently used to verify the integrity of firmware, will become vulnerable to attackers with access to a viable quantum computer. Even though quantum computers are not yet powerful enough to break the RSA signature scheme, they may become powerful enough during the lifetime of the ESC. Given the public key and verification process are “baked into” the ROM, we cannot update the chip once it has been designed. We did not want the ESC to become vulnerable to quantum computer attackers during its lifetime, so we opted to use a quantum-resistant signature scheme in our new 5th generation ESC introduced this year. It wasn’t, however, a simple introduction of a quantum-resistant cryptographic signature scheme. We had many design decisions to make and engineering challenges to overcome.
Quantum-resistant signature schemes
Tommy:
The quantum-resistant cryptographic signature scheme that you chose to use is a stateful hash-based signature scheme called the Leighton-Micali Signature (LMS). Why did you choose it?
Thalia:
Stateful hash-based signature schemes are currently the only standardised, quantum-resistant signature schemes. They were approved by NIST in 2020 [4] to extend the FIPS Digital Signature Standard [5]. There are other digital signature schemes in the process of being standardised by the NIST Post-Quantum Cryptography project [6], but these are yet to be finalised and the public trust in these schemes is not as high as for stateful hash-based schemes. Drafts for some of these new schemes were published in 2023 [7], with final standards expected later in 2024.
Importantly, stateful hash-based signature schemes are a cautious choice security-wise. They are well understood, already standardised, and introduce no new security assumptions that haven’t yet stood the test of time. Their security is relatively simple to assess, dating back to Merkle’s signature scheme proposal in 1979 [8]. In contrast, the security of the NIST candidates that are about to be standardised is more complex to assess and depends on more sophisticated security analysis – more time and maturity is needed to be as confident in their security as we are already in stateful hash-based signatures. That said, stateful hash-based signatures come with limitations: the signer must carefully manage state over time, such as a counter, and there is an upper bound on the number of signatures that can be produced during the lifetime of a chosen signature key pair. But it is already well established that these schemes are well suited for our use case of firmware signature verification. In fact, the NIST SP 800-208 specification of stateful hash-based signature schemes [4] calls out authentication of firmware as an example application where these schemes are appropriate.
Tommy:
Given there are two different stateful hash-based signatures schemes – LMS and XMSS (Extended Merkle Signature Scheme) – why did you choose LMS?
Thalia:
LMS and XMSS both have similar security assumptions, as the security proofs of both schemes use similar technical properties. From our work in the Security Lab, we found LMS to be faster when verifying a signature. This is because LMS requires about four times fewer hash function executions to verify a signature compared to XMSS. The efficiency of signature verification is important in our application, as it occurs every time a user boots their PC, and we don’t want to slow down the time to boot and degrade the user experience, hence LMS was the more attractive of the two.
After we had made the decision to adopt LMS, the US government published quantum resistance requirements for national security systems (CNSA 2.0 [9]). In this publication they encourage ‘vendors to begin adopting NIST SP 800-208 [stateful hash-based] signatures immediately’ for software and firmware signing, and advise relevant agency procurement to give preference to such quantum-resistant algorithms for firmware signing starting in 2025. In addition, they recommend LMS specifically as the preferred signature scheme for this use case. This comforted us in our assessment that LMS was a good choice.
LMS Parameter Choices
Tommy:
You make it sound straightforward, but using LMS comes with many options to choose between different parameters. I know you must choose the hash function used internally. But then there is the ‘height’ parameter, which defines an upper bound on the number of signatures that can be produced for a given key pair. But the larger the upper bound, the slower the signature generation and verification are. And then there is the Winternitz parameter, which defines a time-memory trade-off: a larger Winternitz parameter means a smaller signature, but a slower signing and verification time.
So, there is a lot of work behind picking LMS in practice. How did you select your parameters?
Thalia:
You are right, there was a lot of work and testing involved in figuring this out. First, the team chose to use SHA-256, a hash function in the SHA2 family. This was chosen over any SHA3 hash functions as, on our specific ESC hardware, the testing showed that SHA2 was faster than SHA3.
From the SHA2 family, SHA-256 specifically was chosen as it offered a high level of security which we were sure would satisfy all customer requirements. SHA-256 has a slightly higher security level than the hash function the US government went on to recommend for LMS in CNSA 2.0 [9], confirming our choice offered more than sufficient security.
Choosing the other parameters was more involved.
Jeff:
For the ‘height’, we needed to ensure we never hit the upper bound on the number of signatures that could be produced. So, we looked back at how many RSA signatures had been required for previous ESC generations as a guide. Then we worked to minimise the number of signatures required for each firmware authentication and chose the parameter to be sufficiently larger than these predictions.
The Winternitz parameter on the other hand, was chosen after practical experimentation: the priority for the ESC was signature verification speed rather than signature size but given the ESC hardware is resource constrained we wanted to avoid too large a signature, and so a smaller Winternitz parameter was selected.
Using LMS in parallel with RSA
Tommy:
One design decision you made was to use LMS in addition to RSA, such that both the LMS and RSA signatures need to verify successfully for the ESC to consider the firmware authentic and run it. I’m interested in the thinking behind this decision?
Thalia:
Using a ‘classically’ secure scheme, such as RSA, alongside a quantum-resistant scheme is being widely explored across industry as it enables solutions to benefit from defence-in-depth by having both the strong assurance from classical (i.e., non-quantum) attackers of the currently used algorithms with their well tested implementations, and the newer protection of the quantum-resistant algorithm implementations against quantum attackers.
Our solution provides the assurance of quantum resistance from LMS while in addition benefitting from the maturity and history of certifications of our RSA implementation.
Jeff:
At this early stage of the quantum resistance migration, customers have different requirements around the world, and they will drive their own migration timelines. Some are looking for quantum-resistance soon, while others will continue to expect classical cryptography protections and certifications for some time. So, using LMS and RSA in parallel was the most conservative choice that would meet everyone’s security requirements.
Reflections and next steps
Tommy:
I joined HP relatively recently to focus on cryptography technology strategy and cryptography engineering governance across the company.
When I started, I was excited to see that HP had already begun planning their transition to quantum-resistant cryptography. In fact, not only had HP started planning this transition, but they had also identified Business PC firmware as a high priority use case for the migration, created a quantum-resistant design, and were in the throes of testing and validating the security of the solution.
Completing the project with the team, I’ve witnessed the incredible collaboration required across HP to bring a project like this to fruition. From the Global Cyber Security team, to the Personal Systems security team, of which Jeff is a member and who design the PC hardware and its ESC. To the HP Security Lab where Thalia and I sit, who led threat analysis, initial security research, and provided cryptographic design guidance, to the entire PC hardware and firmware engineering team who developed and tested the solution.
Given the release of HP’s Business PCs with quantum-resistant cryptography, this just leaves me to ask, what is next for quantum resistance at HP?
Thalia:
The migration to quantum-resistant algorithms is a complex undertaking. The new algorithms – both stateful hash-based signature schemes and the incoming schemes from the NIST PQC project – have different characteristics to the currently used schemes and will likely require overcoming engineering challenges to adopt them. HP’s quantum-resistant firmware integrity protection is the first step in a long migration process.
At HP, we’re working to identify and prioritise use cases for migration as and when suitable cryptographic primitives become standardised. We’re exploring the new schemes, testing them in different scenarios, and making sure we are as prepared as possible to ensure a smooth, secure transition.
Conclusion
HP is leading the industry by protecting Business PC firmware from quantum computer attacks. Thanks to our ongoing assessment of security threats and the implications for our customers, we recently introduced quantum-resistant firmware integrity protection into the hardware security foundation of our Business PCs and in doing so have achieved an industry security milestone.
Our robust design uses standardised, well-trusted, quantum-resistant cryptography as an additional layer of protection alongside our existing mature RSA implementation. Without this quantum-resistant protection, an attacker with a sufficiently powerful quantum computer could replace and run malware at the most privileged level of a PC and compromise the security of the entire device, software, and data. Security software updates alone could not protect a device from that quantum attack – even software designed with quantum-resistant cryptography. This is why it is so important for our PC hardware to provide quantum-resistant firmware integrity protection starting now.
This protection is a priority for customers when refreshing PC fleets because this essential security upgrade is in hardware that cannot be updated. This means we are protecting our customers’ devices at the hardware and firmware foundation and enabling them to proceed with the quantum-resistant cryptography migration of their full technology stack when software updates become available, without the migration being undermined from the device foundation. This upgrade means our PCs are future-ready for the quantum-resistant cryptography migration.
I am grateful to be part of the team who delivered this exciting innovation and I look forward to helping secure the rest of the HP product stack against the quantum threat.
References
[1] I. Pratt, “HP Launches World’s First Business PCs to Protect Firmware Against Quantum Computer Hacks,” 7 Mar 2024. [Online]. Available: https://press.hp.com/us/en/blogs/2024/hp-launches-business-pc-to-protect-against-quantum-computer-hacks.html/.
[2] Tommy Charles and Thalia Laing, “Anticipating the Quantum Threat to Cryptography,” 21 Feb 2024. [Online]. Available: https://www.bromium.com/anticipating-the-quantum-threat-to-cryptography/.
[3] M. Mosca and M. Piani, “Quantum Threat Timeline Report 2023,” Global Risk Institute, 2023. [Online]. Available: https://globalriskinstitute.org/mp-files/quantum-threat-timeline-report-2023.pdf/. [Accessed 17 01 2024].
[4] D. A. Cooper, D. C. Apon, Q. H. Dang, M. S. Davidson, M. J. Dworkin and C. A. Miller, “NIST Special Publication 800-208: Recommendation for Stateful Hash-Based Signature Schemes,” October 2020. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-208. [Accessed 22 September 2021].
[5] NIST, “Federal Information Processing Standards Publication 186-5: DIGITAL SIGNATURE STANDARD (DSS),” 3 February 2023. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf.
[6] NIST, “Post-Quantum Cryptography,” 5 April 2023. [Online]. Available: https://csrc.nist.gov/projects/post-quantum-cryptography. [Accessed 6 April 2023].
[7] NIST, “Comments Requested on Three Draft FIPS for Post-Quantum Cryptography,” 2023. [Online]. Available: https://csrc.nist.gov/news/2023/three-draft-fips-for-post-quantum-cryptography. [Accessed 17 01 2024].
[8] R. Merkle, “Secrecy, Authentication, and Public Key Systems,” Technical Report No. 1979-1, Information Systems Laboratory, Stanford University, 1979. [Online]. Available: https://www.ralphmerkle.com/papers/Thesis1979.pdf.
[9] NSA, “Announcing the Commercial National Security Algorithm Suite 2.0,” September 2022. [Online]. Available: https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF.
The post Designing PC Firmware Protection for the Quantum Era appeared first on HP Wolf Security.
from HP Wolf Security https://ift.tt/J4L6mcQ
via IFTTT
No comments:
Post a Comment