Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Implement Mission Key Management (MKM) component #98

Open
2 tasks
podhrmic opened this issue Jul 22, 2024 · 2 comments
Open
2 tasks

[FEATURE] Implement Mission Key Management (MKM) component #98

podhrmic opened this issue Jul 22, 2024 · 2 comments
Assignees
@spernsteiner
Labels
application software application software components SoW TA2.1.1.A Develop the Open SUT primarily using existing components and specifications.
Milestone
MVP 1.0

Comments

@podhrmic
Copy link
Collaborator

Summary

TODO: elaborate on this ticket

CONOPS

  1. MKM is provisioned with two distinct mission keys (this can be during the disk image build time)
  2. MKM boots, using the measured boot, but not the attestation
  3. MKM awaits attestation requests from each component (MPS, and ideally the Autopilot as well)
  4. upon receiving an attestation request, MKM performs attestation
  5. if the attestation is successful, the attesting component is whitelisted
  6. otherwise the component is blacklisted
  7. MKM awaits key distribution requests - the keys are distributed only to the attested (whitelisted) components

Acceptance Criteria

(Define "done". Describe the desired outcome in specific enough terms for the assignee to decide when the issue is resolved)

Do

  • CONOPS for the MKM
  • detailed task description
@podhrmic podhrmic added application software application software components SoW TA2.1.1.A Develop the Open SUT primarily using existing components and specifications. labels Jul 22, 2024
@podhrmic podhrmic added this to the MVP 3 milestone Jul 22, 2024
@spernsteiner
Copy link
Contributor

MKM awaits attestation requests from each component (MPS, and ideally the Autopilot as well)

Is it necessary to check the attestations up front, or would it be sufficient to check them on the fly when the key is requested? I'm thinking of a protocol like this:

  1. Component sends a key request to the MKM
  2. MKM responds with a challenge
  3. Component obtains an attestation for that challenge and sends it to the MKM
  4. MKM responds with the key

MKM awaits key distribution requests - the keys are distributed only to the attested (whitelisted) components

When sending the key, do we need the key to be encrypted in transit? Or can we assume that the communication channel between the component and the MKM is secure/trusted?

@podhrmic podhrmic mentioned this issue Nov 8, 2024
Open
1 task
@spernsteiner
Copy link
Contributor

Based on in-person discussion with @podhrmic today, we're planning to implement the simple protocol in the comment above. We're considering the network to be trusted for now, so we won't encrypt the keys when sending them to components. (This will be changed later when we move to an untrusted network and start using keys for encrypting data in transit between components, as opposed encrypting only data at rest such as logs.)

For the MKM implementation, we plan to implement it as a select/epoll-based server instead of fork/thread-per-connection, since the epoll version involves an explicit state machine for each connection that we can use to demonstrate CN's state machine verification capabilities.

@podhrmic podhrmic mentioned this issue Nov 8, 2024
Open
2 tasks
@spernsteiner spernsteiner mentioned this issue Nov 8, 2024
Open
@spernsteiner spernsteiner self-assigned this Nov 13, 2024
@spernsteiner spernsteiner mentioned this issue Nov 13, 2024
Merged
7 tasks
@septract septract mentioned this issue Nov 26, 2024
Open
4 tasks
spernsteiner added a commit that referenced this issue Dec 11, 2024
@spernsteiner
Merge pull request #133 from GaloisInc/98-mkm-server
543d7e1 
Implement MKM server logic

This implements the request-handling logic for the Mission Key Management service.  None of the actual cryptography is implemented yet - the keys and challenges are just hardcoded strings for now.

The MKM is implemented as a simple `epoll`-based server that handles multiple clients concurrently on a single thread.  It follows the simple protocol described in #98: the client requests a specific key ID, the MKM sends a random challenge, the client provides a matching response for that challenge, and the MKM finally sends the requested key.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spernsteiner spernsteiner

Labels
application software application software components SoW TA2.1.1.A Develop the Open SUT primarily using existing components and specifications.
Projects
None yet
Milestone
MVP 1.0
Development

No branches or pull requests
2 participants
@podhrmic @spernsteiner