[zeromq-dev] Consequences of using same keys on multiple servers or clients in CurveZMQ

Luca Boccassi luca.boccassi at gmail.com
Thu Mar 8 14:30:18 CET 2018

On Thu, 2018-03-08 at 22:21 +1100, Chris Billington wrote:
> Hi all,
> I want to secure software running on computers and other devices in
> physics
> labs, which all communicate over zeromq. They can execute arbitrary
> code
> and turn lasers on and off if you send them the right zmq packets, so
> it's
> important to make this secure even though it's on a mostly trusted
> university network. University IT isn't perfect and occasionally let
> botnets say hello to oven controllers, and we don't want to have to
> trust
> the whole physics department to be able to tell our computers what to
> do
> just because we share a network with them.
> So I'm implementing CurveZMQ security based on the "ironhouse" model,
> since
> we need to authenticate both clients and servers. However it is
> cumbersome
> to give every possible computer its own public key and private key,
> and
> distribute all these keys to all others. Whenever a new device gets
> plugged
> into the network, we would need to add the device's public key to
> every
> other device and computer. Given the variety of devices, it's hard to
> come
> up with a solution that isn't quite manual (like taking a SD card out
> of
> some custom microcontroller board and putting it into a computer just
> to
> add keys to it so the zmq server running on the microcontroller will
> recognise a new client). I would ideally like a situation where even
> if I
> am on a computer that has never interacted with the lab network
> before, I
> could put "the lab master key" on this computer, and have it talk to
> everything without having to also go do something to all other
> devices.
> What would be the security consequence of having many servers all
> using the
> same CurveZMQ private/public keypair?
> What would be the security consequences of having many *clients* all
> using
> the same CurveZMQ private/public keypair?
> What about if all clients and all servers talking to each other had
> identical keypairs?
> If this last possibility is safe then the "lab master key" can be
> simply
> one private key, from which the public key can be derived, and I only
> need
> to tell new lab users a 40 character z85 encoded ascii string to let
> them
> talk to everything in the lab as a client or a server.
> If this sounds like terrible security, it doesn't seem much different
> to
> the current case where all the lab computers have the same password,
> which
> we just change occasionally (or never). Or to giving a member of your
> home
> the wifi password.
> That is of course, so long as there isn't anything fundamental about
> CurveZMQ that means using keys for multiple peers is insecure.
> There's a comment on curvecp.org:
> Nonce separation
> > 
> > An administrator can set up several CurveCP servers sharing a long-
> > term
> > > secret key. The servers then have to support nonce separation:
> > > for example,
> > > the first of four servers is configured to use counters with
> > > bottom bits
> > > 00, the second is configured to use counters with bottom bits 01,
> > > the third
> > > is configured to use counters with bottom bits 10, and the fourth
> > > is
> > > configured to use counters with bottom bits 11.
> > 
> > 
> Which is maybe pointing to there being a problem.
> If I have to use different keys for every server and client, then
> CurveZMQ
> probably isn't tenable for my use. I'm really looking for a "give the
> new
> lab member or temperature-monitoring-raspberry-pi the wifi password"
> type
> of solution.
> Any suggestions appreciated,
> Chris


There was a discussion on this topic a few months ago:


Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.zeromq.org/pipermail/zeromq-dev/attachments/20180308/70154c75/attachment.sig>

More information about the zeromq-dev mailing list