onvif
Cloud Recording Encryption: Provide AdditionalInfo configuration
As discussed during the last telco, we've identified a potential vulnerability in the current proposal at #545 that can happen under these conditions:
- The system relies on a key server to decrypt PSSH boxes instead of distributing private keys to end-users
- The configured public keys are reused for multiple devices, for example the keypairs are used for an entire customer account.
- A threat actor is authorized to view one (Camera X), but not all devices on that account
Under these conditions, if the threat actor retrieves encrypted files from other devices, it could request decryption of their PSSH boxes to the key server by claiming these are from Camera X.
The core of the issue is that the Key Server only has the PSSH box as context for its operations. Any other information (url, query parameters, etc) are under the control of the threat actor and cannot be trusted.
The solution to this is the use of the Info field of HPKE, which allows additional data to be used to authenticate the encrypted payload. The Key Server can then know the structure of that field, and perform validations on it, knowing that if the field was tampered, decryption will fail. The field value is provided by the client at configuration time.
@jmelancongen , Is this vulnerability only relevant when the same key is used across an entire organization, requiring permissions to be managed via the Info field? If we instead assign distinct certificates to user groups within the organization, would that mitigate the issue?
As soon as a public key is used with more than one device. The only mitigation (without this PR) would be to set a distinct keypair for each and every device in the system, which will make management and rotation of these quite painful in large deployments. This proposal resolves this problem using the mechanism that are designed specifically for this purpose