ministero-salute / it-dgc-verificaC19-android

VerificaC19 is the official Italian customization of the EU Digital COVID Certificate Verifier App for the Android Operating System
https://www.dgc.gov.it
Apache License 2.0
101 stars 54 forks source link

Is the key revocation list working? #180

Closed djechelon closed 1 year ago

djechelon commented 3 years ago

This is a spin-off of #103

Here, I don't want to debate on the revocation on individual DGCs, but discuss something odd happened after the leak of blatantly fake DGCs (Hitler, Mickey Mouse...).

I was following the updates on Paolo Attivissimo's blog

Describe the bug

On October 27th, alleged Hitler certificates were considered invalid (the key was likely revoked) on my device. I can still see on Attivissimo's blog that Hiter's certificate was invalid

immagine

On October 28th, the certificates posted on the blog AND on #103 by user jumpjack are considered valid

Example certificate (invalid for Paolo Attivissimo, valid for me)

immagine

Expected behaviour

Once the revocation list has been updated with revoked keys, certificates issued with those keys must be invalid forever

Steps to reproduce the issue

As described, this is a time-related issue. Initially, the certificates were considered valid, but at least once in October 27th they were considered revoked.

Additional context

All DGC material (alleged QR codes) available at the Attivissimo blog I cited.

I deleted all app data and waited for it to update the revocation list.

Yet again, this issue does not discuss revoking individual fake certificates like #103, but only mass revocation of certificates allegedly issued with the same private key.

Valeri0p commented 3 years ago

The issue is of extreme importance, but while no official statement has been made, evidence suggests this is more probably a case of API abuse rather than a leak of the private key(s). Some references: https://github.com/ehn-dcc-development/hcert-spec/issues/103 https://github.com/denysvitali/covid-cert-analysis

Also it's interesting to note how other European countries have systems capable of revoking each certificate individually.

djechelon commented 3 years ago

But even if it's not a leak, why would some DGCs invalid yesterday become valid today? That is the scope of the issue. Once a single pass or a whole key is revoked, it should be permanent

jumpjack commented 3 years ago

But even if it's not a leak, why would some DGCs invalid yesterday become valid today? That is the scope of the issue. Once a single pass or a whole key is revoked, it should be permanent

Because the system manager was probably playing with enabling/disabling the private key used to generate the fake codes, and discovered that if he disable the key, some millions of valid greenpass are disabled too, so it enabled it back

MollerAndre commented 3 years ago

What happened revealed one of the weak points of the whole DCC thing. If one (ore more) DSC are compromised then there's no way to tell if a signed certificate is genuine or not (unless you verify it directly with the issuer) until the compromised key is revealed to the public. But how many other compromised keys are there on the dark web used by someone to produce fake but still valid certificates? We do not know.

However there are a few things we can do to improve reliability of apps like VerificaC19. One thing should by to compare the key IDs with their respective emitting countries (which are known). If i.e. a certificate of an italian citizen signed (according to the data in the code) by the official italian issuer is signed with the french key obviously is a fake.

The app, also, should show the country of the signing key so that a verifier can easily report to authorities those people who are from one nation but have certificates signed by another nation (of course all possible exceptions must be taken in account).

Just my two cents...

frankwalter1301 commented 3 years ago

Better leave this security vulnerability as it is because this green pass thing hurts human rights IMHO.

Just my two cents...

jumpjack commented 3 years ago

Fortunately the names of all persons refusing vaccine are recorded for posterity. It will matter.

djechelon commented 3 years ago

The app, also, should show the country of the signing key so that a verifier can easily report to authorities those people who are from one nation but have certificates signed by another nation (of course all possible exceptions must be taken in account).

@MollerAndre I disagree with the above statement. There are so many individual cases (e.g. a semi-permanent resident working abroad, people who traveled to get vaccinated in advance*) that trying to match the country of citizenship with the country of issuance of the DGC would reveal far too many false positives.

*Take Serbia as an intuitive example. While not EU country, there was a time a number of people used to fly to Belgrade just to get the injection 💉

@all others, please remain in topic. The topic is: a certificate was first revoked, then re-admitted to validity.

MollerAndre commented 3 years ago

@MollerAndre I disagree with the above statement. There are so many individual cases (e.g. a semi-permanent resident working abroad, people who traveled to get vaccinated in advance*) that trying to match the country of citizenship with the country of issuance of the DGC would reveal far too many false positives.

That's why I wrote that there are exceptions to take into account but consider, for example, italian citizens. If one of them shows a valid certificate signed with the key of Poland, France or another country it's just a bit suspect but still possible... if many of them star showing certificates from the same country that could only mean that there is a flaw in the system.

Valeri0p commented 3 years ago

I agree with @MollerAndre , since as far as we know the Italian servers have not been compromised till now and most of the vulnerable servers seem to be those of extra-EU countries (eg. Macedonia, Vietnam, etc...), I think it would be a very effective way to expose forged certificates regarding Italian citizens; it would be a little harder to tell for tourists and anyone that travels frequently for any reason, but I don't think the number of false positives would be excessive.

frankwalter1301 commented 3 years ago

I don't know where you got those informations, but compromised servers are from Italy, Germany and other countries too that I forgot to mention. So this is another motivation to not follow this way, other than the human rights thing, of course.

Il sab 30 ott 2021, 20:09 Valeri0p @.***> ha scritto:

I agree with @MollerAndre https://github.com/MollerAndre , since as far as we know the Italian servers have not been compromised till now and most of the vulnerable servers seem to be those of extra-EU countries (eg. Macedonia, Vietnam, etc...), I think it would be a very effective way to expose forged certificates regarding Italian citizens; it would be a little harder to tell for tourists and anyone that travels frequently for any reason, but I don't think the number of false positives would be excessive.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ministero-salute/it-dgc-verificaC19-android/issues/180#issuecomment-955571581, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOMI7TPQMPWUAQEESCMSDFLUJQ7HVANCNFSM5G4JVHWQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

MollerAndre commented 2 years ago

I don't know where you got those informations, but compromised servers are from Italy, Germany and other countries too that I forgot to mention. So this is another motivation to not follow this way, other than the human rights thing, of course. Il sab 30 ott 2021, 20:09 Valeri0p @.***> ha scritto:

So far there's no proof of fake certificates signed with the Italian key, do you have one? The only keys I know of are from Poland and France.

frankwalter1301 commented 2 years ago

I don't know where you got those informations, but compromised servers are from Italy, Germany and other countries too that I forgot to mention. So this is another motivation to not follow this way, other than the human rights thing, of course. Il sab 30 ott 2021, 20:09 Valeri0p @.***> ha scritto:

So far there's no proof of fake certificates signed with the Italian key, do you have one? The only keys I know of are from Poland and France.

Hi. I saw a certificate with the name of "UBISOFT MERDA" and another one with "NEGRO" and something else. I remember those being italian. Btw at the moment I don't have the QR code, but I asked my friend to provide it to me. So I will give you the QRs tomorrow hopefully.

MollerAndre commented 2 years ago

Hi. I saw a certificate with the name of "UBISOFT MERDA" and another one with "NEGRO" and something else. I remember those being italian. Btw at the moment I don't have the QR code, but I asked my friend to provide it to me. So I will give you the QRs tomorrow hopefully.

A certificate with Italian silly names doesn't necessary mean it was signed with the Italian private key. If you can find and attach those QR codes in this thread they can be analysed.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.