After several vendor announcements last week, the details of Infineon’s RSA key generation vulnerability finally became available today. The attack calculates the value of the private key and requires only knowledge of the public key.
The vulnerable chips are pervasive and not necessarily sold directly by Infineon Technologies AG, as the chips can be embedded inside devices of other manufacturers.
The bug was detected by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas at Masaryk University in Brno. The result appears in a forthcoming paper at the ACM CCS conference.
How does it work?
At Cryptosense we’ve worked with the Brno group for some time and they were kind enough to share their results with us ahead of disclosure. Since full details of the attack have not yet been revealed, we won’t discuss them here. However, a certain amount of information is now public.
The same team of researchers published a paper last year at USENIX 2016 (winning the best paper award) that described how to discern which cryptographic library or hardware device had been used to generate a given RSA key based purely on observing the public key. This works because different libraries follow slightly different algorithms and this information can leak into the final key.
In their latest work, as the title of the paper indicates, Coppersmith’s technique is used. This cryptanalysis method, first made public at EUROCRYPT in 1996, can be applied to a situation where a public key is known as well as some partial information about one of the primes p,q included in the modulus.
In treating a large corpus of keys and learning their fingerprints, the researchers came across a pattern that was enough to not just identify the library, but also to infer enough information about the primes to apply a variant of Coppersmith’s technique.
The attack can be applied to almost any public key created by the vulnerable library. In particular, any key of 1024 or 2048 bit size is vulnerable.
What should I do?
If you are responsible for security for an organisation with a lot of RSA keys, you’ll want to know the extent of your exposure – if any.
It is known that the Infineon chip was widely used in TPMs, certain tokens used for two-factor authentication and various eID cards in countries such as Estonia. It is likely present in other devices. Expect more details to emerge in the coming days.
In the meantime, to find out if a public key is vulnerable, you can use the site of the CRoCS research group on the Brno university webpage, or you can submit it to our free RSA Keytester in which case you’ll also benefit from the results of a batch-GCD test of your key against our key database. The batch-GCD test picks up a different kind of problem first made public in 2012 but that still affects tens of thousands of deployed keys on the Internet.
If you do have vulnerable keys, keep in mind that the attack requires a certain amount of computational resource. Against 1024 bit keys, it is cheap ($60-70 on AWS) and relatively fast, but to break 2048 bit keys takes significant time and/or money ($40k on AWS) and/or computer hardware (the attack is easy to parallelize, so you can trade off time against number of CPUs). Standards bodies have deprecated 1024 bit keys for some time, but the reality is they still lurk in many enterprise networks. This incident is a good excuse to mobilise resources to get rid of them.
If your organisation manages a large number of keys, we have a professional version of our Keytester tool allowing you to submit keys via a web API. Once the keys are submitted, we can keep you updated about new issues – at the same time the Infineon flaw was announced, we sent notification to the hundreds of people who have already submitted keys to the Keytester about the vulnerability status of their keys against this new attack. Get in touch if you would like to find out more.