Research: Infineon chips produce insecure RSA keys
Researchers have discovered a flaw in the way chips from Germany’s Infineon generate rsa keys. This makes it possible to retrieve a private key with a public key. Several companies have been affected, including Microsoft and Google.
The researchers presented their findings under the name Roca. The vulnerable implementation is contained in an Infineon rsa software library, which is used in, among other things, smart cards, trusted platform modules and Estonia’s ID cards. The poor implementation is said to have been present since 2012. Microsoft, Google, Lenovo, HP and Fujitsu, among others, have now released patches or work-arounds to solve the problem. Yubico has also been affected. The researchers emphasize that rsa itself is not unsafe. They found the vulnerability by analyzing a large number of RSA keys in smart cards.
The RSA keys produced by the chips are susceptible to a so-called factorization attack. This means that the public key can reveal the private key, which should never happen. According to the researchers, it is possible to crack a 512-bit key in 2 CPU hours with an Intel E5-2650 v3 at 3GHz. For a 1024bit key that is 97 days and a 2048bit key requires 140 years. There would be no way to attack 4096-bit keys yet, although there might be once the attack has improved.
For example, by accessing a private key, an attacker can impersonate the target or view encrypted communications, the researchers said. They looked for vulnerable keys in, for example, ID cards, tpms, https or tls keys and pgp. They found 760,000 vulnerable keys, but estimate that it could be two or three times as many.
They have provided an online tool where users can check a public key for the vulnerability. An offline version is also available. The researchers, Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas, will present their findings at the ACM conference, which will take place in the US at the end of this month, where the Krack attack will also be presented.