Researchers have revealed several substantial vulnerabilities this month. First Krack and now ROCA, also known as the ‘Return of Coppersmith's Attack.’
This newly discovered vulnerability places a wide range of machine identities at risk because it targets the software library utilized by hardware chips manufactured by Infineon Technologies AG. These chips are vulnerable to a factorization attack, in which the perpetrator can compute the private part of an RSA key.
The ROCA vulnerability raises questions about the security of Trusted Platform Modules (TPMs). These secure cryptographic integrated circuits can be found embedded in chipsets and they implement the triad of security: confidentiality, integrity and authenticity.
TPMs are relied on to secure enterprises in all kinds of ways, including:
- Random password generation
- Secure digital credentials in password and key vaults
- Symmetric key management
- Smart cards
- Fingerprint readers
- Multi-factor authentication devices
- File, disk, data encryption
- System, file, and data access controls
- System integrity validation and authentication
- VPN/WIFI authentication and encryption
- Routers, switches, firewalls, proxies, load balancers – All layers of the network OSI model that create encryption
In addition, TPM hardware modules exist in personal computers, servers, and networking devices, and they are also used in Hardware Security Modules (HSM), mobile phones and IoT devices.
Unfortunately, researchers have determined that public keys can be factored into revealing the prime number used to generate encryption. Cryptographic best practices would require that both the public and private key would be randomly generated before being multiplied to create a strong encryption key.
However, in the case of this vulnerability the Infineon library was not generating truly random prime numbers. Thus, the prime number could be derived and compromised. Currently, the confirmed number of vulnerable keys found is about 760,000, but there is a possibility that up to two to three magnitudes more are vulnerable.
The widespread impact of this attack is just being realized. Previously, we had trust concerns with TPMs. TPM security relies entirely on the manufacturer and the authorities in the country where the hardware is produced and their securing of the private endorsement key. This practice has many security experts worried.
On a positive note, remediation has already begun a few vendors have released patches and the Centre for Research on Cryptography and Security suggests organizations take the following steps for remediation:
- Apply the software update if available.
- Replace the device with one without the vulnerable library.
- Generate a secure RSA keypair outside the device and import it to the device.
- Use other cryptographic algorithm (e.g., ECC) instead of RSA on affected devices.
- Apply additional risk management within your environment, if the RSA key in use is detected as vulnerable.
- Use key lengths which are not currently impacted (e.g., 3936 bits) by our factorization method. Be aware: use this specific mitigation only as a last resort, as the attack may be improved.
In addition, the Centre also provides a tool to check whether keys are vulnerable: https://keychest.net/roca and entering a public key there.
How secure are your public keys?