Unpatched Infineon Chips in Peril as Researchers Speed Up Encryption Key Attack Estonia’s smart ID card
Estonia has announced that it has invalidated the digital security certificates used in all smart ID cards, residence and digital IDs created since its program launched in 2014. The move comes over growing concerns that malicious attackers could recover secret RSA encryption keys from the publicly available keys generated by the cards’ digital certificates. Such key recovery poses an obvious risk to the country and its citizens, many of whom use the smart ID cards for healthcare purposes and e-voting.
“Our first priority is the protection of people’s health data, which is why blocking the certificates is the only conceivable option,” Jevgeni Ossinovski, Estonia’s minister for health and labor, says in a news release, announcing the Nov. 3 block. The country is now replacing those certificates over fears that they may have been compromised.
But the news recently turned worse, with a new research team reporting on Sunday that it’s found a way to uncover a secret key up to 25 percent faster than the original researchers’ technique, based in part on details published by the original researchers in 2016. And its findings have cryptographic implications for more than just Estonia and its smart ID card users.
Estonia’s Nov. 3 block of old certificates followed the mid-October announcement by the original research team that it had discovered a major cryptographic weakness in microchips made by Infineon Technologies that could allow a secret encryption key to be derived from a public key (see Researchers Say Faulty Code Jeopardizes Encryption Keys).
The faulty key generation software is present in unpatched Infineon’s Trusted Platform Module chips, which are types of controllers used to store highly sensitive information such as passwords, certificates and encryption keys. Many manufacturers use Infineon’s TPM chips, including HP, Lenovo, Fujitsu, Microsoft and Google. All have released patches, including Infineon.
Even Faster Key Recovery
Since then however, a faster key-recovery method was developed by Daniel J. Bernstein, a research professor at the University of Chicago, and Tanja Lange, chair of the Coding Theory and Cryptology group at Technische Universiteit Eindhoven in the Netherlands, who say their approach is based on the limited information published by the original research team.
“We figured out the main ideas within a day,” Bernstein and Lange write in a Sunday blog post. “Within a week we sent the authors our own attack software running even faster than theirs. We certainly weren’t working full time on this during the week.”
Bernstein and Lange didn’t immediately respond to a request for further information.
But Bernstein and Lange say they were able to engineer their faster method based merely on the limited technical information released by the original researchers in mid-October. The full research, called “The Return of Coppersmith’s Attack,” or ROCA for short, was withheld for two weeks to give organizations time to apply Infineon’s patch.
Source: Center for Research on Cryptography and Security
Previously, researchers believed that a successful attack against keys longer than 2,048 bits was either computationally or financially out of reach of most attackers. But Bernstein and Lange say their method is between 5 to 25 percent faster than the original method and could be accomplished more cheaply.
Bernstein and Lange stopped short of criticizing how the original team, from the Centre for Research on Cryptography and Security at Masaryk University in the Czech Republic; Enigma Bridge, a U.K. company; and Ca’ Foscari University in Venice, Italy, initially publicized their findings.
But they warned that “what we are saying is that from a security perspective, this information was in a fact the critical information in the paper,” since they were able to use it to themselves build a working attack.
They pointed out that RSA keys are used not only for digital signatures, such as in the Estonian ID cards, but also for encryption. Even if users of vulnerable keys patched and generated new keys, any cipher text – aka encrypted text – that had been generated using the weaker keys would still be vulnerable.
Does Vulnerability Information Help or Hurt?
Bernstein and Lange ask if the researchers’ release of even general information about this security vulnerability helped or hurt users’ security. Of course that’s not the first time this question has been asked in situations involving computer security problems. And there’s no easy answer.
One upside to publicizing an issue by releasing limited technical details is that it raises awareness and allows users to take action. On the downside, even describing a vulnerability in vague detail – or the mere fact that there’s a vulnerability – may enable clever attackers to begin unwinding the mystery. Hackers have long reverse-engineered patches from Microsoft and other technology giants to identify and exploit the flaws they fix.
Bernstein and Lange argue that a paper published in August 2016 by the original research team would have been the ideal place and time to impart a few clues that could have been used by others to begin probing the Infineon chip problem. That paper noted that Infineon encryption keys appeared to be non-random.
Non-randomness, or predictability, is a frequent encryption scheme Achilles heel. Public and private encryption keys get created by multiplying together very large prime numbers, and these combinations should always be random. But the weakness in Infineon’s generation of RSA keys allows the researchers to develop a “factoring” method to quickly break down those multiples.
Factoring a weak Infineon public key – which is distributed freely – could then allow for the calculation of the private key, jeopardizing encrypted information or allowing someone to replicate someone else’s digital signature.
“Attackers could already have figured out the whole attack from these details,” Bernstein and Lange contend of the August 2016 paper. “Or attackers could have looked at the Infineon keys on their own and found the same information. Our best guess is that serious attackers found the Infineon vulnerability years ago and have been quietly exploiting it since then.”
Original Research Team Responds
Information Security Media Group reached out to Matus Nemec of Masaryk University and Ca’ Foscari University of Venice, who was one of the authors of the ROCA paper. Nemec says Bernstein and Lange contacted the authors about their discovery.
When Nemec’s team released the limited information, they also publicized a tool that would allow people to detect if their public keys were affected. That vulnerability detection script helped Bernstein and Lange “reconstruct the attack from the publicly released information,” Nemec says.
“It can’t be ruled out that somebody else discovered the attack,” Nemec tells ISMG. “Then the next step would be to publish or exploit.”
Estonia Takes Action
Even before the faster key-cracking research came to light, Estonia on Thursday said it would invalidate all security certificates on 750,000 ID cards, residence permits and digital IDs created since October 2014, all of which have the weak keys.
The government had originally planned to let citizens update their certificates using a home PC or in-person over a five-month period starting this month.
But the Estonian government says that the flaw had been brought “to the attention of international cybercrime networks which have significant means to take advantage of the situation.” The country is prioritizing the replacement of digital certificates used by healthcare professionals and civil servants.