Jan 10, 2018

The Return of ROCA


 

The Return of Coppersmith’s Attack (ROCA) is a recently discovered vulnerability in a cryptographic library used in some Infineon Technologies AG chips. It enables an attacker to practicably determine an RSA private key given an RSA public key. Quantum computers, while still in their infancy, will one day be capable of finding private keys like those used in RSA and other asymmetric cryptographic algorithms. So why should one care? Both the ROCA vulnerability and quantum computers are a threat to systems and processes that rely on asymmetric cryptographic algorithms.

Asymmetric cryptographic algorithms like those of RSA are fundamental technologies used to secure much of today’s digital world. For example, they are used to authenticate websites, secure internet stores and bank transactions, secure email transactions, digitally sign documents, digitally time stamp documents, encrypt hard drives, enable access to building and information systems, and to help secure blockchain transactions. More generally, the strength of asymmetric cryptography helps ensure that such transactions can be trusted and are reliable. So where a particular instance of one of these algorithms has significant market penetration and is compromised, it’s a big deal. Basically, the trustworthiness and reliability of transactions secured by the compromised algorithm are put into question.

One of the greatest compromises that can occur is if a bad actor were able to determine a private key given its associated public key. In properly functioning asymmetric cryptographic systems, it is unrealistic that this would occur. If a bad actor were able to do this, however, they could change digitally signed data, decrypt encrypted data and impersonate digital signers at will and undetected until remedial measures could be taken. This could be particularly problematic if a root Certificate Authority (CA) private key were compromised as it could effectively nullify trust in the transactions of the CA and its subscribers.

The ROCA vulnerability is a compromise of a particular implementation of RSA key generation in Infineon chips – it is not applicable to all RSA implementations. The suspect Infineon RSA keys are generated in such a way that an attacker could realistically determine the prime factors of a resultant public key and, thereby, readily generate the associated private key. While an exhaustive list of systems affected by the ROCA vulnerability remains outstanding, the usage domains affected by the ROCA vulnerability include: Identity documents (eID, eHealth cards); Trusted Platform Modules (Data encryption, Platform integrity); Software-signing, Secure browsing (TLS/HTTPS); Authentication tokens; Message protection (S-MIME/PGP); and Programmable smartcards. Presently, remediation is underway by many vendors.

A real-world impact of the ROCA vulnerability is the action by Estonia to block the certificates of 760,000 ID cards as of the evening of 3 November 2017. This action helps stop future potential harm. However, the extent of harm done is important to watch over time and learn from. For example, digital signatures of electronic documents that were digitally signed using ROCA affected Estonian ID cards are now questionable.

While the ROCA vulnerability is a present-day concern, quantum computers similarly are a future threat to some current asymmetric cryptographic algorithms. Once realized, quantum computers of sufficient strength will readily be able to determine private keys given an associated public key for some asymmetric algorithms. Some believe this capability to be 10 to 15 years away. Until then, however, a significant and present concern is that of a bad actor collecting encrypted communications today for decryption later when a quantum computer capability to decrypt is available.

The ROCA vulnerability is a threat to some implementations of RSA asymmetric cryptography. Quantum computers are a future threat to a greater set of asymmetric cryptographic algorithms. While remedial measures are being taken for the ROCA vulnerability and researchers and governments are working to develop and test quantum resistant algorithms, these activities take time. Asymmetric cryptographic algorithms like RSA are presently a major technical enabler of trust in our digital global economy. Where such algorithms are found vulnerable, trust in our digital transactions becomes eroded. It is increasingly important to understand, be aware of, and develop mitigation strategies against vulnerabilities like ROCA and the growing ability to break cryptographic algorithms through quantum computing.

Share on Twitter
Share on Facebook

Ron Sulpizio is an engineer and lawyer with 25 years of information technology experience, specializing in identity and access management, policy writing, cryptography systems, cybersecurity, information sharing, export regulation, privacy and patent prosecution. Ron has been part of the PKH Enterprises team since 2016.