Exactly what does it take to establish absolute trust in our digital world?
Infineon, makers of a TPM (Trusted Platform Module) used in millions of deployments to compliment security deployments have come under fire recently with the announcement of ROCA, aka "Return of Coppersmith's Attack", also known as CVE-2017-15361, a security advisory exposing a factorization flaw that makes attacks on RSA private keys feasible.
In an effort to boost performance, the library constructs the underlying prime numbers in a way that makes it prone to factorization, which exposes the secret numbers underpinning the security of the technology. As a result; while factorizing a 2048 bit RSA key would normally take millions of CPU hours - the flaw reduces the time required to a fraction of the time.
The flaw exists in the Infineon-developed RSA Library (v1.02.013), in the algorithm responsible for the generation of RSA primes. It allows the keys to be created with smart cards rather than with general-purpose computers, which are easier to manipulate and hence aren't suitable for high-security uses. The library runs on hardware Infineon sells to a wide range of manufacturers using Infineon smart card chips and TPMs, which is then sold onto end users.
Researchers have successfully identified weak keys and have released a vulnerability test suite and publication (blog post) that goes into details eventually showing typical time complexity and cost requirements. They identified that RSA keys with lengths of 512, 1024 and 2048 bits would cost $0.06, $40-80 and $20k-40k respectively to factorize. Other encryption methods, such as ECC (Elliptic Curve Cryptography) are not affected by this vulnerability.
While the keys are much weaker than they should be; in perspective, it still takes significant resources and cost to factorize - for example, it would take just under half a month to factorize a 2048 bit RSA key on a 1,000-instance cloud deployment such as Amazon AWS. Currently; over 760,000 keys have been identified as vulnerable, but there could be many more.
Manufacturers; such as HP, Lenovo, Fujitsu, WinMagic, Microsoft and Google are scrambling to push out a security updates warning users of the weaknesses and recommending applying firmware updates where available to individuals and organizations. A number of embedded and IoT deployments are also known to be affected by the vulnerability.
The vulnerability was discovered by Slovak and Czech security researchers from the Centre for Research on Cryptography and Security at Masaryk University, Czech Republic; Enigma Bridge Ltd, Cambridge, UK; and Ca' Foscari University of Venice, Italy.