ROCA Crypto Flaw; Could be Worse than Krack Attack

Once the attack is complete, the attacker can then use the secret key to overcome any authentication

ROCA (aka, “Return of the Coppersmith’s Attack”) is another cryptographic vulnerability that has been discovered , with some even projecting that this is worse than the revealed Krack attack.

Jesse Victors, security consultant at Synopsys, said: "There’s been some very big news in the cryptographic world this week. So far, several technology news sites have highlighted the impact of a new vulnerability on Estonian and Slovakian smartcards, but the reach of this vulnerability is far wider than that.

"The vulnerability, formally assigned CVE-2017-15361 and called the Return of Coppersmith’s Attack, or ROCA for short, is a practical mathematical attack that allows an adversary to reveal secret keys on certified devices using this library. The key can be revealed offline, and no physical access to the affected device is required.

"Once the attack is complete, the attacker can then use the secret key to overcome any authentication or encryption systems that are in place on the affected device. Unfortunately, many certified devices are vulnerable. This flaw is present in NIST FIPS 140-2  and CC EAL5+ , two internationally adopted cryptographic standards.

"Based on the limited information released by the authors, we know that ROCA exploits a flaw in a software library that generates RSA keys. RSA is a public key cryptosystem widely used for digital signatures for authentication or encrypted messages for confidentiality. You will find RSA practically everywhere, even in the HTTPS on this web page.

"The authors have made it clear that this flaw is embedded into the hardware and firmware of many devices widely used across the globe. This makes it difficult to completely patch, but there are some mitigating controls. If you are using Windows, Microsoft has issued several updates that should address the issue.

"Google, HP, Lenovo, and Fujitsu have released updates for their software products as well. Estonian citizens can suspend the digital signature services of their smartcards if they choose. A new chip is in development in the meantime.

"As has discussed before on the Synopsys blog, crypto is fragile. RSA turned 40 years old this year and we still seem to struggle with using and implementing it correctly. The RSA algorithm described in 1977 is fast but unsafe and must be implemented carefully to avoid several padding oracle attacks  and information leaks. Numerous schemes have been introduced to address the flaws, which I consider this to be a flaw with RSA’s design and the complexity of standards. However, RSA was there first, and it’s one of our best public key encryption schemes, so it isn’t going away any time soon."


Tags assigned to this article:
roca Crypto Flaw Krack Attack

Advertisement

Around The World