Security researchers at Masaryk University (Czech Republic) have uncovered a critical algorithm vulnerability (CVE-2017-15361) in the implementation of the RSA key pair generation by the German manufacturer Infineon's Trusted Platform Module (TPM). of Semiconductor Infineon Technologies.
This vulnerability (CVE-2017-15361) lies in the generation of RSA keys made by Infineon's Trusted Platform Module (TPM). Infineon’s Trusted Platform Module (TPM) is a widely used microcontroller designed to secure hardware by integrating cryptographic keys into devices and is used for secure encryption processes.
The factorization attack introduced by the researchers has been termed ROCA (Return of Coppersmith's Attack) and allows a remote attacker to reverse a private encryption key with only a public key, without the need to physically access the vulnerable device. The vulnerability does not depend on a faulty number generator, but on all RSA keys affected by a vulnerable chip.
In this way, the attacker can impersonate the owner of the key, decrypt the sensitive data of the victim, inject malicious code into digitally signed software and bypass the protections that prevent access to or interfere with the affected computer.
The ROCA attack affects chips manufactured by Infineon from 2012 and is viable in common length keys, including those of 1024 and 2048 bits, used mainly in national identity documents, PC motherboards for safe storage passwords, authentication tokens, during secure browsing, signing software and applications, and protecting messages such as PGP.
The vulnerability also weakens the security of government and protected corporate computers using the Infineon chip and cryptographic library. Most Windows and Google Chromebook devices developed by HP, Lenovo and
Fujitsu are among those affected by the ROCA attack. Vulnerable keys have been analyzed in several domains, including electronic citizenship documents, authentication tokens, trusted startup devices, software packages, and TLS / HTTPS and PGP keys.
The TCAT certificates on card issued by the AOC Consortium in all its areas of action they are not vulnerable to this attack because no hardware device of those affected by this vulnerability was used in generating the keys that compose them. Therefore ALL certificates of the AOC Consortium are not affected by this vulnerability.
Security researchers posted a short post about the defect (https://crocs.fi.muni.cz/public/papers/rsa_ccs17), which includes various detection, mitigation and solution tools, including an online tool (https://keychest.net/roca) to check if the RSA keys are vulnerable.
The Hacker News: Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in
Billions of Devices
https://thehackernews.com/2017/10/rsa-encryption-keys.html
CRoCS wiki: ROCA: Vulnerable RSA generation (CVE-2017-15361)
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
