ROCA: Return Of the Coppersmith Attack

Posted Nov 14, 2017 17:37 UTC (Tue) by tialaramex (subscriber, #21167)
Parent article: ROCA: Return Of the Coppersmith Attack

An interesting (?) thing I had found independently and which is mentioned in their paper is that there exist keys which were obviously not constructed by Infineon's RSAlib (or at least, not by the version we've all seen now) because the top bits are wrong - but which match the ROCA fingerprint.

In theory such keys could exist by chance, but at billions-to-one odds, so that we might be surprised to see one, and should be astonished to see more. In practice there seem to be at least a handful and perhaps dozens in certificates for the Web PKI.

It remains on my TODO list to figure out if the public keys I found are especially _more_ vulnerable than the general case discussed in the ROCA paper. Their properties are even weirder, and my intuition is that weird is bad, but my mathematics isn't good enough to turn that intuition instantly into anything concrete. At the very least their existence suggests either:

Infineon weren't the only people to have whatever bad idea is embodied by RSAlib, someone else independently made the same error
OR
Infineon also shipped other devices that pretend not to be using RSAlib but are anyway.

When I saw that these keys were mentioned in the paper at all my heart leapt - but they dismiss them, which might mean they are much smarter than me and saw there's nothing very interesting going on (just more of the same) or perhaps it just means that life is short and they, unlike me, moved on to other things. Still, at least they were mentioned, so I know I'm not hallucinating.

ROCA: Return Of the Coppersmith Attack

Posted Nov 14, 2017 23:52 UTC (Tue) by ballombe (subscriber, #9523) [Link]

It is very easy to create keys that matches the ROCA fingerprint but that are not vulnerable to
Coppersmith attack.

ROCA: Return Of the Coppersmith Attack

Posted Nov 17, 2017 17:34 UTC (Fri) by flussence (guest, #85566) [Link] (2 responses)

Sounds like Yubico's chickens are coming home to roost. Maybe the expense of having to replace every single unit of their proprietary model will make them rethink their roadmap.

ROCA: Return Of the Coppersmith Attack

Posted Nov 19, 2017 21:42 UTC (Sun) by nix (subscriber, #2304) [Link] (1 responses)

The problem here is not "proprietary". The problem is "not field-upgradeable", but... for something like a Yubikey, an absolute guarantee that it cannot be upgraded via the USB port seems distinctly valuable, because it means attackers that get root on a machine using a Yubikey *cannot* replace its firmware and violate its security properties. Perhaps some other way to upgrade it might be provided, but I'm not sure what that might be. Requiring a physical touch, maybe, only lots of other things also require a physical touch and it's not always clear which is being asked for, so an attacker could in theory launch something that looked like it was asking for, say, an HMAC-SHA1 auth with touch, but actually ask for a firmware upgrade, and then you lose...

ROCA: Return Of the Coppersmith Attack

Posted Nov 20, 2017 14:12 UTC (Mon) by tialaramex (subscriber, #21167) [Link]

Unlike the "touch to authenticate" step this is a very rare case so it might be fine to have it require say, a weird dance like "hold the touch sensor for 15 seconds, then release it for 15 seconds, repeat this four times before running the update software" or "tap the sensor in the pattern tap; pause; tap-tap-tap; pause; tap; pause; tap-tap-tap; pause; tap".

Unfortunately all these types of solutions are also vulnerable to a problem where somebody nicks your Yubikey, field upgrades it to a version that works against you, then gives it back. Being obliged to send the device away to the manufacturer partly averts this attack. Of course a _very_ sophisticated adversary might be able to produce a look-alike device that suits their purpose and can be substituted quickly, for example by pick-pocketing. For example if you're Bill Browder, then sure, even the current arrangement isn't going to keep you safe from the type of forces able to have your associates murdered with impunity and then blame you for their deaths. But most of us aren't Bill Browder.