October 17, 2017 // 10:54 a.m.
Researchers have published the discovery of a key generation flaw in security chips produced by Infineon Technologies since at least 2012 and which allows attackers to turn a public RSA cryptographic key into its private half.
Public-key, or asymmetric, cryptographic systems work through so-called 'trapdoor' functions, mathematical functions which are easy to do in one direction and hard in the other - such as multiplying two numbers together to get a third larger number, which is significantly easier than figuring out precisely which two numbers were multiplied when all you have is the third number. These functions are used to generate a key pair, which is comprised of a public key and a private key; the public key is published far and wide for people to use when encrypting data for your eyes only or verifying your electronic signature, while the private key belongs only to the key holder and is used to decrypt data and create said signatures.
Public key cryptography only works if there's no feasible way to get from a public key to the matching private key, but a flaw published late yesterday by a team at the Centre for Research on Cryptography and Security (CRoCS) demonstrates the ability to do exactly that on any 2,048-bit or smaller RSA key generated using Infineon security chips produced since at least 2012 and found in smart cards, authentication tokens, government identity documents, and - ironically enough - Trusted Platform Modules (TPMs) designed to increase the cryptographic security of a computer system.
'The algorithmic vulnerability is characterised by a specific structure of the generated RSA primes, which makes factorisation of commonly used key lengths including 1024 and 2048 bits practically possible,' the team's paper explains. 'Only the knowledge of a public key is necessary and no physical access to the vulnerable device is required. The vulnerability does NOT depend on a weak or a faulty random number generator - all RSA keys generated by a vulnerable chip are impacted. The attack was practically verified for several randomly selected 1024-bit RSA keys and for several selected 2048-bit keys.'
Products affected by the flaw have been distributed far and wide, but the team has been working with the industry to patch the hole and regenerate affected keys: Microsoft, Google, HP, Lenovo, and Fujitsu have all issued updates. A bigger concern is that the affected Infineon products were all cleared under the NIST FIPS 140-2 and CC EAL 5+ security standards, which should have detected and flagged such a serious flaw in their key generation capabilities.