the goal of the research (roca) - … · @crocs_muni rsa is more than a description of basic...

15
https://crocs.fi.muni.cz @CRoCS_MUNI Petr Švenda [email protected] @rngsec Centre for Research on Cryptography and Security, Masaryk University Joint work with: Matúš Nemec, Marek Sýs, Dušan Klinec, Peter Sekan, Rudolf Kvašnovský, David Formánek, David Komárek and Vashek Matyáš The goal of the research (ROCA) From small bias in RSA public keys to practical factorization of widely used RSA moduli

Upload: vankien

Post on 03-Sep-2018

216 views

Category:

Documents


0 download

TRANSCRIPT

https://crocs.fi.muni.cz @CRoCS_MUNI

Petr Švenda [email protected] @rngsec

Centre for Research on Cryptography and Security, Masaryk University

Joint work with: Matúš Nemec, Marek Sýs, Dušan Klinec, Peter Sekan, Rudolf

Kvašnovský, David Formánek, David Komárek and Vashek Matyáš

The goal of the research (ROCA)

From small bias in RSA public keys to practical

factorization of widely used RSA moduli

https://crocs.fi.muni.cz @CRoCS_MUNI

RSA primer – what does it mean and why should I care?

• RSA is widely used public-key cryptosystem (1977)

• Used for digital signatures (mail, software distribution, contracts…)

• Used for key exchange (HTTPS/TLS, PGP…)

• Private part: random primes P and Q, private exponent d

• Public part: public exponent e (often 65,537), modulus N

• Factorization attack: compute primes P and Q from the knowledge of N

2 The Lessons We Learned, Tallin, 2018.05.09

P x Q = N

https://roca.crocs.fi.muni.cz

https://crocs.fi.muni.cz @CRoCS_MUNI

RSA is more than a description of basic algorithm

• Proper key lengths, key management, secure and optimized

implementation, certifications, adaptation to changes…

• RSA security over time:

– 512 bits originally assumed secure, now 2048 to be phased out in 2022 (BSI)

– Faster factorization algorithms (NFS) with faster machines, quantum computers

– Design and coding flaws, faulty TRNG, side-channel attacks, padding oracles…

• BTW: Banks are still using very short RSA key lengths

– 768 & 896 bits (7 out of 11 tested EMV cards issued by EU banks)

– No security margin for problems

3 The Lessons We Learned, Tallin, 2018.05.09

https://crocs.fi.muni.cz @CRoCS_MUNI

Why we targeted Estonian eIDs? (we haven’t)

• Long relationship with smartcards, JavaCards and FOSS

– Analysis for Czech National Security Authority (2002-2009)

– JCAlgTest.org, JCMathLib, CesTa, JCProfiler, curated list of JC apps…

• Cryptographic smartcards are pervasive (SIM, EMV, eID, tokens…)

• Yet smartcard industry is very closed

– NDA just to see detailed specifications, proprietary APIs, no design details…

• Security certifications performed by testing labs (FIPS, CC)

– But details are not public

• Idea in 2014: Infer details using keys similarity to open-source libraries

4 The Lessons We Learned, Tallin, 2018.05.09

https://crocs.fi.muni.cz @CRoCS_MUNI

• Various implementation choices to generate large primes P & Q

• Small bias, but enough to attribute public key to particular library

– Best paper award at USENIX Security 2016

The Lessons We Learned, Tallin, 2018.05.09

Distribution of primes (MSB) Large factors of p-1 / p+1 Number of factors

and more…

Bit stream statistics

60+ million fresh RSA keypairs (P, Q, N)

)

22 sw. libraries

16 smartcards

5

https://crocs.fi.muni.cz @CRoCS_MUNI

But we were unaware on far bigger issue that time

6 The Lessons We Learned, Tallin, 2018.05.09

Primeexpected = random

PrimeInfineon = k * M + 65537a mod M

https://roca.crocs.fi.muni.cz

https://crocs.fi.muni.cz @CRoCS_MUNI

Algorithmic flaw in Infineon’s RSALib (CVE-2017-15361)

• All keys generated by vulnerable Infineon library are affected

• Practical factorization of common lengths 512/1024/2048b (+ others)

• All public keys have unique “fingerprint” (easy to scan for)

– Tool for detection, https://github.com/crocs-muni/roca/

• Tool for factorization (made public by Lange&Bernstein, 5th Nov)

– Our implementation of factorization tool provided to Infineon in February 2017

– Random 2048b key: 6442450944000000 vCPU years

– Infineon 2048b key: 140 vCPU years

7 The Lessons We Learned, Tallin, 2018.05.09

https://roca.crocs.fi.muni.cz

Attack is perfectly parallelizable

1000 cores => 1000x speedup

https://crocs.fi.muni.cz @CRoCS_MUNI8 The Lessons We Learned, Tallin, 2018.05.09

https://roca.crocs.fi.muni.cz

Austria, Estonia,

Slovakia, Spain…

25-30% TPMs worldwide,

BitLocker, ChromeOS…

Firmware update available

Commit signing,

Application signing

GitHub, Maven…

Gemalto .NET

Yubikey 4…Yubikey 4…

Very few keys, but all tied

to SCADA management

https://crocs.fi.muni.cz @CRoCS_MUNI9 The Lessons We Learned, Tallin, 2018.05.09

3936b

3072b

512b, ~¢11024b, ~$2

2048b, ~$1000

4096b

https://roca.crocs.fi.muni.cz

Estimated energy-only cost

https://crocs.fi.muni.cz @CRoCS_MUNI

What were the necessary components for this attack?

1. Knowledge of primes format as generated by vulnerable library [2002?]

– Certified, but publicly unknown and proprietary

– Strange distribution of N % small primes (USENIXSec paper + tech report) [Summer 2016]

– About three weeks to recover structure of primes [January 2017]

• Probably faster if we knew method of M. Joye, P. Paillier, S. Vaudenay [2000, 2006]

2. Coppersmith factorization method as black-box solver [1996]

– Given half of bits of one prime and N, primes P and Q can be computed (SageMath script)

3. Primes format transformation trick [January 2017]

– Idea of attack and working prototype one week after the knowledge of primes recovered

10 The Lessons We Learned, Tallin, 2018.05.09

Prime = k * M + 65537a mod M

Strange distribution tester enough to:

1. Recover structure and

2. Propose faster attack within three days

(T. Lange & D. Bernstein, October 2017)

https://crocs.fi.muni.cz @CRoCS_MUNI

This particular flaw on Infineon side, but wider problem

• “We will make it secure, just trust us” mentality

• Why such a strong secrecy around the whole smartcard industry?

– I cannot buy newer cards (lucky if ICFabDate is 2015)

– Security best practices checklist for JC development available only after NDA…

– I cannot use more secure version of crypto functions (not exposed via public API)

– Research prototypes using ECPoint cannot be published (NDA)

• Smartcards not secure enough if more complete information published?

– What is the attacker model here?

– (not calling for open-source hardware, but more openness beneficial)

11 The Lessons We Learned, Tallin, 2018.05.09

https://crocs.fi.muni.cz @CRoCS_MUNI

Why we haven’t notified Estonia earlier?

12 The Lessons We Learned, Tallin, 2018.05.09

https://roca.crocs.fi.muni.cz

• (NIST responsible disclosure guidelines followed)

• End of January 2017: Proof of Concept attack (1024b keys factorized)

• Feb 1st: Infineon notified (email to contact at crypto group)

• Mid May: First Infineon’s customers contact us back for verification

– Change of some PGP keys in second half of April

• Jun 20th: Incident report ID 163484, Austria eHealth certs revoked

– Countries around Europe should have been notified

– BUT: unspecific third party failure, concrete vendor named (but not Infineon)

https://crocs.fi.muni.cz @CRoCS_MUNI

Responsible disclosure (cont.)

13 The Lessons We Learned, Tallin, 2018.05.09

https://roca.crocs.fi.muni.cz

• Begin of Aug: CCS reviewer suggests to test EE LDAP

• Last week Aug: fresh vulnerable EE certs detected (LDAP scan)

• Aug 30th: EE CERT formally contacted by us

• Sept 5th: Estonia publicly announced eID issue

• Oct 10th: Microsoft Patch Tuesday (TPMs, BitLocker)

• Oct 16th: Public disclosure: vulnerability, detection tool released

• Oct 23rd: Lange& Bernstein announced faster attack

• Vulnerable devices from year 2007 found (Gemalto IDPrime .NET)

• Oct 30th: Full paper with details published (ACM CCS’17)

https://crocs.fi.muni.cz @CRoCS_MUNI

Systematic removal of single point of failure

14 The Lessons We Learned, Tallin, 2018.05.09

ACM CCS’17, BlackHat/Devcon’17

• Secure multi-party computation

• Suite of ECC-based multi-party protocols proposed

– Distributed key generation, ElGamal decryption, Schnorr signing

• Efficient implementation on JavaCards

120 cards => 30 quorums

=> 230+ decrypts / second

=> 60+ signatures / second

https://crocs.fi.muni.cz @CRoCS_MUNI

Conclusions

• Secret design => delayed flaw discovery => higher impact

• Prevent a single point of failure

– Secure multi-party computation (Smart-ID, Schnorr signatures…)

• Be prepared to revoke, patch and update everything

• Personal connections matter

15 The Lessons We Learned, Tallin, 2018.05.09

Questions

https://roca.crocs.fi.muni.cz

+ => Aug 30th

[email protected]