The ROCA vulnerability is a

cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...

weakness that allows the private key of a key pair to be recovered from the

public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...

in keys generated by devices with the vulnerability. "ROCA" is an acronym for "Return of Coppersmith's attack". The vulnerability has been given the identifier . The vulnerability arises from a problem with an approach to RSA

key generation Key generation is the process of generating keys in cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted. A device or program used to generate keys is called a key generator or keygen. Generation in crypt ...

used in vulnerable versions of a

software library In computer science, a library is a collection of non-volatile resources used by computer programs, often for software development. These may include configuration data, documentation, help data, message templates, pre-written code and subr ...

, ''RSALib'', provided by

Infineon Technologies Infineon Technologies AG is a German semiconductor manufacturer founded in 1999, when the semiconductor operations of the former parent company Siemens AG were spun off. Infineon has about 50,280 employees and is one of the ten largest semicond ...

, and incorporated into many

smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...

Trusted Platform Module Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ch ...

(TPM), and Hardware Security Modules (HSM) implementations, including

YubiKey The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Fac ...

4 tokens, often used to generate

PGP PGP or Pgp may refer to: Science and technology * P-glycoprotein, a type of protein * Pelvic girdle pain, a pregnancy discomfort * Personal Genome Project, to sequence genomes and medical records * Pretty Good Privacy, a computer program for the ...

keys. Keys of lengths 512, 1024, and 2048 bits generated using these versions of the Infineon library are vulnerable to a practical ROCA attack. The research team that discovered the attack (all with

Masaryk University Masaryk University (MU) ( cs, Masarykova univerzita; la, Universitas Masarykiana Brunensis) is the second largest university in the Czech Republic, a member of the Compostela Group and the Utrecht Network. Founded in 1919 in Brno as the seco ...

and led by Matúš Nemec and Marek Sýs) estimate that it affected around one-quarter of all current TPM devices globally. Millions of

s are believed to be affected. The team informed Infineon of the ''RSALib'' problem in February 2017, but withheld public notice until mid-October, citing

responsible disclosure In computer security, coordinated vulnerability disclosure, or "CVD" (formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible partie ...

. At that time they announced the attack and provided a tool to test public keys for vulnerability. They published the details of the attack in November.

Technical details

Generating an RSA key involves selecting two large randomly-generated

prime number A prime number (or a prime) is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways ...

s, a process that can be time-consuming, particularly on small devices, such as smart cards. In addition to being primes, the numbers should have certain other properties for best security. The vulnerable ''RSALib'' selection process quickly creates primes of the desired type by only testing for primality numbers of the form: :

k * M + (65537^a \mod)

where

M

is the product of the first ''n'' successive primes (2, 3, 5, 7, 11, 13,...), and ''n'' is a constant that only depends on the desired key size. The security is based on the secret constants

k

and

a

. The ROCA attack exploits this particular format for primes using a variation of the

Coppersmith method The Coppersmith method, proposed by Don Coppersmith, is a method to find small integer zeroes of univariate or bivariate polynomials modulo a given integer. The method uses the Lenstra–Lenstra–Lovász lattice basis reduction algorithm (LLL) t ...

. In addition, public keys generated this way have a distinctive fingerprint that can be quickly recognized by attempting to compute the

discrete logarithm In mathematics, for given real numbers ''a'' and ''b'', the logarithm log''b'' ''a'' is a number ''x'' such that . Analogously, in any group ''G'', powers ''b'k'' can be defined for all integers ''k'', and the discrete logarithm log''b' ...

of the public key mod

M

to base

65537 65537 is the integer after 65536 and before 65538. In mathematics 65537 is the largest known prime number of the form 2^ +1 (n = 4). Therefore, a regular polygon with 65537 sides is constructible with compass and unmarked straightedge. Johann ...

. Computing discrete logarithms in a large group is usually extremely difficult, but in this case it can be done efficiently using the

Pohlig–Hellman algorithm In group theory, the Pohlig–Hellman algorithm, sometimes credited as the Silver–Pohlig–Hellman algorithm, Mollin 2006, pg. 344 is a special-purpose algorithm for computing discrete logarithms in a finite abelian group whose order is a smoot ...

because

M

is a

smooth number In number theory, an ''n''-smooth (or ''n''-friable) number is an integer whose prime factors are all less than or equal to ''n''. For example, a 7-smooth number is a number whose every prime factor is at most 7, so 49 = 72 and 15750 = 2 × 32 × ...

. A test site is available on the Internet. In short, keys that fit this format have significantly low entropy and can be attacked relatively efficiently (weeks to months), and the format can be confirmed ("fingerprinted") by the attacker very quickly (microseconds). Multiple implementations of the attack are publicly available.

Mitigation

The ROCA authors consider public keys of length 512, 1024 and 2048-bits generated by ''RSALib'' to be vulnerable. Because the details of key generation differ for different key lengths, shorter keys are not necessarily more vulnerable than longer keys. For example, a 1952-bit RSAlib key is stronger than a 2048-bit key and a 4096-bit key is weaker than a 3072-bit key. The best mitigation, according to the authors, is to generate RSA keys using a stronger method, such as by

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...

. If that is not possible, the ROCA authors suggest using key lengths that are less susceptible to ROCA such as 3936-bit, 3072-bit or, if there is a 2048-bit key size maximum, 1952-bits. Infineon has released firmware updates for its

s to manufacturers who have used its TPMs.

Implications

The vulnerability highlighted several shortcomings of the Common Criteria certification scheme as the vulnerability was present in a list of Common Criteria certified smart card products. Namely, the approval of homegrown cryptographic algorithms; the lack of transparency in certification reports, inability to revoke Common Criteria certificates for known vulnerable products and distribute this information to the users of the certified products. In Estonia, the discovery of the vulnerability resulted in a state-level cyber crisis as the vulnerable smart card chip was deployed on more than 750,000

Estonian identity card The Estonian identity card ( et, ID-kaart) is a mandatory identity document for citizens of Estonia. In addition to regular identification of a person, an ID-card can also be used for establishing one's identity in electronic environment and for ...

s that are used daily by Estonian residents and e-residents to securely authenticate online and create digital signatures.

References

External links

ROCA detection tool (Detection source code)ROCA Vulnerability Test Suite (Online tool for testing keys, files, GitHub accounts, GnuPG keys, and includes an S/MIME and PGP email responder)TrustMonitor ROCA Vulnerability Test (Online tool for testing multiple certificates)Detect Trusted Platform Modules Vulnerable to CVE-2017-15361 (Scripts)
{{Hacking in the 2010s Cryptographic attacks Attacks on public-key cryptosystems

Technical details

Mitigation

Implications

See also

References

External links