Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

A flawed Infineon Technology chipset left HP, Lenovo and Microsoft devices open to what is called a ‘practical factorization attack,’ in which an attacker computes the private part of an RSA key.

A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a private key just by having a target’s public key.

Security experts say the bug has been present since 2012 and found specifically in the Infineon’s Trusted Platform Module used on a large number of business-class HP, Lenovo and Fijitsu computers, Google Chromebooks as well as routers and IoT devices.

The vulnerability allows for a remote attacker to compute an RSA private key from the value of a public key. The private key can then be misused for purposes of impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures (such as for software releases) and other related attacks, according to researchers.

The Infineon flaw is tied to a faulty design of Infineon’s Trusted Platform Module (TPM), a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and used for secured crypto processes.

Security researchers, at Masaryk University in Brno, Czech Republic, who discovered the vulnerability (CVE-2017-15361) earlier this year, said the flaw occurs during the generation of RSA keys used by a software library in cryptographic smart cards, security tokens and other secure hardware chips manufactured by Infineon.

“The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable,” according to researchers who published a technical analysis of the bug on Monday.

The bug opens the door for what’s known as a “practical factorization attack,” in which the attacker computes the private part of an RSA key, researchers said.

“The attack is feasible for commonly used key lengths, including 1024 and 2048-bits, and affects chips manufactured as early as 2012, that are now commonplace,” researchers said. “Only the knowledge of a public key is necessary and no physical access to the vulnerable device is required.”

Last week, Lenovo, MicrosoftGoogle, and Infineon each issued security bulletins regarding the weakness and warned customers to update their impacted systems.

“Some Windows security features and potentially third-party software rely on keys generated by the TPM (if available on the system),” according to a Microsoft advisory. Microsoft released a Windows security update to help work around the vulnerability by logging events and by allowing the generation of software based keys.

Unlike other encryption vulnerabilities, this bug does not depend on a weak or a faulty random number generator. “Rather, all RSA keys generated by a vulnerable chip are impacted,” according to the coauthors of the report Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas. They said the attack was practically verified for several randomly selected 1024-bit RSA keys and for several selected 2048-bit keys.

“The specific structure of the primes in question allows for a fast detection of vulnerable keys, even in very large datasets,” they said.

The worst cases for the factorization (attacks) of 1024 and 2048-bit keys are less than three CPU-months and 100 CPU-years, researchers said. “The factorization can be easily parallelized on multiple CPUs. Where k CPUs are available, the wall time required for the attack will be reduced k-times—allowing for practical factorization in order of hours or days,” the said.

Researchers broke down the cost of the practical factorization attack to $76 for the 1024-bit key and $40,000 for the 2048-bit key, both running on an Amazon AWS c4 computation instances. But they said a 4096-bit RSA key is not practically factorizable now, but “may become so, if the attack is improved.”

The vulnerability was found by a close inspection of a large number of RSA keys generated and exported from the manufacturer smart cards, according to the report. It was identified at the end of January and disclosed to Infineon in early February. In May, researchers worked with manufacturers and other affected parties to help evaluate and mitigate the vulnerability. On Oct. 16 researchers published a partial disclosure of the vulnerability and on Nov. 2 an in-depth presentation is expected to be released at the ACM Conference on Computer and Communications Security conference.

Researchers provide a number of tools for detection, mitigation and workarounds. “If a vulnerable key is found, then you should contact your device vendor for further advice,” advises researchers.

This is the second high-profile crypto bug to make news Monday. The KRACK, or key reinstallation attack, was also disclosed Monday. It allows attackers to decrypt encrypted traffic, steal data and inject malicious code depending on the network configuration.

Suggested articles