Padding Oracle Crypto Research Prompts Confusion, Dissenting Opinions on Severity

Few things tend to spark debates and controversy in the security community like a new piece of cryptographic research. The paper by a group of academic researchers on an improvement to a padding oracle attack on certain hardware security tokens publicized this week is no different, with RSA officials saying the research contributes nothing in the way of breaking new ground. Cryptographers beg to differ.

Few things tend to spark debates and controversy in the security community like a new piece of cryptographic research. The paper by a group of academic researchers on an improvement to a padding oracle attack on certain hardware security tokens publicized this week is no different, with RSA officials saying the research contributes nothing in the way of breaking new ground. Cryptographers beg to differ.

The research in the new paper improves upon an existing attack on a known weakness in the implementation of the PKCS #1 v1.5 specification. The team was able to improve the efficiency of the attack by a factor of five to 10 times, and experts and cryptographers have praised the result as important work. The attack affects several brands of hardware security tokens, including the RSA SecurID 800 and Aladdin eToken Pro. However, RSA officials say that because the attack itself has been known for some time, as has the underlying weakness, there’s nothing to see here.

“The research by a group called ‘Project Team Prosecco’ doesn’t cover any meaningful new ground, and in the specific case of RSA’s products does not highlight any practical risk to users of our RSA SecurID 800 tokens (or any other RSA product),” Sam Curry, RSA’s chief technologist, wrote in an analysis of the research. 

The vulnerability outlined by the researchers makes it possible (however unlikely) that an attacker with access to the user’s smartcard device and the user’s smartcard PIN could gain access to a symmetric key or other encrypted data sent to the smartcard. It does not, however, allow an attacker to compromise private keys stored on the smartcard. 

This is not a useful attack. The researchers engaged in an academic exercise to point out a specific vulnerability in the protocol, but an attack requires access to the RSA SecurID 800 smartcard (for example, inserted into a compromised machine) and the user’s smartcard PIN. If the attacker has the smart card and PIN, there is no need to perform any attack, so this research adds little additional value as a security finding.”

What RSA’s response is missing is the fact that the company, along with other manufacturers, still support weak implementations of PKCS, allowing the attack to succeed, experts say.

The real conclusion is that none of the manufacturers seemed to take implementation robustness seriously. Even the two implementations that were safe from these attacks were only safe because implementation flaws caused them to not provide useful information back to the attacker,” Nate Lawson of Root Labs wrote in an analysis of the attack.

“The first counterclaim RSA makes is that this research does not compromise the private key stored on the token. This is true. However, it allows an attacker to decrypt and recover other ‘wrapped’ keys encrypted by the token’s key pair. This is like saying an attacker is running a process with root access but doesn’t know the root password. She can effectively do all the same things as if she did have the password, at least until the process is killed.”

The authors of the paper say in their conclusion that their research, which builds upon existing work, should spur companies to take a harder look at the way they implement the PKCS standard.

“We have shown that the way the C UnwrapKey command from the PKCS#11 standard is implemented on many devices gives rise to an especially powerful error oracle that further reduces the complexity of the Bleichenbacher attack. In the worst case, we found devices for which our algorithm requires a median of only 3 800 oracle calls to determine the value of the imported key. Vulnerable devices include eID cards, smartcards and USB tokens,” they wrote.

“While some theoreticians found the lack of a security proof sufficient grounds for rejecting a scheme, some practitioners found the absence of practical attacks sufficient grounds for continuing to use it. We hope that the new results with our modified algorithm will prompt editors to reconsider the inclusion of PKCS#1 v1.5 in contemporary standards such as PKCS#11.”


Suggested articles