An exploit revealed in a paper [PDF] at the CRYPTO 2012 conference shows a flaw in some of RSA’s products that can allow the rapid extraction of secret symmetric secret keys. According to researchers, it could be done as quickly as 13 minutes against a device such as RSA’s SecurID 800—a widely used product that enables companies to secure physical-access and remote access using mathematically powerful cryptographic keys to sign e-mails and validate authentication.
The SecurID 800 device is designed to protect the keys from prying eyes by keeping them within a secured dongle (a USB key in this case) so that if an attacker manages to physically compromise a server or computer they don’t have access to the cryptographic keys that lock the information on the device. In this sort of device authentication, an attacker needs both the dongle (the physical object) and access to the cryptographic storage—as well as the passphrase to unlock the keys—before they can access the information in the cryptographic storage.
Dan Goodwin at Ars Technica wrote up an article on the highly technical nature of the exploit and how it can be used to steal the keys in the SecurID 800,
If devices such as the SecurID 800 are a Fort Knox, the cryptographic wrapper is like an armored car used to protect the digital asset while it’s in transit. The attack works by repeatedly exploiting a tiny weakness in the wrapper until its contents are converted into plaintext. One version of the attack uses an improved variation of a technique introduced in 1998 that works against keys using the RSA cryptographic algorithm. By subtly modifying the ciphertext thousands of times and putting each one through the import process, an attacker can gradually reveal the underlying plaintext, D. Bleichenbacher, the original scientist behind the exploit, discovered. Because the technique relies on “padding” inside the cryptographic envelope to produce clues about its contents, cryptographers call it a “padding oracle attack.” Such attacks rely on so-called side-channels to see if ciphertext corresponds to a correctly padded plaintext in a targeted system.
It’s this version of the attack the scientists used to extract secret keys stored on RSA’s SecurID 800 and many other devices that use PKCS#11, a programming interface included in a wide variety of commercial cryptographic devices. Under the attack Bleichenbacher devised, it took attackers about 215,000 oracle calls on average to pierce a 1024-bit cryptographic wrapper. That required enough overhead to prevent the attack from posing a practical threat against such devices. By modifying the algorithm used in the original attack, the revised method reduced the number of calls to just 9,400, requiring only about 13 minutes of queries, Green said.
The paper went on to explain the nature of the attack uses the PKCS#11 interface—a programming protocol used by many commercial devices—to break the cryptographic wrapper on the keys, permitting attackers eventual access to the keys beneath. A number of other security devices also use this standard, according to the paper, such as: the Aladdin eTokenPro and iKey 2032 made by SafeNet, the CyberFlex manufactured by Gemalto, and Siemens’ CardOS.
It took RSA a few days to respond to reports of the paper, and in particular the Ars Technica article, with their own blog post, “Don’t Believe Everything You Read…Your RSA SecurID Token is Not Cracked.”
“While RSA would agree that the research paper demonstrates an improvement of the padding oracle attack, the attack is better characterized as against the PKCS #1 V1.5 standard rather than any particular device,” writes RSA, mentioning the programming protocol. RSA contends that the token cannot be “cracked”—as in taken directly—but they do accede that the keys can be accessed within the device.
To this end, RSA says that the paper simply reveals an academic exercise and not something that could be used in the wild to extract or crack the cryptographic token from their SecurID 800 device, calling it “not a useful attack.”
This discovery comes after last year saw the exfiltration of some cryptographic keys from RSA’s SecurID product set which led to several high profile hacks against government contractors. Last year’s breaches were the result of hackers stealing keys and not products themselves being exploited, according to EMC themselves; RSA in turn confidently blamed a hacker team working under the auspex of a nation-state for that hack and the resulting fallout.
The breaches led to several high profile attempts against contractors such as Lockheed Martin, who noticed a network distruption but repelled a potential attack; and Northop Grumman who also experienced a hacking attempt related to their SecurID products. RSA was quick to recall the devices affected by the cryptographic key theft and replaced them along with a vast investigation of what happened.