Experts from France, Italy, the UK, and Norway have released the results of a study which demonstrates that the flaws present in many of the popular security devices, such as the RSA’s SecureID 800, can be leveraged to obtain the precious cryptographic keys.In a paper called “Efficient padding oracle attacks on cryptographic hardware,” researchers Romain Bardou, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay, Riccardo Focardi and Yusuke Kawamoto detail the vulnerabilities that expose the imported keys from various cryptographic devices that rely on the PKCS#11 standard.
They describe the method they used, the padding oracle attack, as a “particular type of side channel attack where the attacker is assumed to have access to an oracle which returns true just when a chosen ciphertext corresponds to a correctly padded plaintext under a given scheme.”
By creating an optimized version of Bleichenbacher’s attack, the researchers have been able to prove that tokens such as the RSA SecurID, the Aladdin eTokenPro, the Gemalto Cyberflex, the Safenet Ikey 2032 and the Siemens CardOS can be cracked in a short period of time.
Surprisingly, the attack in the RSA’s device took only 13 minutes to complete, while the ones on Aladdin and Siemens took about 21 minutes. Safenet and Gemalto tokens were cracked in 88, respectively 92 minutes.
The initial variant of the Bleichenbacher attack required millions of decryption attempts, explained Matthew Green, a research professor at Johns Hopkins University. However, the new version only requires thousands or tens of thousands of attempts.
This paper is just one of many that show that the PKCS#1v1.5 padding for RSA encryption is highly insecure, a fact reinforced by Green, who believes that the past two years haven’t been the best for the industry.
The most worrying thing is that tokens that rely on this technology are utilized by numerous organizations to access restricted networks and perform other sensitive operations.
That’s why the scientists recommend a few countermeasures to the Bleichenbacher and Vaudenay attacks.