CERT-In Advisory
CIAD-2017-0047
Infineon RSA library Security Bypass vulnerability (ROCA)
Original Issue Date: October 18, 2017
Severity Rating: High
Software Affected
- Infineon RSA library v1.02.013 and prior
- Infineon Trusted Platform Module firmware
- Any products using the affected code library "RSA Library version v1.02.013" developed by Infineon Technologies.
- Keys generated with smartcards or embedded devices using the Infineon library
- Devices certified by NIST FIPS 140-2 & CC EAL 5+
Overview
A vulnerability has been reported in Infineon RSA library, which could allow an attacker to recover the RSA private key corresponding to an RSA public key generated by the library.
Description
The vulnerability exists in an implementation of RSA key generation due to improper handling of RSA keypair generation by the affected firmware.
Successful exploitation of this vulnerability allows a remote attacker to compute an RSA private key from the value of a public key, within a practical amount of time frame. The private key can then be misused for purposes of impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures and other related attacks.
Solution
Apply appropriate updates as mentioned by various vendors after appropriate testing. Users may get in touch with the vendors for updates.
Workaround
- Apply the software update if available.
- Replace the device with one without the vulnerable library.
- Generate a secure RSA keypair outside the device (e.g., via the OpenSSL library) and import it to the device.
- Use other cryptographic algorithm such as ECC instead of RSA on affected devices.
- Apply additional risk management within the environment, if the RSA key in use is detected as vulnerable.
- Use key lengths which are not currently impacted (>2048-bits)
References
Infineon
https://www.infineon.com/cms/en/product/promopages/tpm-update/
Microsoft
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
US CERT
https://www.kb.cert.org/vuls/id/307015
CRoCS
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Keychest
https://keychest.net/roca
KeyTester
https://keytester.cryptosense.com/
Cisco
https://tools.cisco.com/security/center/viewAlert.x?alertId=55625
CVE Name
CVE-2017-15361
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|