Return of Coppersmith’s Attack, or ROCA for short is a cryptographic weakness in generation of RSA keys, that allows the private key of a key pair to be recovered from the public key. RSA is a public key cryptosystem widely used for secure data transmission. The vulnerability tracked as CVE-2017-15361, affects RSA key pair generation implementation of Infineon’s Trusted Platform Module (TPM).
The fundamental property in a public key cryptography is that public keys really are public. It can be given to anyone without causing any impact on security. This fundamental property is completely broken by ROCA attack. The vulnerability arises from a software library used in cryptographic hardware used for RSA key generation made by Infineon Technologies AG. All keys generated using this library are prone to ROCA attack. This library is used in various hardware used by many domains including trusted boot devices, electronic citizen documents, software package signing, TLS/HTTPS keys, authentication tokens and PGP.
This vulnerability is present in the library used by NIST FIPS 140-2 and CC EAL5+, two internationally adopted cryptographic standards. It can be characterized by a specific structure of the generated RSA primes, which makes factorization practically possible for commonly used key lengths including 1024 and 2048 bits. No physical access to the affected device is required and only the knowledge of a public key is necessary. The primes generated allows for a fast detection of vulnerable keys, even in very large datasets. The key length ranges that are considered to be practically factorizable are 512 to 704 bits, 992 to 1216 bits and 1984 to 2144 bits. 4096-bit RSA key is not practically factorizable now, but it can be possible if the attack is improved.
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 – 4.34, before 000000000000062b – 6.43, and before 0000000000008521 – 133.33.
An attacker can compute a valid private key from the value of a public key based only on a certificate. This makes everything possible. The private key can be misused to do anything on your behalf including encrypting traffic, decrypting the traffic and impersonating the website and other related attacks. Usage scenario, availability of the public keys and the lengths of keys used are the three main factors determining the actual impact of the vulnerability.
Various domains including electronic citizen documents, authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP. The currently confirmed number of vulnerable keys found is about 760,000.
The detection is finding the usage of a chip with a vulnerable library. The only reliable and recommended way is RSA key pair generation on the device and testing the public key against the ROCA flaw with the provided tools mentioned below,
- Offline: https://github.com/crocs-muni/roca
Fixed TPM firmware versions are as follows, upgrade to latest as soon as possible.
- 0000000000000422 – 4.34
- 000000000000062b – 6.43
- 0000000000008521 – 133.33
Due to the complexity of this issue, it’s difficult to completely patch, but there are few mitigation methods. Windows users can address this issue by applying security updates issued by Microsoft. Google, HP and Lenovo have released some mitigation methods and firmware updates for their software products as well. The below-mentioned links describe the mitigation strategies and fixed version details provided by different vendors.