Major
corporations, government agencies, and small businesses all hand out
RSA SecurID fob keychains to employees so that they can log in to their
systems for security reasons and If you’re used to seeing a device like
this on a daily basis, you probably assume that it’s a vital security
measure to keep your employer’s networks and data secure. A team of
computer scientists beg to differ, however, because they’ve cracked the
encryption it uses wide open.
In a paper called “Efficient padding oracle attacks on cryptographic hardware,”
researchers Romain Bardou, Lorenzo Simionato, Graham Steel, Joe-Kai
Tsay, Riccardo Focardi and Yusuke Kawamoto detail the vulnerabilities
that expose the imported keys from various cryptographic devices that
rely on the PKCS#11 standard.
They managed to develop an
approach that requires just 13 minutes to crack the device’s
encryption. RSA Security, a division of the data storage company EMC, is
one of the largest makers of the security fobs. A spokesman for the
company, Kevin Kempskie, said that its own computer scientists were
studying the paper to determine “if this research is valid.”
Commonly referred to as the ‘million message attack,’
it usually requires an average of 215,000 queries to reveal a 1024-bit
key. The refined method suggested in the document improves the algorithm
and only requires an average of 9,400 calls to reveal the same key.
They accomplished this by using a theorem that allows not only
multiplication but also division to be used in manipulating a PKCS# v1.5
ciphertext to learn about the plaintext. The paper says that "the attacks are efficient enough to be practical."
Among the other vulnerable
devices are SafeNet's iKey 2032 and Aladdin eTokenPro, Siemens' CardOS
and Gemalto's CyberFlex (92 minutes). Also vulnerable is the Estonian
electronic ID Card, which contains two RSA key pairs
Source: Link
0 comments:
Post a Comment