Researchers break RSA SecurID 800 token in 13 minutes
Posted on 26 June 2012.
An international team of scientists that goes by the name of "Team Prosecco" claims to have devised attacks that manage to extract the secret cryptographic key from RSA's SecurID 800 token, as well as many other similar commercial solutions.


According to the paper they are scheduled to present this August at the CRYPTO 2012 conference, what makes these exploits extremely usable is the time it takes them to extract the needed information: 13 minutes.

As they pointed out, the attacks are efficient enough to be practical.

"The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel," they explained.

"In the asymmetric encryption case, we modify and improve Bleichenbacher’s attack on RSA PKCS#1v1.5 padding, giving new cryptanalysis that allows us to carry out the ‘million message attack’ in a mean of 49 000 and median of 14 500 oracle calls in the case of cracking an unknown valid ciphertext under a 1024 bit key (the original algorithm takes a mean of 215 000 and a median of 163 000 in the same case)."

"We show how implementation details of certain devices admit an attack that requires only 9 400 operations on average (3 800 median). For the symmetric case, we adapt Vaudenay’s CBC attack, which is already highly efficient."

Among the other vulnerable devices are SafeNet's iKey 2032 and Aladdin eTokenPro, Siemens' CardOS (it takes 22 minutes to open it), and Gemalto's CyberFlex (92 minutes). Also vulnerable is the Estonian electronic ID Card, which contains two RSA key pairs.

According to the NYT, RSA's spokesman Kevin Kempskie said that the company's researchers are looking into the claims. “If there is a potential serious security vulnerability or threat to our customers, RSA will move quickly to address it," he said.

According to the researchers, Siemens has recognized the flaws and fixed some of them in the most recent version of their product. SafeNet is working on fixing some of them. The Estonian Certification Center said that as the authentication certificate is mainly used for authentication with SSL, and that their attack would be too slow to forge an SSL client response before a server timeout.






Spotlight

(IN)SECURE Magazine issue 43 released!

Posted on 16 September 2014.  |  (IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. This issue covers web application security, mobile hacking, certification, Black Hat, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //