Researchers devise practical key recovery attack against smart cards, security tokens

Researchers optimize known oracle padding attacks to make them practical against cryptographic devices that use older encryption standards

A team of cryptographic researchers claim to have developed an attack method that can be used to recover secret keys in an acceptable time frame from cryptographic devices like smart cards, hardware security modules and USB security tokens.

The new attack method was documented in a research paper that will be presented later this year at the CRYPTO 2012 cryptology conference and significantly improves previously known oracle padding attacks against asymmetric (RSA PKCS#1 v1.5) and symmetric (AES-CBC) encryption standards.

The method works on devices like the RSA Securid 800, Aladdin eTokenPro, Gemalto Cyberflex, Safenet Ikey 2032 and Siemens CardOS that use the vulnerable encryption standards for key export and import functions

Shortcomings in the implementation of such functions on some devices further improve the performance of this attack method and reduce the time required to recover keys.

Oracle padding attacks involve repeatedly sending an intentionally modified ciphertext to a decryptor in order to analyze the differences between the errors it generates. These bits of information can eventually be used to deduce the original text.

Oracle padding attacks were considered impractical against smartcards and security tokens because they require hundreds of thousands of attempts, which would take a very long time on the slow processors found in such devices.

"We give a modified algorithm which results in an attack which is 4 times faster on average than the original, with a median attack time over 10 times faster," the team of researchers wrote in their new paper.

The new attack is possible because many devices continue to use outdated standards for encryption operations.

For example, PKCS#1 v1.5 was published in 1993 and is known to be vulnerable to oracle padding attacks since 1998. Despite this, it was the most common encryption mechanism for key import and export functions on devices tested by the researchers.

A solution to prevent oracle padding attacks is to use OAEP mode encryption, which has been recommended for all new applications since PKCS#1 v2.1 was released in 2002, the researchers said.

"Security is a constantly shifting landscape," said Terence Spies, chief technology officer at data protection vendor Voltage Security via email. "Securing high-value data requires staying up to date on the research landscape, and incorporating lessons from that community. Attackers are reading that research, and people securing data need to also."

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?