"RSA has received many inquiries, press pickups, blog entries, and tweets regarding an alleged crack by researchers of the RSA SecurID 800 authenticator... an alarming claim and should rightly concern customers who have deployed the RSA SecurID 800 authenticator. The only problem is that it’s not true..."
* * *
Researchers from Project-Team Prosecco have published a paper describing an attack method that can compromise cryptographic keys used in some of the leading authentication and access control products available on the market today.
The team has demonstrated how the exploit can successfully expose an encryption key from RSA's SecurID 800, a widely used product which "helps enable two-factor authentication, disk and file encryption, smart card logon, e-mail signing and more," according to a product fact sheet.
The attack is described in detail in a paper scheduled to be presented by the team at the upcoming CRYPTO 2012 conference in August.
"We show how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel." the research team's abstract states.
"In the asymmetric encryption case, we modify and improve Bleichenbacher's attack on RSA PKCS#1v1.5 padding, giving new cryptanalysis that allows us to carry out the `million message attack'... For the symmetric case, we adapt Vaudenay's CBC attack, which is already highly efficient. We demonstrate the vulnerabilities on a number of commercially available cryptographic devices, including security tokens, smartcards and the Estonian electronic ID card. The attacks are efficient enough to be practical: we give timing details for all the devices found to be vulnerable, showing how our optimisations make a qualitative difference to the practicality of the attack. We give mathematical analysis of the effectiveness of the attacks, extensive empirical results, and a discussion of countermeasures and manufacturer reaction," the abstract continues.
The storage of encryption keys on network systems leaves them vulnerable to extraction if the networks are compromises. Products like RSA's SecurID seek to mitigate that vulnerability by storing the keys on specially designed USB memory sticks which are issued to those with permission to access the networks, ostensibly providing a greater level of secure access control.
This latest attack can undermine this security methodology by extracting the keys from the two-factor cryptographic devices like security tokens and smartcards.
"[These products are] designed specifically to deal with the case where somebody gets physical access to it or takes control of a computer that has access to it, and they're still supposed to hang onto their secrets and be secure. Here, if the malware is very smart, it can actually extract the keys out of the token.That's why it's dangerous," said Johns Hopkins University's Matthew Green, who specializes in cryptography.
In March of 2011, RSA - which is the security division of EMC - had announced they suffered a breach stemming from a "sophisticated attack" on their network systems which potentially compromised the SecurID product.
While few details have ever been released that could give analysts a better understanding of the scope and impact of the breach, the unauthorized access to sensitive material regarding SecurID is known to have had wide spread impact.
RSA's customers include government, military, financial, enterprise, healthcare and insurance companies.
In June of 2011, Lockheed disabled their employees remote access privileges while the company reissued new SecurID tokens to all telecommuting workers as well as requiring all employees with network access to change their passwords after detecting unauthorized access attempts.
Shortly after, defense contractor Northrop Grumman also reportedly disabled remote access to company networks, and L-3 Communications reported the company had suffered a network breach stemming from cloned RSA SecurID tokens.
Of this latest research news, Arstechnica reports that "RSA didn't return e-mails seeking comment... According to the researchers, RSA officials are aware of the attacks first described by Bleichenbacher and are planning a fix. SafeNet and Siemens are also in the process of fixing the flaws..."