An international team of researchers claim to have uncovered a way to enhance padding oracle attacks against cryptographic hardware such as RSA SecurID 800 authentication tokens to enable hackers to access encryption keys.
However, an executive with EMC's RSA security division dismissed the attack strategy as impractical.
Padding oracle attacks attempt to trick the oracle such as a server into leaking data about whether the padding of an encrypted message is correct. The research, which will be presented at the Crypto 2012 conference in Santa Barbara, Calif., in August, builds off of previous research into attacks on the PKCS1v1.5 encryption standard.
According to a paper released by the team, their modified version of the Bleichenbacher RSA PKCS#1v1.5 attack in many cases allows the "million message attack" to be carried out with a few tens of thousands of messages or even fewer.
"We have implemented and tested this and the Vaudenay CBC attack on a variety of contemporary cryptographic hardware, enabling us to determine the value of encrypted keys under import," the researchers wrote. "We have shown that the way the C UnwrapKey command from the PKCS#11 standard is implemented on many devices gives rise to an especially powerful error oracle that further reduces the complexity of the Bleichenbacher attack. In the worst case, we found devices for which our algorithm requires a median of only 3,800 oracle calls to determine the value of the imported key. Vulnerable devices include eID cards, smartcards and USB tokens."
Other devices affected by the attacks include Siemens CardOS and Aladdin eTokenPro. The attack comes with some caveats. For one, it does not reveal the private half of the key used for encryption. The attacks also do not reveal the seed values used to generate one-time passwords on RSA tokens.
In a FAQ on the paper, the team explained that their modified Bleichenbacher attack reveals plaintext that in the context of the PKCS#11 UnwrapKey command is a symmetric key. The same attack can also be used to forge a signature, they said.
"The Vaudenay CBC attack may reveal either a symmetric key or a private RSA key if it has been exported from a device under a symmetric cipher like AES using CBC_PAD," the researchers wrote in the FAQ.
For their part, EMC's RSA security division was critical of the paper.
"The vulnerability outlined by the researchers makes it possible (however unlikely) that an attacker with access to the user s smartcard device and the user s smartcard PIN could gain access to a symmetric key or other encrypted data sent to the smartcard," blogged Sam Curry, chief technology officer of RSA's Identity and Data Protection unit. "It does not, however, allow an attacker to compromise private keys stored on the smartcard. Repeat, it does not allow an attacker to compromise private keys stored on the smartcard."
"This is not a useful attack," he continued. "The researchers engaged in an academic exercise to point out a specific vulnerability in the protocol, but an attack requires access to the RSA SecurID 800 smartcard (for example, inserted into a compromised machine) and the user s smartcard PIN. If the attacker has the smart card and PIN, there is no need to perform any attack, so this research adds little additional value as a security finding.
An RSA spokesperson told eWEEK that since 2002, RSA has cautioned customers to discontinue using PKCS#1v1.5 in favor of the more secure PKCS#1 v2.0 standard. Curry advised organizations to use PKCS#1 v 2.0 with Optimal Asymmetric Encryption Padding (OAEP) in applications that require encryption.