Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:papers:rsa_ccs17 [2017-11-10 21:02] – [Media] xsvenda | public:papers:rsa_ccs17 [2023-07-16 11:34] (current) – [Media] xsvenda | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== ROCA: Vulnerable RSA generation (CVE-2017-15361) ====== | ====== ROCA: Vulnerable RSA generation (CVE-2017-15361) ====== | ||
~~NOTOC~~ | ~~NOTOC~~ | ||
+ | ====== Paper details ====== | ||
+ | **Paper title: The Return of Coppersmith' | ||
+ | **Authors: Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas**\\ | ||
+ | **Primary contact:** Petr Svenda < | ||
+ | |||
+ | * Conference page: [[https:// | ||
+ | * Author ePrint version of the paper: {{ : | ||
+ | * Conference slides: {{ {{ : | ||
+ | * Poster: {{ : | ||
+ | |||
+ | **Bibtex (regular paper)** | ||
+ | |||
+ | @inproceedings{2017-ccs-nemec, | ||
+ | Author | ||
+ | Title = {{The Return of Coppersmith' | ||
+ | BookTitle | ||
+ | Year = {2017}, | ||
+ | ISBN = {978-1-4503-4946-8/ | ||
+ | Publisher | ||
+ | Pages = {1631-1648} | ||
+ | } | ||
+ | |||
**< | **< | ||
- | A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. Assess your keys now with the provided [[https:// | + | **Release date: 16th October, 2017** |
+ | |||
+ | A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. Assess your keys now with the provided [[https:// | ||
+ | |||
+ | Download full paper: {{ : | ||
**</ | **</ | ||
Line 23: | Line 49: | ||
* 2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000). | * 2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000). | ||
- | The vulnerability was found by a close inspection of a large number of RSA keys generated and exported from the manufacturer smartcards by researchers at CRoCS laboratory, Masaryk University, Enigma Bridge and Ca' Foscari University. The full results | + | The vulnerability was found by a close inspection of a large number of RSA keys generated and exported from the manufacturer smartcards by researchers at CRoCS laboratory, Masaryk University, Enigma Bridge and Ca' Foscari University. The full results |
- | The vulnerability was disclosed to Infineon Technologies AG, following the responsible disclosure principle, in the first week of February with agreement of an 8 month period before a public disclosure. We cooperated with the manufacturer and other affected parties to help evaluate and mitigate this vulnerability during this period. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. We are now notifying general public and releasing tools for assessmnet | + | The vulnerability was disclosed to Infineon Technologies AG, following the responsible disclosure principle, in the first week of February with agreement of an 8 month period before a public disclosure. We cooperated with the manufacturer and other affected parties to help evaluate and mitigate this vulnerability during this period. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. We are now notifying general public and releasing tools for assessment |
===== Impact ===== | ===== Impact ===== | ||
Line 99: | Line 125: | ||
* CVE-2017-15361: | * CVE-2017-15361: | ||
* National Cyber Security Centre, UK: https:// | * National Cyber Security Centre, UK: https:// | ||
+ | * D.J.Bernstein and T. Lange, Reconstructing ROCA: https:// | ||
===== Media ===== | ===== Media ===== | ||
Line 113: | Line 140: | ||
* RSA Security: https:// | * RSA Security: https:// | ||
* ArsTechnica: | * ArsTechnica: | ||
+ | * SC Media: https:// | ||
+ | * Cybernetica: | ||
+ | * Infineon: https:// | ||
- | ====== Paper details ====== | ||
- | **Paper title: The Return of Coppersmith' | ||
- | **Authors: Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec and Vashek Matyas**\\ | ||
- | **Primary contact:** Petr Svenda < | ||
- | |||
- | * Conference page: [[https:// | ||
- | * Download author ePrint version of the paper: {{ : | ||
- | |||
- | **Bibtex (regular paper):** | ||
- | |||
- | @inproceedings{2017-ccs-nemec, | ||
- | Author | ||
- | Title = {The Return of Coppersmith' | ||
- | BookTitle | ||
- | Year = {2017}, | ||
- | ISBN = {978-1-4503-4946-8/ | ||
- | Publisher | ||
- | Pages = {1631-1648} | ||
- | } | ||
---- | ---- |