The group are to present a paper on the subject at the Crypto 2012 conference in August in Santa Barbara, California. They also confirmed that the SecurID 800 and other tokens can be broken.
The paper authored by Team Prosecco (Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel and Joe-Kai Tsay) detailed a demonstration on how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key.
These attacks were padding oracle attacks, a side channel allowing the user to see whether a decryption has succeeded or not.
“In the asymmetric encryption case, we modify and improve Bleichenbacher's attack on RSA PKCS#1v1.5 padding, giving new cryptanalysis that allows us to carry out the `million message attack'. For the symmetric case, we adapt Vaudenay's CBC attack, which is already highly efficient,” the paper read.
The group said that the way the C UnwrapKey command from the PKCS#11 standard is implemented on many devices allows an ‘especially powerful error oracle' that further reduces the complexity of the Bleichenbacher attack.
“In the worst case, we found devices for which our algorithm requires a median of only 3800 oracle calls to determine the value of the imported key. Vulnerable devices include eID cards, smartcards and USB tokens,” it said.
“While some theoreticians find the lack of a security proof sufficient grounds for rejecting a scheme, some practitioners find the absence of practical attacks sufficient grounds for continuing to use it. We hope that the new results with our modified algorithm will prompt editors to reconsider the inclusion of PKCS#1 v1.5 in contemporary standards such as PKCS#11.”
The group also looked at SafeNet's Aladdin eTokenPro and iKey 2032, the CyberFlex from Gemalto and Siemens' CardOS. The Siemens device took 22 minutes to crack, while the Gemalto device took 89 minutes.
These companies were notified of the research. RSA recognised that an attacker can obtain the corresponding plaintext through a padding Oracle attack against RSA SecureID faster than would be possible with a standard Bleichenbacher attack.
Siemens has also recognised the flaws and it said that it has fixed the verification of the padding and added a check of the obtained plaintext with respect to the given key template in the most recent version.
The group also found that the attacks were effective against the Estonian electronic identification cards and that it plans to test Hardware Security Modules (HSMs) soon.