Identifying vulnerabilities in security tokens

Identifying vulnerabilities in security tokens

(05.07.2012) A team of researchers, including an NTNU postdoc and scientists from Project-Team Prosecco, reports taking just 13 minutes to successfully attack security tokens that use vulnerable encryption standards made by RSA and other companies.  The tokens may be used to encrypt a secret session key, which could be recovered as a result of the researchers' attack, demonstrating an important vulnerability in the tokens. Their results will be presented at the 32nd International Cryptology Conference CRYPTO 2012, Santa Barbara, California, in August.

The researchers, including NTNU postdoc Joe-Kai Tsay, reported their attack on five different kinds of cryptographic devices using something called a Bleichenbacher's attack, which is also known as a "million message attack."

"One of the main contributions of our work was the optimization of the Bleichenbacher attack," says Tsay. "Although the original Bleichenbacher attack against the encryption standard still used in the tokens has been known since 1998, it was previously believed ( by the manufacturers of the security tokens) that such attacks are inefficient."

The paper has caused a stir in the cryptographic world and has been reported by a number of US and international news outlets, including The New York Times, the Boston Globe, and die Süddeutsche Zeitung, a major German daily newspaper. You can read more about the technical details of what the team did in this online security news site, and you can also read the response of the major manufacturer of one of the keys, RSA, which says its devices are secure. The researchers themselves have posted an FAQ about the paper and have posted a copy of the paper for download.