Skip to main content
banner image
venafi logo

ROCA Risks: Are Your Keys Safe?

ROCA Risks: Are Your Keys Safe?

roca factorization attacks
October 19, 2017 | Nick Hunter

Researchers have revealed several substantial vulnerabilities this month. First Krack and now ROCA, also known as the ‘Return of Coppersmith's Attack.’

This newly discovered vulnerability places a wide range of machine identities at risk because it targets the software library utilized by hardware chips manufactured by Infineon Technologies AG. These chips are vulnerable to a factorization attack, in which the perpetrator can compute the private part of an RSA key.

The ROCA vulnerability raises questions about the security of Trusted Platform Modules (TPMs). These secure cryptographic integrated circuits can be found embedded in chipsets and they implement the triad of security: confidentiality, integrity and authenticity.

TPMs are relied on to secure enterprises in all kinds of ways, including:

  • Random password generation
  • Secure digital credentials in password and key vaults
  • Symmetric key management
  • Smart cards
  • Fingerprint readers
  • Multi-factor authentication devices
  • File, disk, data encryption
  • System, file, and data access controls
  • System integrity validation and authentication
  • VPN/WIFI authentication and encryption
  • Routers, switches, firewalls, proxies, load balancers – All layers of the network OSI model that create encryption

In addition, TPM hardware modules exist in personal computers, servers, and networking devices, and they are also used in Hardware Security Modules (HSM), mobile phones and IoT devices.

Unfortunately, researchers have determined that public keys can be factored into revealing the prime number used to generate encryption. Cryptographic best practices would require that both the public and private key would be randomly generated before being multiplied to create a strong encryption key.

However, in the case of this vulnerability the Infineon library was not generating truly random prime numbers. Thus, the prime number could be derived and compromised. Currently, the confirmed number of vulnerable keys found is about 760,000, but there is a possibility that up to two to three magnitudes more are vulnerable.

The widespread impact of this attack is just being realized. Previously, we had trust concerns with TPMs. TPM security relies entirely on the manufacturer and the authorities in the country where the hardware is produced and their securing of the private endorsement key. This practice has many security experts worried.

On a positive note, remediation has already begun a few vendors have released patches and the Centre for Research on Cryptography and Security suggests organizations take the following steps for remediation:

  • Apply the software update if available.
  • Replace the device with one without the vulnerable library.
  • Generate a secure RSA keypair outside the device and import it to the device.
  • Use other cryptographic algorithm (e.g., ECC) instead of RSA on affected devices.
  • Apply additional risk management within your environment, if the RSA key in use is detected as vulnerable.
  • Use key lengths which are not currently impacted (e.g., 3936 bits) by our factorization method. Be aware: use this specific mitigation only as a last resort, as the attack may be improved.

In addition, the Centre also provides a tool to check whether keys are vulnerable: https://keychest.net/roca and entering a public key there.

How secure are your public keys?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Are You on Krack? How Widespread Is the Latest Wi-Fi Attack?

change certificate authority

3 Reasons to Change Certificate Authorities—Even If Your Browser Doesn’t Tell You To

accelerate F5 application delivery

Accelerate F5 Application Delivery with Automated Key and Certificate Management

About the author

Nick Hunter
Nick Hunter

Nick Hunter writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat