NEWS - June 26, 2012
by Carol~ - 6/26/12 5:54 PM
Researchers Devise Practical Key Recovery Attack Against Smart Cards, Security Tokens
A team of cryptographic researchers claim to have developed an attack method that can be used to recover secret keys in an acceptable time frame from cryptographic devices like smart cards, hardware security modules and USB security tokens.
The new attack method was documented in a research paper (pdf) that will be presented later this year at the CRYPTO 2012 cryptology conference and significantly improves previously known oracle padding attacks against asymmetric (RSA PKCS#1 v1.5) and symmetric (AES-CBC) encryption standards.
The method works on devices like the RSA Securid 800, Aladdin eTokenPro, Gemalto Cyberflex, Safenet Ikey 2032 and Siemens CardOS that use the vulnerable encryption standards for key export and import functions
Shortcomings in the implementation of such functions on some devices further improve the performance of this attack method and reduce the time required to recover keys.
Oracle padding attacks involve repeatedly sending an intentionally modified ciphertext to a decryptor in order to analyze the differences between the errors it generates. These bits of information can eventually be used to deduce the original text.
Continued : http://www.pcworld.com/businesscenter/article/258342/researchers_devise_practical_key_recovery_attack_against_smart_cards_security_tokens.html
Researchers steal keys from RSA tokens
Researchers break RSA SecurID 800 token in 13 minutes
Scientists crack RSA SecurID 800 tokens, steal cryptographic keys