针对 YubiKey 5 系列的 EUCLEAK 侧通道攻击
EUCLEAK Side-Channel Attack on the YubiKey 5 Series

原始链接: https://ninjalab.io/eucleak/

本文描述了对英飞凌科技公司密码库中侧通道漏洞的分析和利用,该密码库通常用于电子护照、加密货币钱包和智能汽车/家庭等各种安全系统中。 该研究特别关注 FIDO 硬件令牌,例如流行的 YubiKey 5 系列。 该研究揭示了椭圆曲线数字签名算法 (ECDSA) 的模块化逆函数的弱点,导致侧信道攻击可以提取敏感信息,包括 ECDSA 私钥。 值得注意的是,该漏洞影响较旧和较新的英飞凌安全微控制器,例如固件版本低于 5.7 的 YubiKey 5 系列中发现的微控制器。 尽管攻击需要对目标系统进行物理访问,以及专门的工具和专业知识,但用户应继续利用这些 FIDO 硬件身份验证令牌来提高针对网络钓鱼尝试的安全性。 研究人员计划与英飞凌和其他利益相关者进一步合作,开发补丁并确保未来的高水平安全性。 没有提供何时发布此潜在修复程序的时间表。

这是您的文本的简化解释: 护照伪造:您可以以数字方式复制他人的护照,但对护照进行物理更改以匹配原始持有人至关重要,因为大多数护照的微芯片内不包含照片。 此外,许多国家没有维护旅行记录的中央数据库,这使得护照伪造品被发现的可能性较小。 电话飞地:这些保护单个应用程序,防止未经授权的用户访问敏感信息。 然而,由于系统范围的威胁,这些飞地可能仍然容易受到攻击。 加密货币钱包:保护硬件钱包的安全至关重要,就像保护普通钱包免遭盗窃一样重要。 SIM 卡交换:政府可以使用拦截令来监控通信,而不是交换 SIM 卡,从而消除此类活动的需要。 笔记本电脑安全:笔记本电脑在加密方面面临与手机类似的风险,这意味着仅加密不足以保护关键数据。 EMV 芯片欺诈:如果个人拥有必要的技术技能和资源,他们就不太可能浪费时间复制信用卡或借记卡。 电子邮件验证:双因素身份验证 (2FA) 设备在在线验证身份时确保额外的保护层,需要多个元素(用户名、当前密码等)或满足特定标准(电子邮件确认、视频通话、尝试失败后的等待时间) )。 物理访问攻击:获得 Yubikey 物理访问权限的入侵者可以轻松地用相同的伪造品替换它们,从而使正版 Yubikey 对其合法所有者毫无用处,从而可能危及安全措施。 附加因素:为了增强安全性,网站可以实施附加因素,例如发送带有随机数据的请求来验证每笔交易,从而使重复使用变得显而易见。
相关文章

原文

Download the Writeup

Illustration Romain Flamand – Flamingo Studio – [email protected]


Abstract

Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest level of security evaluations that exists (Common Criteria) and are often considered inviolable, even in the worst-case attack scenarios. Hence, complex secure systems build their security upon them.

FIDO hardware tokens are strong authentication factors to sign in to applications (any web service supporting FIDO); they often embed a secure element and the FIDO protocol uses Elliptic Curve Digital Signature Algorithm (ECDSA for short) as its core cryptographic primitive. YubiKey 5 Series are certainly the most widespread FIDO hardware tokens, their secure element is an Infineon SLE78.

This document shows how – finding a JavaCard open platform (the Feitian A22) based on a similar Infineon SLE78 – we understood the Infineon ECDSA implementation, found a side-channel vulnerability and designed a practical side-channel attack. The attack is then demonstrated on a YubiKey 5Ci. Finally, we show that the vulnerability extends to the more recent Infineon Optiga Trust M and Infineon Optiga TPM security microcontrollers.

Our work unearths a side-channel vulnerability in the cryptographic library of Infineon Technologies, one of the biggest secure element manufacturers. This vulnerability – that went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non constant-time modular inversion.

The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device.

All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack. These security microcontrollers are present in a vast variety of secure systems – often relying on ECDSA – like electronic passports and crypto-currency hardware wallets but also smart cars or homes. However, we did not check (yet) that the EUCLEAK attack applies to any of these products.

Cautionary Note

Authentication tokens (like FIDO hardware devices) primary goal is to fight the scourge of phishing attacks. The EUCLEAK attack requires physical access to the device, expensive equipment, custom software and technical skills. Thus, as far as the work presented here goes, it is still safer to use your YubiKey or other impacted products as FIDO hardware authentication token to sign in to applications rather than not using one.

Discovered By

Thomas Roche (NinjaLab)

List of Impacted Products

  • All Infineon security microcontrollers embedding Infineon cryptographic library (any existing version). For instance, all existing versions of Infineon TPMs are affected.

  • All YubiKey 5 Series (with firmware version below 5.7)

Further Notes

1. The impacted Feitian A22 Javacard used in this work is an old product no more available for sale. All Feitian products currently available on their webstore (and based on an Infineon security microcontroller) use Feitian own cryptographic library, and are not impacted by our work to our knowledge.

2. The new YubiKey firmware 5.7 update (May 6th, 2024) switches the YubiKeys from Infineon cryptographic library to Yubico new cryptographic library. To our knowledge, this new cryptographic library is not impacted by our work.

3. Infineon has already a patch for their cryptographic library, to our knowledge it did not yet pass a Common Criteria certification evaluation.

CVE

We are still waiting for a CVE ID.

联系我们 contact @ memedata.com