ROCA the ATTACK on Encription

While we were still finding it difficult to forget the Krack attack, a five-year-old bug has resurfaced in a new form to haunt Google and Microsoft. Known as ROCA (Return of Coppersmith’s Attack), the encryption key-related exploit is named after the Coppersmith’s attack.

The ROCA hack: Vulnerable RSA Generation (CVE-2017-15361), developed by the researchers at Centre for Research on Cryptography and Security, Masaryk University, Enigma Bridge and Ca’ Foscari University targets the weakness in the cryptography tech in chips made by Infineon Technologies.

The range of affected devices – released as early as – includes a large number of Chromebooks, and Windows laptops manufactured by Fujitsu, HP, and Lenovo which feature the hardware chips created by Infineon.

The problem lies in the way the manufacturers implement the widely-used RSA encryption. This makes it possible to figure out the private key if the public key is available which isn’t a big deal.

“The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable,” warn the researchers. They will present their paper at the ACM Conference on Computer and Communications this month where the Krack attack will also be on display.

ROCA hack is practically more effective against 1024-bit encryption keys. Researchers calculated the cost of performing the attack via Amazon cloud servers. It would require around $76 to crack a 1024-bit key while more funds would be needed for a 2048-bit key. It would cost $40,000 as higher bit keys are more complicated, and therefore, harder to crack.

Jake Williams, an ex-NSA staffer and the owner of the cybersecurity company RenditionSec, calls ROCA issue more severe than KRACK, Forbes reports. Williams suggests two ROCA attack scenarios; one involves the attacker compromising the digital signature certificate used to validate a software’s source. An attack can use the published public key to reverse engineer the private key to sign the software and impersonate the victim.

Second, the attacker can run malicious code by fooling the Trusted Platform Module (TPM) chip which stores the RSA encryption keys.

“The TPM is used to ensure the code used to boot the kernel is valid. Bypassing a TPM could allow the attacker to perform an inception style attack where they virtualize the host operating system,” he said.

“There are dozens of other variations of attacks, but these Infineon chips are huge in hardware security modules (HSMs) and TPMs”

The vulnerability was first spotted in January this year, and Infineon was notified in February. The researcher had an agreement to wait for 8 months before making it public. Software updates and mitigation guidelines have been released by Microsoft, Google, HP Lenovo, Fujitsu. Researchers have provided detection tools to check whether the keys are vulnerable.

Referance : https://crocs.fi.muni.cz/public/papers/rsa_ccs17

Comments

My Life as Information security engineer Chapter 1: Tools

Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: http://www.piratesshield.com/2017/11/nmap-network-mapper-securtiy-scanner.html CURL and WGET curl is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget using to download files directly instead of opening and surfing the brow

AquaSec Container Security Solution ( DevSecOps ) - A quickView

What is AquaSec? The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed. Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail Sign In | Aqua (aquasec.com) How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The

Learn DevOps like a pro techie - PART 1

Usually, all DevOps trainers advise you to set up the LAB environment on cloud platforms (AWS, Azure, GCP, etc). But if you understand the technologies you can set it up easily on your super PC. PC REQUIREMENTS : (WARNING!) Processor : > = i3 (10th or 11th Gen) RAM : 8GB (minimum) Storage : SSD preferred TIPS: If you using win11 or win10 and performance is very slow means use the below script. Windows 11 only: https://github.com/builtbybel/ThisIsWin11 Windows 10 only: https://github.com/builtbybel/bloatbox The LAB mainly depends on the docker platform. So First, start learning the basics of Docker. Docker Basics: https://www.tutorialspoint.com/docker/index.htm KNOWLEDGE REQUIRED - Linux Knowledge (5/10) (installation of apps, editing scripts, user privileges, and troubleshooting) - Web Development (3/10) - Google Search and Stackoverflow (9/10)....... he he he......... UTILITY TOOLS AND PRE-REQUISITES - Install Window Terminal Preview

PIRATESSHIELD

Search This Blog