ROCA Vulnerability: Understanding and Reducing the Impact

ROCA (Return of Coppersmith’s Attack) is the vulnerability discovered in Trusted Platform Modules (TPMs) and Secure Elements (SEs) produced by Infineon Technologies AG. It was first discovered by a team of researchers at Masaryk University in Brno, Czech Republic; UK security firm Enigma Bridge; and Ca’ Foscari University of Venice, Italy.

Microsoft have stated that enterprise Windows users are likely to be affected by the vulnerability and that action should be taken. However, it is unlikely that Windows home users are affected.

What is the problem with ROCA?

A flaw in the software library used by Infineon TPMs and SEs to generate RSA private keys was discovered. This meant that determining an RSA private key from its public equivalent was much simpler than it was first thought. The consequence of this is that attacks on data and services protected by these key are much more likely.

The cost of breaking a 2048-bit RSA key, affected by the vulnerability would be around $20,000 (as estimated by the research). This makes attacks feasible against data and services protected by those keys and means that for a variety of threat actors, targeting individual keys may be worthwhile.

Who is affected by ROCA?

Both TPMs and SEs are in a huge variety of devices and used in many ways by operating systems and third-party software. This is why it is impossible to provide a comprehensive list of those affected.

TPMs are primarily found in enterprise client PCs, but are also found in servers, some consumer client PCs and most Chrome OS devices. They are used in multiple applications, as they provide a secure environment to perform cryptographic operations.

TPMs are used for storage and processing of keys that are used for a number of features such as:

• authentication (of devices and users)
• email encryption with S/MIME and PGP
• Virtual Private Networks
• TLS and SSH connections
• certificate authorities
• software signing

In addition they are used to protect data when mobile devices are lost.

SEs are secure storage and processing areas in embedded devices such as smart cards, security tokens, and some mobile devices. They also provide a secure place in which to perform cryptographic operations and are used for similar features as TPMs.

Am I affected by ROCA?

To find out if you’re affected you need to answer the following questions:

1. Does your device contain an affected TPM or SE?
2. Does the TPM or SE have a vulnerable firmware version?
3. Are you using the features that have been configured to use RSA Key Generation in the vulnerable TPM or SE?

So far we know that Microsoft, Google Chrome OS, Gemalto, Yubico and a number of PC vendors have made the impact on their devices public. However, users should remain vigilant for further advice from vendors, especially as there may be further device or software vendors that will make announcements.

• Users of Windows operating systems should consult Microsoft’s guidance
• Users of Chrome OS should consult Google’s guidance
• Users of Yubikey devices should consult Yubico’s guidance
• Users of Gemalto IDPrime.Net products should consult Gemalto’s guidance

The researchers who discovered the vulnerability have made tests available which allow you to determine if your RSA key is vulnerable. Alternatively, as always, contact CounterHack for further help and advice.