Matúš Nemec, Marek Sýs, et al. (Masaryk University)
Affected hardware
TPM, Yubikey, Gemalto IDPrime .NET smart cards
Affected software
Any public-private key encryption that used RSALib including BitLocker and PGP
The ROCA vulnerability is a cryptographic weakness that allows the
private key of a key pair to be recovered from the public key in keys generated by devices with the vulnerability. "ROCA" is an acronym for "Return of Coppersmith's attack".[1] The vulnerability has been given the identifier CVE-2017-15361.
The vulnerability arises from a problem with an approach to RSA key generation used in vulnerable versions of a software library, RSALib, provided by Infineon Technologies, and incorporated into many smart cards, Trusted Platform Module (TPM), and Hardware Security Modules (HSM) implementations, including YubiKey 4 tokens, often used to generate PGP keys. Keys of lengths 512, 1024, and 2048 bits generated using these versions of the Infineon library are vulnerable to a practical ROCA attack.[2][3] The research team that discovered the attack (all with Masaryk University and led by Matúš Nemec and Marek Sýs)[2] estimate that it affected around one-quarter of all current TPM devices globally.[4] Millions of smart cards are believed to be affected.[1]
The team informed Infineon of the RSALib problem in February 2017, but withheld public notice until mid-October, citing responsible disclosure. At that time they announced the attack and provided a tool to test public keys for vulnerability. They published the details of the attack in November.[2]
^ abGoodin, Dan (2017-10-23). "Crippling crypto weakness opens millions of smartcards to cloning". Ars Technica. Retrieved 2017-10-25.
^ abcCite error: The named reference nemecsys was invoked but never defined (see the help page).
^Khandelwal, Swati. "Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices". The Hacker News. Retrieved 2017-10-25.
^Leyden, John (16 October 2017). "Never mind the WPA2 drama... Details emerge of TPM key cockup that hits tonnes of devices". United Kingdom: The Register. Retrieved 2017-10-25.
and 26 Related for: ROCA vulnerability information
The ROCAvulnerability is a cryptographic weakness that allows the private key of a key pair to be recovered from the public key in keys generated by devices...
closed source." In October 2017, security researchers found a vulnerability (known as ROCA) in the implementation of RSA keypair generation in a cryptographic...
coordinated vulnerability disclosure (CVD, formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue...
Nová Ves, Bratislava. In 2017, it was reported to be affected by the ROCAvulnerability, potentially allowing the cards to be cheaply spoofed. A new biometric...
boundaries. In 2017, the ROCAvulnerability was found in a list of Common Criteria certified smart card products. The vulnerability highlighted several shortcomings...
made available at the time of the announcement. In October 2017, the ROCAvulnerability was announced that affects RSA keys generated by YubiKey 4 tokens...
TPM chip is used. The flaw is the Return of Coppersmith's Attack or ROCAvulnerability which is in a code library developed by Infineon and had been in widespread...
comprehend and poor usability Lack of ubiquity In October 2017, the ROCAvulnerability was announced, which affects RSA keys generated by buggy Infineon...
products such as smartcards and TPMs, had a flaw (later dubbed the ROCAvulnerability) that allowed private keys to be inferred from public keys. As a result...
Gemalto's M2M Module. CharlieCard De La Rue Estonian id-card and ROCAvulnerability (Estonian Police and Border Guard Board is going to court against...
sister Roca, who has the beautiful figure of a former dancer, Dehya is small, slender with a childlike face and appears to be helpless and vulnerable. But...
(Matschie, 1900)". Elephant. 2 (4): 1–4. doi:10.22237/elephant/1521732169. Roca, A. L.; Georgiadis, N.; Pecon-Slattery, J. & O'Brien, S. J. (2001). "Genetic...
that are not on the continental shelf are the Revillagigedo Islands and Rocas Alijos. Guadalupe Island and its islets are the westernmost region of Mexico...
pures et appliquées. III: 670–671. Driscoll, C. A.; Menotti-Raymond, M.; Roca, A. L.; Hupe, K.; Johnson, W. E.; Geffen, E.; Harley, E. H.; Delibes, M.;...
has been the heaviest project for me to make and I take pride in my vulnerability that came in the midst of creation." In an interview with Complex, JID...
in patients with somatization disorders tends to present a greater vulnerability to pain. The relevant brain regions include the dorsolateral prefrontal...
1071/WR9930177. Tsangaras, K.; Ávila-Arcos, M. C.; Ishida, Y.; Helgen, K. M.; Roca, A. L.; Greenwood, A. D. (2012). "Historically low mitochondrial DNA diversity...
up the basis of the modern Argentine State. Starting with Julio Argentino Roca in 1880, ten consecutive federal governments emphasized liberal economic...
which was renovated during the construction of Avenida de Mayo and Julio A. Roca. To the south is the Congreso de la Nación (National Congress), which currently...
Samateh, Ahmadou L; Antonio, Martin; Vives-Tomas, Joan; D'Alessandro, Umberto; Roca, Anna (May 2020). "COVID-19 pandemic in west Africa". The Lancet Global Health...
23–25 °C (73–77 °F) maxima, reaching as low as 21 °C (70 °F) in Cabo da Roca. Costa da Caparica is an exception to this rule as it is far less exposed...
Circuit from 2005 to 2006. From 2006 to 2007, she was an associate at Lewis & Roca in Phoenix, Arizona. In 2007, Desai joined the Phoenix law firm Coppersmith...
Sludskii 1992, p. 137. Driscoll, C. A.; Yamaguchi, N.; Bar-Gal, G. K.; Roca, A. L.; Luo, S.; MacDonald, D. W. & O'Brien, S. J. (2009). "Mitochondrial...