Risky Business #244 -- Padding oracle attacks on crypto tokens: How bad?

Is the sky falling or is this a case of "nothing to see"?
 
Join the discussion 1 Comment
June 28, 2012 -- 

There's a lot of really interesting news this week. Adam Boileau is back on deck at the top of the show to discuss shitty security at the Ecuadorian embassy in London, the new tool DroidSheep, DARPA's (DERPA? Lol.) attempts at securing the architectural mess that is Android, dudes going to prison, other dudes getting away with stuff and much, much more!

In this week's feature interview we chat with Matthew D Greene, Assistant Research Professor at Johns Hopkins University's Information Security Institute. We're talking to him about some recently unveiled attacks against hardware tokens that enable attackers to extract key material that's supposed to be protected. Oops!

Matthew blogged about it here, and the paper we discuss is here [pdf].

This week's show is brought to you by our good friends at SensePost! Sensepost founder and director Charl Van Der Walt will be along in this week's sponsor interview to discuss what he's learned from teaching BlackHat courses for 10 years.

icon for podpress | Play in Popup | Download

Comments

pleriche's picture
Submitted by pleriche on Wed, 07/04/2012 - 23:30.

In relation to the SecureID 800 tokens, a question that remains open is whether the secret used to seed the 6 digit one-time passcode can be compromised by the attack on the USB certificate store end of it.

I was thinking that since the SecureID tokens with just a display and no USB are made by the million, and since likewise USB tokens are widespread, the two functions in a SecureID 800 token are probably quite separate, implemented by different chips with no electrical interconnections.

Last night, in order to try and confirm that theory, I attempted a brute force crypto-analytic attack on a dead SecureID token (using a hacksaw, a hammer and one or two other blunt instruments).

The grey and black plastic cover comes off relatively easily, but the innards are potted in acrylic resin or something similar. Having chipped away at this, it's clear that there's a single circuit board with several chips on it, and that the electronics for the two ends are not clearly separated.

An organisation I know of has recently replaced all their tokens following the previous RSA breach. They will be keen to know whether they need to do so once again! A definitive statement from RSA would be welcome.

Regards - Philip

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.