Infineon ROCA RSA Key Generation Update

Taglio LLC has been informed of a security issue in the firmware cryptographic libraries of the Infineon Technologies SLE78 Chip. This security vulnerability, known as ROCA, affects the generation of RSA keys on smart cards, as well as a large number of security products including USB security tokens and TPMs using this chip.

According to the researchers that discovered the vulnerability, the time and cost of recovering the private key is as followed:

1024 bit RSA keys would take 97 CPU days and would cost $40-$80.
2048 bit RSA keys would take 140.8 CPU years and cost $20,000-$40,000.

Once a private key has been recovered, an attacker can use that key to impersonate the owner of a certificate.

Are PIVKey devices affected?

Only the PIVKey C980 uses the Infineon Technologies SLE78 Chip. No other PIVkey devices uses the Infineon Technologies SLE78 Chip. At this time we are not aware of any security breaches due to this issue.

Mitigation Recommendations: Keys and certificates that are imported into the C980 are not affected by this vulnerability. To ensure the security of your keys, replace the card keys with imported keys[a].

Replacement:
Taglio LLC is working on bringing an updated C980 product to market. We expect this to be available sometime in December 2017. Until that time you have the following 2 options.
1. Replace your current C980 with a C910 card. Send us an email with “Send me a C910” and we will ship you a replacement C910 card as soon as possible. You will also receive a discount code for a new C980 when it becomes available.
2. Get a new C980. Send us an email with “Send me a new C980” and wait until the new C980 card is introduced. We will ship you the new C980 as soon as it becomes available.


Relevant Articles:

* https://crocs.fi.muni.cz/public/papers/rsa_ccs17
* https://www.reuters.com/article/us-infineon-cyber/infineon-says-has-fixed-encryption-flaw-found-by-researchers-idUSKBN1CL2KC
* https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

 

Have more questions? Submit a request

2 Comments

  • 0
    Avatar
    Larry Lambert

    What is the status of the updated C980?  If I order more now, do they still have the vulnerability?

  • 0
    Avatar
    Marci Tenpas

    Hi Larry,


    Thank you for your interest and questions!

    Due to the vulnerability, we do not currently have C980 cards in stock.

    At this point it is still unclear when the replacement cards will be available.  We have not received a concrete date from Infineon, but are hoping the cards will get to us by mid-year.

    We appreciate your patience and understanding!
    ~Taglio Support

Article is closed for comments.
Powered by Zendesk