KeyFactors latest study shows that many IoT device manufacturers aregenerating insecure RSA keys
1 in 172. Thats the number of RSA public key certificatesavailable through the internet that could be vulnerable to compromise due toshared cryptographic key factors.
These findings are according to a recent report on RSA certificate vulnerability from KeyFactor, a leading provider of secure digital identity management solutions and an established authority in the cybersecurity industry. A team of KeyFactor researchers presented their findings at the First IEEE Conference on Trust, Privacy, and Security in Intelligent Systems and Applications in December. The data indicates that due to improper random number generation, many RSA public keys are at risk of compromise because the researchers were able to use them to derive their private keys through a method known as factoring.
Essentially, the research indicates that RSA is stillsecure, but many companies are implementing it in insecure ways. As such, it underscoresthe importance of organizations and manufacturers being crypto agile andadhering to cryptographic best practices to maintain trust and security.
But just how big of a potential impact would compromising RSA keys have? While theres no single reliable resource we can point you to that shows X% of certificates issued use RSA keys, what we can tell you as a company that sells a lot of them is that its a lot. Considering that Gartner forecasts that there will be 25 billion IoT devices in use by 2021, thats potentially a lot of vulnerable RSA certificate keys in the wild that cybercriminals could exploit.
In this article, well break down the data from the study,rehash what RSA is, and explore the implications of what the research means foryour organization.
Lets hash it out.
KeyFactor, a company we work with at The SSL Store, has made a name for itself as an IoT device security leader in the industry since the companys inception in 2001. A force to be reckoned with, theyre dedicated to empowering enterprises of all sizes through their award-winning PKI-as-a-service platform. Theyre also known for their research collaborations with other respected organizations such as The Ponemon Institute.
This particular report on RSA certificate vulnerabilites,written by JD Kilgallin, states that the company collected and analyzed 175million RSA certificate public keys 75 million they discovered on theinternet, plus 100 million that were available through certificate transparency(CT) logs. They used a single Microsoft Azure cloud-hosted virtual machine and agreatest common divisor (GCD) algorithm for shared factors to conduct their analysis.
Heres what they discovered:
The big takeaway here is that some IoT device manufacturersare using random number generators that lack strong entropy. Its more a matterof operator error than an actual weakness in the RSA algorithm itself. As aresult of using random number generators (RNGs) with low entropy, theyregenerating prime numbers with poor randomness, which leads to the generation ofprivate keys that can be compromised more easily.
But what does this mean in terms of information security?
Kilgallin cautions the following:
In 2019, with the large number of devices on the Internet and in other data sets like Certificate Transparency (CT) logs,this attack presents a serious threat if proper precautions are not in place. As the number of keys grows, it is more likely that weakly generated factors in RSA public keys will be discovered. Coupled with the availability of cheap computing resources and sensitivity of communications, the attack is as potent as ever.
At the most basic level, RSA public keys are the result of two large, randomly generated prime factors. Theyre created using random number generators. This means that the entire security premise of the RSA algorithm is based on using prime factorization as a method of one way encryption. So, in other words, its operating under the assumption that no one can determine two randomly-generated prime numbers within a reasonable amount of time that no one can crack the encryption of an SSL/TLS certificate until long after its replaced or expired.
Well, considering that it took a group of researchers more than 1,500 years of computing time (across hundreds of computers) to factor a 232-digit algorithm, that assumption seems plausible. But in reality, RSA is sometimes not as secure as wed like it to be. Its not that RSA itself is insecure its that some companies implement it in a weak way.
Thats because some random number generators arent reallythat random. Furthermore, considering that the same RNGs are frequently usedtime and again, it reduces their effectiveness. If RSA public keys are generatedwith poor randomness, it means they could be vulnerable to a factoringcyberattack.
In this type of attack, cybercriminals collect large sums ofpublic keys from the internet and analyze them to determine whether any twoshare the same factor. If two RSA moduli share one prime factor, it couldresult in a collision when applied to a large dataset. What this does is allowthe actor to crack the corresponding private key.
All of this leads to this concern:
As the number of keys grows, it is more likely that weakly generated factors in RSA public keys will be discovered. Coupled with the availability of cheap computing resources and sensitivity of communications, the attack is as potent as ever.
Yikes. But there is a bit of light at the end of the tunnel.
According to the report concerning the factoring attacks, only 5 of 100million certificates found in a sample from Certificate Transparency logs arecompromised by the same technique. What this means is that only the fivecompromised certificates found in CT logs were publicly-trusted (and no longerin use online) the rest were self-signed, privately-rooted, or devicecertificates. But, still, thats five too many for our taste.
Weve talked about the risks of using self-signed certificates in external-facing applications in the past. Its one thing to use them on intranets and internal-facing applications; its another to use them to secure sites or devices that are discoverable via the internet.
Thediscrepancy between the number of CA-signed certificates that were compromisedand the others, the researchers say, is likely due to IoT devices being moreeasily accessible on the internet and by the design constraints and entropylimitations of power-restricted devices.
In thereport, Kilgallin says:
These concerning findings highlight the need for device manufacturers, website and network administrators, and the public at large to consider security, and especially secure random number generation, as a paramount requirement of any connected system.
Manage Digital Certificates like a Boss
14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant.
We keep talkingabout RSA encryption, RSA algorithms, and RSA keys. But what exactly is RSAitself? Lets take a moment for a brief review for those of us who arent asfamiliar with this type of cryptography.
RSA, named after the MIT cryptographers who created it (RonRivest, Adi Shamir, and Leonard Adleman), is one of the two most popular publickey encryption algorithms in use today. In SSL/TLS, it can be used for digitalsignatures and key exchange to establish a secure, encrypted communicationchannel. This way, you dont leave your sensitive data at risk by transmittingit through a non-secure channel.
The RSA algorithm is comprised of four essential components:
But, wait, were talking about the RSA algorithm. Ithought we were supposed to be talking about RSA encryption keys?
We are in a roundabout sort of way. RSA refers to both asignature algorithm (a cryptographic operation) and an encryption key pair. TheRSA algorithm is used to generate an RSA key pair that includes both privateand public keys. The first generates digital signatures, whereas the secondverifies those created signatures.
But when we talk about an encryption key, what do we reallymean?
A cryptographic key, in a nutshell, is a string ofrandomly-ordered bits (binary digits) meaning a gargantuan string of hundredsor even thousands of 1s and 0s. Keys are integral to modern day public keyinfrastructure (PKI) and encryption as a whole. Keys in cryptography are like therice to your sushi or the cream filling for your Oreo cookies theyreessential components.
In the olden days (you know, before modern technology), akey was the secret roadmap, if you will, of an encryption technique. Its whatthe sender would use to encrypt the message, and the recipient would use todecrypt the message. Its much the same today, but instead of using hand-writtenkeys that are written in invisible ink or hidden away, theyre digital bits ofinformation that are transmitted electronically.
A key can be either asymmetric or symmetric. RSA keys are asymmetric. Every asymmetric key comes in a pair of mathematically-related but different public and private keys, and each key serves as different purpose to encrypt (public key) and to decrypt (private key) data, as well as to create a shared key.
If a certificates RSA public key that was generated withweak entropy is targeted through a factoring attack, then its shared primenumbers could be used to derive the certificates private key, making RSAessentially useless.
But, thankfully, RSA isnt the only hitter in the game. Theresanother type of key that we havent mentioned yet ECC.
ECC, or elliptic curve cryptography, is an approach to cryptography that offers greater security and performance than RSA. Thats because it doesnt rely on random number generation. Instead of RNG, ECC takes advantage of the math behind elliptic curves. If you dont know what Im talking about, think back to your school days and the joys of plotting using coordinates on the Y- and X- axes (yeah, thats still a thing of nightmares for me, too).
I wont get into the actual calculations of elliptic curveshere you can read more about that in one of our other blogposts on ECC. But the point here is that its a public key cryptosystemthat relies on mathematical calculations based on specific points on anelliptic curve rather than a random number generator that could fail.
Another benefit of ECC over RSA is that ECC scales well. Thatsbecause its keys are smaller, which results in less computational overhead andbetter performance.
See what I mean?
A third advantage ECC has over RSA is that theres a variation of it supersingular elliptic curve isogeny cryptography thats also less vulnerable to concerns that stem from quantum computing. The National Institute of Standards and Technology (NIST) predicts that the public key cryptography we know and use today will fail once quantum computing becomes mainstream.
But the impact of quantum computing on existing cryptosystems is a whole nother conversation in and of itself. And dont worry, the sky isnt falling CAs are ahead of the curve in developing new cryptographic methods that will be quantum secure.
The drawback of ECC is that it isnt frequently used becauseits not as widely supported as RSA. While its supported by most modernoperating systems and web browsers including Chrome, Safari, Firefox, and IE ECC isnt yet supported by a lot of the web hosting control panels (such as cPanel)as of yet. Unfortunately, this means that many website owners cant yet use ECCeven if they want to.
Overall, the KeyFactor research showcases how weak some RSAkeys are that are currently in use across the internet. It also drives home thepoint that organizations and device manufacturers in particular need to do moreto protect the consumers who trust them to protect their sensitive orconfidential information and privacy.
What this means for device manufacturers is that they needto:
KeyFactor researchers define crypto agility as knowingeverywhere cryptography is used across your organization (i.e. certificates,algorithms, protocols, and libraries), and being able to quickly identify andremediate vulnerabilities, without disruption.
To be crypto agile, you need to stay abreast of compromisesand breaches in security and also try to stay one step ahead of cybercriminals.You also need to be responsive to changes. In IoT device security, that meansyou need to be able to maintain trust by keeping your devices secure throughouttheir lifecycles.
In PKI, it in part boils down to using automated certificate management solutions. A reliable certificate management solution provides visibility into your network and helps you to easily track, monitor, and renew your certificates to avoid certificate outages. Throw away the spreadsheets and get rid of your manual tracking processes automation is the name of the game.
So, let us take a moment to summarize everything wevereally touched on in this article. KeyFactor research shows that:
Read more here:
How Secure is RSA in an Increasingly Connected World? - Hashed Out by The SSL Store - Hashed Out by The SSL Store