Minerva attack can recover private keys from smart cards, cryptographic libraries
Czech academics have detailed this week a new cryptographic attack that can recover private keys used to sign operations on some smart cards and cryptographic libraries. Once obtained, the private key can allow attackers to spoof any smart cards or sign other cryptographic operations secured by the affected libraries.
The attack, named Minerva, was discovered earlier this year in March by academics from the Centre for Research on Cryptography and Security at the Masaryk University, in the Czech Republic.
What's vulnerable
It impacts Athena IDProtect smart cards, which are used in the government and private sector as access cards, but can also be used for shopping/gift cards, for public transport, or in healthcare.
Not all Athena IDProtect smart cards are vulnerable, though, researchers said. Only cards with an Inside Secure AT90SC chip and which use the Atmel Toolbox 00.03.11.05 cryptographic library are vulnerable.
Athena IDProtect smart cards manufactured after 2015 are all safe. That's when NPX Technologies bought the old Athena SCS company and migrated the IDProtect card to new hardware and software, which is not affected.
The Masaryk University team only tested Athena IDProtect smart cards, but they also believe other smart cards may also be affected, such as those from Valid, SafeNet, and TecSec.
In addition, the same cryptographic flaw at the heart of the Atmel Toolbox crypto library was also found in other cryptographic toolkits.
For the past year, the research team has been working to notify impacted projects. Libgcrypt, wolfSSL, and Crypto++ have issued patches over the summer to fix this bug. Maintainers of MatrixSSL fixed some issues, but the library remains vulnerable. Oracle's SunEC library remains open to attacks.
The Minerva attack
The Minerva attack at the heart of all these issues is a classic side-channel attack. A side-channel attack is when a third-party observes leaks in cryptographic operations that, when put together, can help the attacker break the encryption scheme and reconstruct the original data.
This is what happens in Minerva, as well. The Czech team found a problem in the ECDSA and EdDSA algorithms used by the Atmel Toolbox crypto library to sign cryptographic operations on Athena IDProtect cards.
These operations leaked "the bit-length of the scalar during scalar multiplication on an elliptic curve," researchers said.
If an attacker is able to observe or record enough cryptographic operations signed by a vulnerable smart card or by one of the vulnerable open-source cryptographic libraries, then they'll be able to compute the private encryption keys that sign these operations.
During tests, researchers said they only needed to record 11,000 operations (card swipes) from an Athena IDProtect card to obtain in private key. All this process took 30 minutes, researchers said.
With the private key, an attacker can create clone cards, or encrypt or decrypt data secured by one of the open-source cryptographic libraries.
A rare practical attack
On Twitter, cryptography and infrastructure engineer Tony Arcieri described the attack as "practically exploitable," meaning it can be used in the real world, rather than just being a theoretical issue, as most side-channel attacks have been.
Minerva: practically exploitable side-channel vulnerabilities in implementations of ECDSA/EdDSA in programmable smart cards and cryptographic software libraries permitting full key recovery https://t.co/foSZlIkoK5 pic.twitter.com/YHgbplwJ0v
— Tony "ABOLISH ICE" Arcieri (@bascule) October 2, 2019
Companies that use older Athena IDProtect smart cards are advised to check technical specifications and see if their cards are impacted by this issue.
Users or companies that used one of the open-source crypto libraries are advised to update to a newer release.
While most of the Chech team's work focused on the Athena smart cards, the biggest impact is in the open-source libraries.
Attackers who want to get the private encryption key from a smart card would need access to that smart card, in the first place. This is not a trivial requirement, especially if the cards are used as access cards, and they're not easy to get ahold of.
On the other hand, it's much easier to obtain cryptographic operations signed by the vulnerable crypto libraries, either from observing web traffic or data stored on a computer or mobile device. Updating these open-source crypto libraries should be at the top of any developer this week.
Additional information about the Minerva attack can be found on this website, along with proof-of-concept code, a more in-depth explanation of the cryptographic attack/issue, and tools to aid testing for vulnerable cards.