• 180

    počet videní

  • Nevhodný obsah

julius_siska

Cryptographer’s view on broken electronic signature in Slovakia and Estonia

Scientists from Czech Republic disclosed a vulnerability in specific smartcard chips produced by Gemalto related to generation of keys used for electronic signatures. Those chips were distributed as a part of governmental spread signature services at least in Estonia and Slovakia. That is know well know security weakness identified, that led after some delays to governments advising to revoke all issued qualified electronic signatures and stopping all e-government based services until the mitigation plans are clear.

The situation give rise to several questions on the root causes, overall security of electronic signatures and possible

  • Is the underlying RSA algorithm broken?

The attack exploited how the specific chip generates the RSA keys. Those specific weakly generated keys are then hackable. If the key is properly generated and assumed long enough to be secure (about and above 2048 bits), there is not publicly known fast algorithm to break the RSA signing algorithm as such.

One must be careful as even well created keys of length below 1024 bits are considered not secure, with reasonable limit of 2048, which is the case in Slovakia and Estonia.

  • Can we expect RSA algorithm to be broken again?

RSA algorithm is based on problem of not knowing how to fast factor very long numbers to prime number, however this problem is not proven to be secure. Thus, in the future there can be found another security weakness in the algorithm itself – this happen with crypto algorithms all the times. The RSA algorithm is 40 years old. Positively know is that a so-called quantum computers will be breaking RSA algorithm, though this technology is fresh and not know to be advanced enough to break 2048 bit RSA keys (current know state-of-art is in order of 100s of bits). A new algorithm based on so called elliptic curves is preferred due to the fact it require smaller keys to be equally secure as longer RSA keys.

  • Could the issue be prevented by the chip manufacturer?

The manufacturer might not be blamed for the flaw in full. Electronic signature solutions are undergoing security audits at all levels – from physical chips, firmware and software and the solutions achieved certification. This does not mean that more prudent quality assurance on the side of the manufacturer could not prevent such a flaw going to the market distributed product.

  • Could a hacker afford to pay to attack?

Slovak Minister of Interior challenge experts to hack his personal ID-card. The systems allowing to exploit the issue is estimated to costs 20 000 to 30 000€. Without too much thinking – definitely yes, attackers may afford to buy such a machine. It is known that attackers from some countries spend in the order of billion dollars on hacking on annual basis.

  • Are timestamped signatures still valid or not?

Slovak government argues that timestamped signatures might be valid. I am skeptical here. One needs to differentiate security level of components here:

  • Security of timestamping system – it is not compromised and is considered OK.
  • Security of e­government solution for requesting the timestamp – might be less secure as the electronic signature as there are typically lower requirements. So a hacker might be able to forge a timestamp request and get a hacked signature to be timestamped correctly.
  • Security of key used to create a signature – that is the discussed issue.

Timestamp only testifies the time of the document signature, not documents or signatures validity.

Now think of the following scenario:

  1. Your signature key is hacked by the exploit.
  2. The hacker signs on your behalf a document.
  3. As the exploit was not known some time ago, your certificate was valid at the that time.
  4. Attacker request a timestamp of the signature.

And know we have a correctly timestamped hacked document signature. Careful reader, please correct me if I am wrong.

  • Does the issue require to change the ID-card?

This is requires knowing more from my side. As the problem is not in the algorithm itself, but implementation, there are two options for fixing the issues: a) change of the “firmware” – software working close to the chip and in this case loading a new firmware could help, b)

  • What should governments do to fix the issues?
  1. If anything is wrong with the signing keys, the immediate step (a normal one) should be its revocation.
  2. If the key generation problem is fixable by a firmware, the government should initiate upload of the new firmware to the affected physical ID card chips.
  3. If it is a physical chip issue, new ID card are required to be issued – requiring physical visits of citizens to registration places.
  4. More prudent controls and more future-proof  algorithms and stronger/longer keys to be used in the national schemes.
  • Is there future for electronic signature after quantum computers are available?

Quantum computers are considered nemesis for several used cryptographic algorithms. Nevertheless there are already know algorithms that are safe even in the era of quantum computers.

 

About the author: Julius Siska holds PhD. degree in cryptography and applied mathematics, currently is in senior management roles in fintech and financial services.

Komentáre (1)

Peter Nôta

Výborne spracované. Konečne som tomu pochopil