Scientists from Czech Republic disclosed a vulnerability in specific smartcard chips produced by Gemalto related to generation of keys used for electronic signatures. Those chips were distributed as a part of governmental spread signature services at least in Estonia and Slovakia. That is know well know security weakness identified, that led after some delays to governments advising to revoke all issued qualified electronic signatures and stopping all e-government based services until the mitigation plans are clear.
The situation give rise to several questions on the root causes, overall security of electronic signatures and possible
The attack exploited how the specific chip generates the RSA keys. Those specific weakly generated keys are then hackable. If the key is properly generated and assumed long enough to be secure (about and above 2048 bits), there is not publicly known fast algorithm to break the RSA signing algorithm as such.
One must be careful as even well created keys of length below 1024 bits are considered not secure, with reasonable limit of 2048, which is the case in Slovakia and Estonia.
RSA algorithm is based on problem of not knowing how to fast factor very long numbers to prime number, however this problem is not proven to be secure. Thus, in the future there can be found another security weakness in the algorithm itself – this happen with crypto algorithms all the times. The RSA algorithm is 40 years old. Positively know is that a so-called quantum computers will be breaking RSA algorithm, though this technology is fresh and not know to be advanced enough to break 2048 bit RSA keys (current know state-of-art is in order of 100s of bits). A new algorithm based on so called elliptic curves is preferred due to the fact it require smaller keys to be equally secure as longer RSA keys.
The manufacturer might not be blamed for the flaw in full. Electronic signature solutions are undergoing security audits at all levels – from physical chips, firmware and software and the solutions achieved certification. This does not mean that more prudent quality assurance on the side of the manufacturer could not prevent such a flaw going to the market distributed product.
Slovak Minister of Interior challenge experts to hack his personal ID-card. The systems allowing to exploit the issue is estimated to costs 20 000 to 30 000€. Without too much thinking – definitely yes, attackers may afford to buy such a machine. It is known that attackers from some countries spend in the order of billion dollars on hacking on annual basis.
Slovak government argues that timestamped signatures might be valid. I am skeptical here. One needs to differentiate security level of components here:
Timestamp only testifies the time of the document signature, not documents or signatures validity.
Now think of the following scenario:
And know we have a correctly timestamped hacked document signature. Careful reader, please correct me if I am wrong.
This is requires knowing more from my side. As the problem is not in the algorithm itself, but implementation, there are two options for fixing the issues: a) change of the “firmware” – software working close to the chip and in this case loading a new firmware could help, b)
Quantum computers are considered nemesis for several used cryptographic algorithms. Nevertheless there are already know algorithms that are safe even in the era of quantum computers.
About the author: Julius Siska holds PhD. degree in cryptography and applied mathematics, currently is in senior management roles in fintech and financial services.