Study: IoT Devices Have Alarmingly Weak RSA KeysWeakness Lies in Devices Without Quality Entropy Sources
Math protects data on the internet. Strong encryption is virtually impenetrable - if implemented correctly. But a new study shows that last point is - pun intended - key.
Three major studies since 2012 have looked at the strength of RSA digital certificates used in encryption protocols such as SSL/TLS and SSH. RSA key pairs are generated by multiplying two very large, random prime numbers together.
The security comes from the computing difficulty in key factoring, or breaking down a key into its component prime numbers. For 2,048-bit keys, this is impossible with today's computing power, although quantum computing holds potential to do that.
But while long public keys may seem secure, they're not if those component prime numbers haven't been randomly generated. Poor randomness can result in RSA keys sharing the same factors, and therein lies the problem.
In a peer-reviewed study presented at the IEEE's recent International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, researchers from Keyfactor found that IoT devices are a sticky area.
"The widespread susceptibility to these IoT devices poses a potential risk to the public due to their presence in sensitive situations," according to the research paper "Factoring RSA Keys in the IoT Era."
Factoring Attack: Cheaper Than Before
Keyfactor analyzed 75 million RSA certificates collected from the internet and found that 435,000 certificates shared a same factor. That works out to be about 1 in 172 certificates.
Sharing the same factor allows for mathematical calculations that allow for the deduction of the private key. With a private key, an attacker can conduct man-in-the-middle attacks, decrypting or meddling with data. That's a particularly dangerous situation given the growth of IoT in the medical and automotive industries.
The difference between the latest study and the previous ones is that Keyfactor came to its conclusion using a single Microsoft Azure virtual machine as well as new optimizations for the analysis, says J.D. Kilgallin, a senior integration engineer with Keyfactor.
"That makes it so much more probable that somebody could implement this themselves," Kilgallin says. "With under $3,000 of compute time in Azure, we were able to break 435,000 certs [certificates]. We showed that this attack is very easy to execute now."
The problem largely centers around internet of things devices that can't generate enough entropy, or random input, when generating prime numbers, says Ted Shorter, chief technology officer and co-founder of Keyfactor. Generally, IoT devices have less processing power and thus less entropy available for key generation, he says.
"That's where we really see people falling into problems," Shorter says.
Entropy: The Key to Keys
Operating systems have pseudo random number generators that gather entropy all the time as a machine is used, Shorter says. When the same machine is asked to generated a random number, that number is fairly unpredictable. The same process is not as easy to do on IoT devices.
"All too often when you ask them [IoT devices] to generate a random number, they will generate the same ones with a higher degree of frequency than they should," Shorter says.
In one extreme example, they found a factor for an 8,192-bit RSA key. For a key that long, "you'd never expect to have a collision by chance in the lifetime of the universe," Kilgalli saysn. Shorter puts it this way: It's an extremely long key with very poor randomness.
The latest results put the onus on device manufacturers to ensure their devices are generating secure keys by gathering enough entropy first, Shorter says. Enterprises that have IoT devices can help mitigate the risks by ensuring default credentials are changed on devices, which may allow for more entropy as a part of that process, he says.
Shorter says Keyfactor frequently gets queries about safe IoT procurement, but hardly anyone asks about the importance of entropy.
"Take entropy seriously as a part of product evaluations," he says. "That's the way things get changed - by prospective customers asking hard questions of the vendors that they're speaking with."