Scientists crack RSA SecurID 800 tokens, steal cryptographic keys

Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices that corporations and government organizations use to access networks, encrypt hard drives, and digitally sign e-mails.

The exploit, described in a paper to be presented at the CRYPTO 2012 conference in August, requires just 13 minutes to extract a secret key from RSA's SecurID 800, which company marketers hold out as a secure way for employees to store credentials needed to access confidential virtual private networks, corporate domains, and other sensitive environments. The attack also works against other widely used devices, including the electronic identification cards the government of Estonia requires all citizens 15 years or older to carry, as well as tokens made by a variety of other companies.

Security experts have long recognized the risks of storing sensitive keys on general purpose computers and servers, because all it takes is a vulnerability in a single piece of hardware or software for adversaries to extract the credentials. Instead, companies such as RSA; Belcamp, Maryland-based SafeNet; and Amsterdam-based Gemalto recommend the use of special-purpose USB sticks that act as a digital Fort Knox that employees can use to safeguard their credentials. In theory, keys can't be removed from the devices except during a highly controlled export process, in which they're sealed in a cryptographic wrapper that is impossible for outsiders to remove.