CryptoDB
EUCLEAK
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | In this talk I will present a side-channel vulnerability in the cryptographic library of Infineon Technologies, one of the most important secure element manufacturers. This vulnerability – that went unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non constant-time modular inversion. The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract an ECDSA secret key. The attack is performed on a FIDO hardware token from Yubico where it allows to create a clone of the FIDO device. Yubico acknowledged that all YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact we show that all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library are vulnerable to the attack. |
| Video: | https://youtu.be/IpYqFpyB2pk |
BibTeX
@misc{rwc-2025-35879,
title={EUCLEAK},
note={Video at \url{https://youtu.be/IpYqFpyB2pk}},
howpublished={Talk given at RWC 2025},
author={Thomas Roche},
year=2025
}