Researchers Exploit Low Entropy of IoT Devices to Break RSA Certificates

The hardware limitations of the Internet of Things means the digital certificates these devices rely on to encrypt data can be easily compromised

3 min read
Illustration of a digital key surrounding icons relating to the internet of things.
Illustration: iStockphoto

Many Internet of Things (IoT) devices rely on RSA keys and certificates to encrypt data before sending it to other devices, but these security tools can be easily compromised, new research shows.

Researchers from digital identity management company Keyfactor were able to compromise 249,553 distinct keys corresponding to 435,694 RSA certificates using a single virtual machine from Microsoft Azure. They described their work in a paper presented at the IEEE Conference on Trust, Privacy, and Security in Intelligent Systems and Applications in December.

“With under $3,000 of compute time in Azure, we were able to break 435,000 certificates,” says JD Kilgallin, Keyfactor’s senior integration engineer and researcher. “We showed that this attack is very easy to execute now.”

The researchers didn’t break RSA encryption, but took advantage of how public and private keys are generated. The private key, which is kept secret by the owner, consists of two large, randomly chosen prime numbers, while the public key is the product of those two numbers.

The public key is associated with a certificate, which is a document signed with the trusted party’s private key. The certificate acts as proof that the given public key is associated with the private key and that the public key can be used to encrypt or validate data sent to or from the device. The security of the RSA certificate relies on the difficulty of factoring the prime factors that were randomly chosen to make the keys.

If the prime numbers used to generate a key are truly random, then it shouldn’t be computationally feasible to factor the resulting key, Kilgallin says. However, if the numbers aren’t sufficiently random, the keys can share the same factors, making it possible to calculate and derive the private keys.

The researchers scanned the entire Internet and found 75 million active RSA certificates. Of those certificates, more than 435,000 certificates shared “prime factors,” which translates to about one in every 172 RSA certificates in use on the Internet.

As a point of comparison, the team also pulled 100 million certificates from certificate transparency logs—generated by certificate authorities on powerful servers—and found just five certificates with shared factors.

While many of the certificates with shared factors detected in this research belonged to IoT and networking devices such as routers, it was sometimes difficult to tell how the device was being used and where it was located, Kilgallin says.

So why did some of these devices produce such similar keys? 

What Is Entropy?

This is where the concept of entropy comes in. A computer constantly gathers entropy—signals and information that can’t be predicted—and uses that information to generate random numbers. When asked for a random number, the machine must have collected enough details to fundamentally alter its state from when it first booted up, or from the last time the machine was asked. If the machine’s state hasn’t changed that much, it’s more likely to re-generate the same number.

“This is about randomness, not breaking RSA,” says Ted Shorter, chief technology officer and co-founder of Keyfactor. “If things aren’t random, then the whole thing can fall over.”

Entropy can be affected by many things, such as inputs from the keyboard, mouse movement, fan speed, and how fast the hard disk drive is spinning. Windows machines can collect information from the motherboard’s Trusted Platform Module chip, Unified Extensible Firmware Interface (the interface connecting the computer’s firmware to the operating system), and the hardware system clock.

Embedded systems, like those used in IoT devices, have difficulty gathering entropy as they tend to have fewer components—no mouse or keyboards—and may be running stripped down operating systems. That means the machine state may not have changed enough to generate truly random numbers, says Will Ackerly, co-founder and chief technology officer of email encryption and digital privacy company Virtru.

While industrial IoT products, such as systems that control robots on an assembly line, would have plenty of entropy, sensors and many consumer devices face limitations.

The entropy problem in IoT has been known for a while, but Keyfactor’s research shows that attacks that exploit this problem are easier to carry out than previously thought, Ackerly says. Developers can’t be complacent about entropy, especially as IoT devices become more widespread in medical and automotive systems. One way to avoid such issues is to use established software libraries to generate random numbers instead of devising workarounds, such as seeding a custom-made random number generator with an identifier that’s easy to guess (like the device’s MAC address).

Hardware manufacturers or software providers developing kits for developers should include established libraries in those kits and provide instructions for how to use them. 

“The more we can standardize software libraries that are understood to be secure and have people using them, all the better,” Ackerly says. “Don’t give them the opportunity to shoot themselves in the foot.”

It’s up to manufacturers, vendors, and developers to make sure the systems have sufficient entropy, though customers can always ask vendors how entropy is handled in their devices.

The Conversation (0)

How the FCC Settles Radio-Spectrum Turf Wars

Remember the 5G-airport controversy? Here’s how such disputes play out

11 min read
This photo shows a man in the basket of a cherry picker working on an antenna as an airliner passes overhead.

The airline and cellular-phone industries have been at loggerheads over the possibility that 5G transmissions from antennas such as this one, located at Los Angeles International Airport, could interfere with the radar altimeters used in aircraft.

Patrick T. Fallon/AFP/Getty Images

You’ve no doubt seen the scary headlines: Will 5G Cause Planes to Crash? They appeared late last year, after the U.S. Federal Aviation Administration warned that new 5G services from AT&T and Verizon might interfere with the radar altimeters that airplane pilots rely on to land safely. Not true, said AT&T and Verizon, with the backing of the U.S. Federal Communications Commission, which had authorized 5G. The altimeters are safe, they maintained. Air travelers didn’t know what to believe.

Another recent FCC decision had also created a controversy about public safety: okaying Wi-Fi devices in a 6-gigahertz frequency band long used by point-to-point microwave systems to carry safety-critical data. The microwave operators predicted that the Wi-Fi devices would disrupt their systems; the Wi-Fi interests insisted they would not. (As an attorney, I represented a microwave-industry group in the ensuing legal dispute.)

Keep Reading ↓Show less