Infineon security microcontroller flaw enabled extraction of TPM secret keys

A few months ago, security researcher Thomas Roche presented his fundamental research on secure elements used in the YubiKey 5. The security element is the Infineon SLE78, which contains a proprietary implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA).

Using side-channel attacks and a great deal of smart research, the author discovered a vulnerability in Infineon Technologies' cryptographic library and, as a result, was able to extract the ECDSA secret key from the secure element. The cost of the setup was €10,000, including the laptop.

Let me quote the author: "...in fact, all Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack."

Infineon is one of the most popular manufacturers of secure elements across many industries, including:

🔮 Automotive - used for SecOC and V2X key storage

🔮 Medical - used for secure communication, device pairing, and patient data storage

🔮 OT (Operational Technology) - used to ensure secure data transmission and device authentication

🔮 Avionics - used to ensure firmware integrity, protect IFEC systems, and enable secure communication with ground systems

...and more.

Please stay safe and share this with your peers responsible for security and safety. It's important for them to be informed.

More details:

Side-Channel Attack on the YubiKey 5 Series [PDF]: https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf