Paper 2023/912

Randomness of random in Cisco ASA

Ryad Benadjila, CryptoExperts (France)
Arnaud Ebalard, ANSSI
Abstract

It all started with ECDSA nonces and keys duplications in a large amount of X.509 certificates generated by Cisco ASA security gateways, detected through TLS campaigns analysis. After some statistics and blackbox keys recovery, it continued by analyzing multiple firmwares for those hardware devices and virtual appliances to unveil the root causes of these collisions. It ended up with keygens to recover RSA keys, ECDSA keys and signatures nonces. The current article describes our journey understanding Cisco ASA randomness issues through years, leading to CVE-2023-20107 [CVE-2023-20107, CSCvm90511]. More generally, it also provides technical and practical feedback on what can and cannot be done regarding entropy sources in association with DRBGs and other random processing mechanisms.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
CiscoASARNGDRBGfirmware
Contact author(s)
ryadbenadjila @ gmail com
arnaud ebalard @ ssi gouv fr
History
2023-06-12: approved
2023-06-12: received
See all versions
Short URL
https://ia.cr/2023/912
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2023/912,
      author = {Ryad Benadjila and Arnaud Ebalard},
      title = {Randomness of random in Cisco ASA},
      howpublished = {Cryptology ePrint Archive, Paper 2023/912},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/912}},
      url = {https://eprint.iacr.org/2023/912}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.