Chat with us, powered by LiveChat

SA-002: Potential Extraction of an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA

Vulnerability Type: Observable Timing Discrepancy

Affected Product(s): NPCT75x with Firmware versions 7.2.0.1, 7.2.0.2 and 7.2.1.0

Fixed Product(s): Firmware version: 7.2.2.0. Firmware updates are available from system OEMs.

Attack Type: Physical

Impact: Information Disclosure

Affected Components: Elliptic Curve Digital Signature Algorithm (ECDSA) signature

Attack Vector: An attacker with physical access to Nuvoton Trusted Platform Module NPCT75x (7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

Severity: Medium

Detailed Description: Same as “Attack Vector”. 

Discoverer(s)/Credits:

Research presented at http://tpm.fail

Common Criteria ITSEF: Serma Safety & Technology

Researcher: Antonio de la Piedra

CVE Identifier: CVE-2020-25082

This website uses cookies to ensure you get the best experience on our website. Learn more
OK