SA-002: Potential Extraction of an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA

Vulnerability Type: Observable Timing Discrepancy

Affected Product(s): NPCT75x with Firmware versions 7.2.0.1, 7.2.0.2 and 7.2.1.0

Fixed Product(s): Firmware version: 7.2.2.0. Firmware updates are available from system OEMs.

Attack Type: Physical

Impact: Information Disclosure

Affected Components: Elliptic Curve Digital Signature Algorithm (ECDSA) signature

Attack Vector: An attacker with physical access to Nuvoton Trusted Platform Module NPCT75x (7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.

Severity: Medium

Detailed Description: Same as “Attack Vector”.

Discoverer(s)/Credits:

Research presented at http://tpm.fail

Common Criteria ITSEF: Serma Safety & Technology

Researcher: Antonio de la Piedra

CVE Identifier: CVE-2020-25082

Video Center

Technical Support

Technical Community

Learning Center

Security

Partnership Innovation Center

SA-002: Potential Extraction of an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA

以綠色半導體技術豐富人類生活的隱形冠軍

Content

Did you find the information you need ?

Layouts

Do you think it is easy to find the information you need ?

Layout style

Do you like the website color or picture configuration ?