RVD#451: DDS cryptographic plugin, AES_GCM subject to forgery, key recovery and timing attacks, and nonce replay attacks

[vmayoral]

id: 451
title: 'RVD#451: DDS cryptographic plugin, AES_GCM subject to forgery, key recovery
  and timing attacks, and nonce replay attacks'
type: vulnerability
description: For the cryptographic plugin, AES_GCM and AES_GMAC are used for sign
  and encrypt functions, which are symmetric key operations. As discussed earlier,processing
  symmetric key operations are low latency, especially when cryptographic modes are
  combined into an atomic operation. A number of published papers have investigated
  the exploits using AES_GCM including forgery, key recovery and timing attacks, and
  nonce replay attacks. AES_GCM is mostly discussed in the papers, but GMAC is a mode
  of GCM in which no plaintext is supplied and the output is the authenticated field.
  First reported at https://journals.sagepub.com/doi/pdf/10.1177/1729881418770011
  by DiLuoffo et al.
cwe: CWE-208 (Information Exposure Through Timing Discrepancy)
cve: None
keywords:
- malformed
- 'robot component: DDS'
- 'robot component: FastRTPS'
- 'robot component: ROS2'
- 'vendor: ADLINK'
- 'vendor: RTI'
- 'vendor: eProsima'
- weakness
system: ROS 2
vendor: eProsima, ADLINK, RTI
severity:
  rvss-score: None
  rvss-vector: N/A
  severity-description: ''
  cvss-score: 0
  cvss-vector: ''
links:
- https://github.com/aliasrobotics/RVD/issues/451
- https://journals.sagepub.com/doi/pdf/10.1177/1729881418770011
flaw:
  phase: unknown
  specificity: N/A
  architectural-location: N/A
  application: N/A
  subsystem: N/A
  package: N/A
  languages: None
  date-detected: 2018-06-01 (00:00)
  detected-by: Vincenzo DiLuoffo, William R Michalson and Berk Sunar
  detected-by-method: N/A
  date-reported: 2019-10-07 (00:00)
  reported-by: Alias Robotics
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/451
  reproducibility: ''
  trace: null
  reproduction: ''
  reproduction-image: ''
exploitation:
  description: ''
  exploitation-image: ''
  exploitation-vector: ''
  exploitation-recipe: ''
mitigation:
  description: ''
  pull-request: ''
  date-mitigation: ''

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Flaw not identified as a vulnerability, weakness or exposure. Have you included # Vulnerability (or Weakness or Exposure) report at the top of the ticket?, see for more information or review other tickets to get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[github-actions[bot]]

Feedback (automatically generated):

• FIXME: Robot or Robot component not present in summary table or invalid, see for more information or review other tickets and get inspiration
• FIXME: CWD ID not present in summary table or invalid, see for more information or review other tickets and get inspiration
• FIXME: Attack vector not present in summary table or invalid, see for more information or review other tickets and get inspiration
• FIXME: ### Description not present or invalid, see for more information or review other tickets and get inspiration

Please review the feedback above. Once addressed, either request the removal of the malformed label to trigger another automatic review.

[vmayoral]

Same as https://github.com/aliasrobotics/RVD/issues/453, further triage is needed in here.