Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Vulnerability In RSA Cryptography

Posted by ryuzaki0 on from the predictions-of-trouble dept.

romiz writes, "Branch Prediction Analysis is a recent attack vector against RSA public-key cryptography on personal computers that relies on timing measurements to get information on the bits in the private key. However, the method is not very practical because it requires many attempts to obtain meaningful information, and the current OpenSSL implementation now includes protections against those attacks. However, German cryptographer Jean-Pierre Seifert has announced a new method called Simple Branch Prediction Analysis that is at the same time much more efficient that the previous ones, only needs a single attempt, successfully bypasses the OpenSSL protections, and should prove harder to avoid without a very large execution penalty." From the article: "The successful extraction of almost all secret key bits by our SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless." Le Monde interviewed Seifert (in French, but Babelfish works well) and claims that the details of the SBPA attack are being withheld; however, a PDF of the paper is linked from the ePrint abstract.

7 of 108 comments (clear)

  1. Not so bad... by statusbar · · Score: 4, Insightful
    From the Abstract:
    SBPA attacks empower an unprivileged process to successfully attack other processes running in parallel on the same processor

    So it requires a spy proccess to be running on the same processor as the server....

    --jeffk++

    --
    ipv6 is my vpn
    1. Re:Not so bad... by Beryllium+Sphere(tm) · · Score: 3, Insightful

      For example, on a shared server at a colo site?

    2. Re:Not so bad... by Anonymous Coward · · Score: 1, Insightful

      I hope you're being sarcastic. The report discloses how to turn off HTT on FreeBSD systems. Nowhere does it say HTT is off by default. In fact, the fact that they have to tell you how to turn it off means it is probably on by default. Otherwise there would be a report about how to turn it on.

  2. Multi-site servers at risk? by CamoCoatJoe · · Score: 5, Insightful

    Let me get this straight. To use this attack, you need to be running on the same hardware, but you don't need any particular access beyond that? If that's the case, any multi-site server that allows you to run your own server-side scripting is at risk.

    --
    This is not a signature.
  3. Re:Unsecure computer - no secrets. Big deal ! by Anonymous Coward · · Score: 1, Insightful
    But if he has such priviledged access to CPU, can't we just simply suppose he's also able to "see" what you type on your keyboard ?
    RTFA. The researchers claim that it does not require privileged access:

    "Moreover, despite sophisticated hardware-assisted partitioning methods such as memory protection, sandboxing or even virtualization, SBPA attacks empower an unprivileged process to successfully attack other processes running in parallel on the same processor."
  4. Re:Unsecure computer - no secrets. Big deal ! by Alsee · · Score: 3, Insightful

    problematic for systems used by multiple people

    And perhaps more signifigantly, it is problematic for idiots who think the definition of "secure/security" is using some DRM scheme hoping to "secure" a computer against its owner.

    The owner of a computer can use the technique in this article to keep an eye on his own computer and track what his computer is doing for him, and to record the DRM-keys being used to "secure" his own data against him.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  5. Re:RSA Isn't Broken, And This Is Localhost Only by tqbf · · Score: 2, Insightful

    You didn't even read the article.