Researchers Find Way To Zap RSA Algorithm

← Back to Stories (view on slashdot.org)

Researchers Find Way To Zap RSA Algorithm

Posted by timothy on Thursday March 4, 2010 @08:02AM from the vhat-here-in-ze-laboratory dept.

alphadogg writes "Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace. The researchers in their paper outline how they made the attack (PDF) on a SPARC system running Linux."

46 of 173 comments (clear)

Min score:

Reason:

Sort:

Like lead pipe cryptanalysis... by Anonymous Coward · 2010-03-04 08:06 · Score: 5, Funny

...whether interrogating a human or a computer, apparently it is a simple matter of voltage.
Article == Summary by fishwallop · 2010-03-04 08:06 · Score: 4, Informative

The only thing the article "ads" to the summary posted here is a pretty splash screen, which in my case tried to sell me SQL Server.
1. Re:Article == Summary by Sir_Lewk · 2010-03-04 08:11 · Score: 3, Informative
  
  A first poster that actually RTFA? What the hell is slashdot coming to?!?
  He's right though, skip TFA and just read the linked PDF if you want more details.
  
  --
  "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
2. Re:Article == Summary by wizardforce · 2010-03-04 08:38 · Score: 2, Informative
  
  There are two articles, one is mostly worthless. The other is a PDF which is actually much more informative. The attack focuses on the implementation of RSA in OpenSSL and uses a cluster of processors to carry out the attack. All in all TFA notes that about a year of computing time is actually required to extract the key. The voltage manipulation causes faults which are used to extract the key after quite some time.
  
  --
  Sigs are too short to say anything truly profound so read the above post instead.
3. Re:Article == Summary by electrostatic · 2010-03-04 11:50 · Score: 3, Informative
  
  A very pertinent comment.
  
  Level 4
  
  Security Level 4 provides the highest level of security.
  
  At this security level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access.
  
  Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate zeroization of all plaintext CSPs.
  
  Security Level 4 cryptographic modules are useful for operation in physically unprotected environments. Security Level 4 also protects a cryptographic module against a security compromise due to environmental conditions or fluctuations outside of the module's normal operating ranges for voltage and temperature. Intentional excursions beyond the normal operating ranges may be used by an attacker to thwart a cryptographic module's defenses. A cryptographic module is required to either include special environmental protection features designed to detect fluctuations and zeroize CSPs, or to undergo rigorous environmental failure testing to provide a reasonable assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that can compromise the security of the module.
"overclocking" machines vulnerable by Animats · 2010-03-04 08:08 · Score: 4, Informative

Machines where software can alter the CPU voltages and clock speeds for "overclocking" purposes may be especially vulnerable to this attack. "Advanced power management" may also offer an attack vector.
Also worry about Intel's Nehalem architecture, where there's a small CPU dedicated to power, clock, and thermal management. Access to that allows detailed control over power.
1. Re:"overclocking" machines vulnerable by pegr · 2010-03-04 09:11 · Score: 3, Insightful
  
  "the researchers say that by varying electric current to a secured computer"...
  Um, if they have physical access to the computer (in order to monkey with the power), why would it be considered secure?
2. Re:"overclocking" machines vulnerable by Ignorant+Aardvark · 2010-03-04 09:17 · Score: 4, Insightful
  
  Um, if they have physical access to the computer (in order to monkey with the power), why would it be considered secure?
  This vulnerability is dangerous in the case when the same key is being used in many devices. Cracking one means you've cracked them all. This is a fairly common situation in consumer devices. See the HD-DVD player keys, or the TI graphing calculator signing keys.
  
  --
  Cyde Weys Musings - Scrutinizing the inscrutable
3. Re:"overclocking" machines vulnerable by pz · 2010-03-04 09:39 · Score: 5, Informative
  
  "the researchers say that by varying electric current to a secured computer"...
  Um, if they have physical access to the computer (in order to monkey with the power), why would it be considered secure?
  The faults described by the paper are so ... what's the word ... specialized that it challenges believability. Not only does the attacker have to have physical access -- and likely pretty good physical access -- they have to know precisely when the encryption algorithms are being performed so that the faults can be induced then and only then otherwise the operation of the computer will be compromised. Furthermore, the faults must be induced at a reasonable, but not too great, rate, and at randomly varying times in the computation, so as to explore the full error space and have insight into the keys. And the computations have to be repeated MANY times over in order to extract enough information. So, not only do attackers have to know exactly, to the microsecond, when the system under attack is computing the RSA algorithm, they also have to be able to vary the voltage to the CPU. Their physical proof of concept, as much as it is described in the paper, is contrived. Their assertion that the technique does not require physical access is wholly unsupported. Color me skeptical. Anyone with this level of access is going to be able to do more than trigger faults.
  The paper asserts that the probes can be done without leaving any trace. I don't know about the authors, but the voltages on my computers are monitored by software and excursions logged so that I can know if/when there are problems. Since the RSA-breaking technique requires substantial exploration of the response to voltage tweaks, it is likely to be detected by a decent monitoring program.
  Finally, the PDF does not carry any publication information suggesting strongly that it describes work that is not peer-reviewed. It is shoddy science to bypass peer review and release to the general public.
  
  --
  
  Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
4. Re:"overclocking" machines vulnerable by Captain+Segfault · 2010-03-04 13:12 · Score: 2, Informative
  
  There is nothing, as far as we know, short of factoring a number that is a component of both the private and public keys.
  If you can factor that number you can very easily generate the private key from the public key. The point is that it's important to pick a number which is sufficiently large as to be impossible to factor with current technology.
5. Re:"overclocking" machines vulnerable by snemarch · 2010-03-05 00:41 · Score: 2, Interesting
  
  I'm guessing here, but probably elliptic curve crypto.
  
  --
  Coffee-driven development.
6. Re:"overclocking" machines vulnerable by marcansoft · 2010-03-05 01:00 · Score: 2, Interesting
  
  The PS3 attack was very obvious (i.e. the hypervisor lives in external memory, essentially unsecured), and the Cell chip is fairly well documented itself. That's breaking security by obscurity (where obscurity is the high-speed memory bus), and isn't really comparable to what this article talks about. Also, it doesn't rely on tweaking CPU voltage to produce internal errors, but rather on glitching the memory bus. This is a lot easier, and has a (small - the PS3 hack as performed by geohot is highly unpredictable) chance of working and not screwing up the rest of the system (as long as the rest of the system is essentially quiescent). Keep in mind that the PS3 attack also relies on privilege escalation; it wouldn't work at all if you couldn't already run your own code under the hypervisor. Privilege escalation is a lot easier than breaking into a system from scratch.
  All the juicy PS3 crypto stuff does live inside the CPU (in an isolated SPE), and that's nowhere near broken yet. Heck, even with full physical access, I'd be very surprised if someone were able to use this article's technique to recover console-private RSA keys from the isolated SPE, even though you can glitch the Cell's power supply :)
  Really, the RSA hack is a very interesting mathematical procedure for recovering keys from glitchy signatures, but the physical attack as presented is pretty much impossible in practical systems, at least as presented.
Could this be considered... by ravenspear · 2010-03-04 08:08 · Score: 4, Funny

...electronic torture?

We can just declare this method in violation of the computer's rights and solve the problem easily!
1. Re:Could this be considered... by Bakkster · 2010-03-04 09:02 · Score: 5, Funny
  
  ...electronic torture?
  Wattage-boarding
  
  --
  Write your representatives! Repeal the 2nd Law of Thermodynamics!
2. Re:Could this be considered... by bluesatin · 2010-03-04 09:41 · Score: 2, Funny
  
  This isn't much use for LAME as it's open source, you can just grab any information you want off SourceForge.
Changing the voltage supply req. HW access, right? by anss123 · 2010-03-04 08:09 · Score: 4, Insightful

In what kind of scenario would you have access to the PSU of the server you attacked? Private key servers should not be directly accessible after all.
xkcd already did it cheaper by snarfies · 2010-03-04 08:11 · Score: 3, Funny

Rather than apply electrical current to a key holder, wouldn't it be easier and cheaper to apply a $5 wrench?
wrong headline by Lord+Ender · 2010-03-04 08:12 · Score: 4, Informative

Researchers Find Way To Zap RSA Algorithm
No, reasearchers find side-channel attack on SPARC CPU (which requires elevated access, anyway).

--
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
1. Re:wrong headline by Andy+Dodd · 2010-03-04 08:34 · Score: 4, Informative
  
  To be more specific:
  No one attacked the algorithm itself here. They attacked one specific implementation of the RSA algorithm.
  Side channel attacks are nothing new. There are plenty of crytographic algorithms that have no known flaws which have had implementations broken via side channel attacks, due to flaws in the implementation, not the algorithm.
  
  --
  retrorocket.o not found, launch anyway?
2. Re:wrong headline by osu-neko · 2010-03-04 08:43 · Score: 4, Insightful
  
  ...due to flaws in the implementation, not the algorithm.
  The "flaw in implementation" in most cases being the relatively common "flaw" of being implemented in real-world hardware, where it has to consume power, utilize moving electrical current, obey the laws of physics, etc, rather than existing only on paper where such "flaws" can be avoided.
  
  --
  "Convictions are more dangerous enemies of truth than lies."
3. Re:wrong headline by c++0xFF · 2010-03-04 09:08 · Score: 2, Interesting
  
  "In theory there is no difference between theory and practice. But, in practice, there is."
  (p.s. Who originally said this, anyway?)
some ppl are seriously sick by Anonymous Coward · 2010-03-04 08:15 · Score: 3, Interesting

hackers these days are seriously sick, not long ago one guy dissolved chips and listened in on instructions right on die
now this, just take a look at that paper
sure the principle is simple, create condition that causes errors and incidentally more of the bits you have guessed the less errors you have etc etc etc
but seriously people who figure these things out and make them work... i question their sanity, brilliant but you have to be a mad scientist to achieve these things
1. Re:some ppl are seriously sick by Just+Some+Guy · 2010-03-04 08:21 · Score: 4, Insightful
  
  but seriously people who figure these things out and make them work... i question their sanity, brilliant but you have to be a mad scientist to achieve these things
  You're in the wrong place, and your attitude sucks. Consider yourself lucky to live in a world with people who are this driven by their curiosity.
  
  --
  Dewey, what part of this looks like authorities should be involved?
2. Re:some ppl are seriously sick by clone53421 · 2010-03-04 08:45 · Score: 4, Insightful
  
  This is moderated flamebait... I’m not sure why. I read the entire thing in a congratulatory tone.
  I guess some people think being called “sick” is an insult...
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
3. Re:some ppl are seriously sick by sapphire+wyvern · 2010-03-04 18:04 · Score: 2, Insightful
  
  What, you don't think "Look out! That reaction containment vessel is about to fail!" is a valid sentence?
  Fail is totally a verb. Adjective status in standard English is a bit more questionable, though.
Re:Changing the voltage supply req. HW access, rig by Anonymous Coward · 2010-03-04 08:15 · Score: 2, Insightful

In what kind of scenario would you have access to the PSU of the server you attacked?
E.g. Hosted data center
Re:Changing the voltage supply req. HW access, rig by fuzzyfuzzyfungus · 2010-03-04 08:16 · Score: 5, Insightful

Probably much more threatening(though, frankly, that pleases me) to DRMed embedded systems and similar gear that is supposed to be "secure" vs. its immediate environment; but is also in the hands of the public in huge quantities.

Yeah, if I can break into your datacenter and clamp some crazy widget onto the (presumably multiple) lines supplying your server's PSUs, a clever voltage attack is not the biggest of your problems.

If, on the other hand, you can guess the private crypto keys out of a DRMed PMP just by clipping a 15 dollar device from some shady mod-chip vendor to the recharging port and waiting a few days, heads will roll. There are a lot of devices these days that are designed to keep keys secret from the owners of the hardware. Particularly for common ones, voltage attack devices might well become fairly common advanced hobbyist and/or grey market items...
Re:Changing the voltage supply req. HW access, rig by daniel+de+graaf · 2010-03-04 08:16 · Score: 3, Interesting

This attack is relevant when you are trying to extract the private key of something like a TPM, in order to defeat the DRM protections it is trying to provide, or decrypt the drive whose key it is holding.
Re:Changing the voltage supply req. HW access, rig by benjamindees · 2010-03-04 08:18 · Score: 3, Insightful

DRM, smart-cards, cable/tv access boxes, media players, stolen laptops, etc
Probably not e-commerce servers exactly, but you never know depending on the physical security of your datacenter. And with DRM, of course, the purpose is to lock you out of equipment to which you have physical access.

--
"I assumed blithely that there were no elves out there in the darkness"
!news by betterunixthanunix · 2010-03-04 08:20 · Score: 4, Informative

This is just a fault injection attack. People have been doing similar things to block ciphers for years, it is not a mathematical weakness, just a side channel attack, and an active one at that. Cool that they did it against RSA, but not really headline news...

--
Palm trees and 8
Physical Access by KevMar · 2010-03-04 08:21 · Score: 5, Insightful

If someone has physical access to your machine, then you have already lost.

--
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
1. Re:Physical Access by pushing-robot · 2010-03-04 08:45 · Score: 2, Interesting
  
  If someone has physical access to your machine, then you have already lost.
  Quoted for truth.
  If someone can gain access to your datacenter power systems remotely and change output voltages, your admins are idiots and you've got more problems than just a RSA vulnerability. And if someone already has physical access to your server thats performing the encryption in the first place, is it any surprise that they can bypass said encryption?
  It's a nifty attack, but not terribly practical.
  
  --
  How can I believe you when you tell me what I don't want to hear?
2. Re:Physical Access by Eric+Smith · 2010-03-04 08:45 · Score: 3, Informative
  
  So everyone who ever uses colocation has lost?
  Yes. Are you actually surprised?
3. Re:Physical Access by OzPeter · 2010-03-04 08:50 · Score: 4, Insightful
  
  So everyone who ever uses colocation has lost?
  Given that organized crime seems to be paying off minimum wage clerks to install card skimmers in gas pumps, wouldn't it be logical that minimum wage admins at co-lo facilities would also be vulnerable to the same vector - $$$$
  
  --
  I am Slashdot. Are you Slashdot as well?
"without leaving a trace..." by starglider29a · 2010-03-04 08:24 · Score: 3, Funny

...except for the empty bags of cheese puffs, Rockstar cans, and several bottles of "lemon gatorade", no one would suspect that they had been there.
Re:Changing the voltage supply req. HW access, rig by metamatic · 2010-03-04 08:33 · Score: 3, Interesting

Sadly, most DRM-crippled hardware isn't going to have the private keys inside. For example, the PS3 and Wii will only have the public keys in the hardware so that they can check signatures on code. The private keys will be on hardware somewhere inside Sony and Nintendo, and presumably carefully guarded from unauthorized access.

--
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Re:Changing the voltage supply req. HW access, rig by sjames · 2010-03-04 08:39 · Score: 2, Insightful

When the 'server' is a chip on a smart card and the 'PSU' is your POS terminal.
Re:Changing the voltage supply req. HW access, rig by Andy+Dodd · 2010-03-04 08:39 · Score: 2, Interesting

A similar sidechannel attack might be usable to extract such information though.

--
retrorocket.o not found, launch anyway?
Re:Changing the voltage supply req. HW access, rig by daniel+de+graaf · 2010-03-04 08:43 · Score: 5, Insightful

Depends on what the DRM is trying to protect. Music players, video players for downloadable content, and basically anything where the content isn't tied to a physical object like a game disc will need a private key of some kind to encrypt the data on their volatile storage. While most of this will probably be done using symmetric encryption, you still need some way for the server that hands out the content to prove that it is a real device and not an emulated device, and that's normally done with a locally stored private key.
Implementation, not algorithm! by ronys · 2010-03-04 08:48 · Score: 3, Insightful

It's an implementation on specific hardware that was broken. Not the first time, nor the last. If the *algorithm* would have been broken, now *that* would have been news!

--
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
Re:Changing the voltage supply req. HW access, rig by interval1066 · 2010-03-04 08:58 · Score: 2, Insightful

Kinda reminds me of the TrueCrypt attack that made a splash a couple of years ago in which the attacker can compromise an encrypted partition by obtaining possession of the host hardware right after a power-down, getting inside the chassis and spraying down the RAM DIMMS with an inverted can of air so as to cool them down to slow the entropy of the down-powered chips; the attacker then has to create and analyze the leftover ram images with his own hardware and pull the encryption key out of that mess. As the Mythbusters would say: plausible? Yes. Practical? not really. I guess if you think you're in possession of some pretty valuable data you'll go to lengths.

--
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Re:Changing the voltage supply req. HW access, rig by pclminion · 2010-03-04 09:04 · Score: 2, Informative

In what kind of scenario would you have access to the PSU of the server you attacked?
I don't know, how about a world where you've arrested a political dissident and you want to obtain his/her private key, and he/she refuses to hand it over?
Re:Faster, Better, Cheaper way by OzPeter · 2010-03-04 09:04 · Score: 2, Insightful

Rubber hose.
To the back of the thigh.
10 seconds.
100 pesos.
Since when did slashvertisments start to include BDSM offers?

--
I am Slashdot. Are you Slashdot as well?
Damnit, I was hoping for something useful ... by BitZtream · 2010-03-04 09:09 · Score: 2, Informative

Great, another 'if you have physical access to the key, you can get the key' methods.
Look, 'stressing' the computer for a hundred hours while screwing with the voltage is going to get you noticed if its a key important enough for to use this method to do it. I can go to your PC and steal the contents of the entire drive without leaving a trace, but you're probably going to notice when I move you out of my way so I can put in a boot cd and external drive to copy the data to.
Practical value: 0
Research value: 1
Geek Cred: 11
Priceless, or rather, worthless.

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Obligitory XKCD. by toastar · 2010-03-04 09:44 · Score: 2, Funny

Just use Social Engineering
Re:Changing the voltage supply req. HW access, rig by owlstead · 2010-03-04 10:52 · Score: 2, Interesting

TPM chips and certainly high end smart card chips are protected against this kind of attacks using the power source. You certainly cannot get a Common Criteria certification if you don't protect against these kind of side channel attacks. Of course, for consumer CPU's there' no CC certification or protection measures like these.