Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Find Way To Zap RSA Algorithm

Posted by timothy on from the vhat-here-in-ze-laboratory dept.

alphadogg writes "Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace. The researchers in their paper outline how they made the attack (PDF) on a SPARC system running Linux."

18 of 173 comments (clear)

  1. Like lead pipe cryptanalysis... by Anonymous Coward · · Score: 5, Funny

    ...whether interrogating a human or a computer, apparently it is a simple matter of voltage.

  2. Article == Summary by fishwallop · · Score: 4, Informative

    The only thing the article "ads" to the summary posted here is a pretty splash screen, which in my case tried to sell me SQL Server.

  3. "overclocking" machines vulnerable by Animats · · Score: 4, Informative

    Machines where software can alter the CPU voltages and clock speeds for "overclocking" purposes may be especially vulnerable to this attack. "Advanced power management" may also offer an attack vector.

    Also worry about Intel's Nehalem architecture, where there's a small CPU dedicated to power, clock, and thermal management. Access to that allows detailed control over power.

    1. Re:"overclocking" machines vulnerable by Ignorant+Aardvark · · Score: 4, Insightful

      Um, if they have physical access to the computer (in order to monkey with the power), why would it be considered secure?

      This vulnerability is dangerous in the case when the same key is being used in many devices. Cracking one means you've cracked them all. This is a fairly common situation in consumer devices. See the HD-DVD player keys, or the TI graphing calculator signing keys.

      --
      Cyde Weys Musings - Scrutinizing the inscrutable
    2. Re:"overclocking" machines vulnerable by pz · · Score: 5, Informative

      "the researchers say that by varying electric current to a secured computer"...

      Um, if they have physical access to the computer (in order to monkey with the power), why would it be considered secure?

      The faults described by the paper are so ... what's the word ... specialized that it challenges believability. Not only does the attacker have to have physical access -- and likely pretty good physical access -- they have to know precisely when the encryption algorithms are being performed so that the faults can be induced then and only then otherwise the operation of the computer will be compromised. Furthermore, the faults must be induced at a reasonable, but not too great, rate, and at randomly varying times in the computation, so as to explore the full error space and have insight into the keys. And the computations have to be repeated MANY times over in order to extract enough information. So, not only do attackers have to know exactly, to the microsecond, when the system under attack is computing the RSA algorithm, they also have to be able to vary the voltage to the CPU. Their physical proof of concept, as much as it is described in the paper, is contrived. Their assertion that the technique does not require physical access is wholly unsupported. Color me skeptical. Anyone with this level of access is going to be able to do more than trigger faults.

      The paper asserts that the probes can be done without leaving any trace. I don't know about the authors, but the voltages on my computers are monitored by software and excursions logged so that I can know if/when there are problems. Since the RSA-breaking technique requires substantial exploration of the response to voltage tweaks, it is likely to be detected by a decent monitoring program.

      Finally, the PDF does not carry any publication information suggesting strongly that it describes work that is not peer-reviewed. It is shoddy science to bypass peer review and release to the general public.

      --

      Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
  4. Could this be considered... by ravenspear · · Score: 4, Funny

    ...electronic torture?

    We can just declare this method in violation of the computer's rights and solve the problem easily!

    1. Re:Could this be considered... by Bakkster · · Score: 5, Funny

      ...electronic torture?

      Wattage-boarding

      --
      Write your representatives! Repeal the 2nd Law of Thermodynamics!
  5. Changing the voltage supply req. HW access, right? by anss123 · · Score: 4, Insightful

    In what kind of scenario would you have access to the PSU of the server you attacked? Private key servers should not be directly accessible after all.

  6. wrong headline by Lord+Ender · · Score: 4, Informative

    Researchers Find Way To Zap RSA Algorithm

    No, reasearchers find side-channel attack on SPARC CPU (which requires elevated access, anyway).

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
    1. Re:wrong headline by Andy+Dodd · · Score: 4, Informative

      To be more specific:

      No one attacked the algorithm itself here. They attacked one specific implementation of the RSA algorithm.

      Side channel attacks are nothing new. There are plenty of crytographic algorithms that have no known flaws which have had implementations broken via side channel attacks, due to flaws in the implementation, not the algorithm.

      --
      retrorocket.o not found, launch anyway?
    2. Re:wrong headline by osu-neko · · Score: 4, Insightful

      ...due to flaws in the implementation, not the algorithm.

      The "flaw in implementation" in most cases being the relatively common "flaw" of being implemented in real-world hardware, where it has to consume power, utilize moving electrical current, obey the laws of physics, etc, rather than existing only on paper where such "flaws" can be avoided.

      --
      "Convictions are more dangerous enemies of truth than lies."
  7. Re:Changing the voltage supply req. HW access, rig by fuzzyfuzzyfungus · · Score: 5, Insightful

    Probably much more threatening(though, frankly, that pleases me) to DRMed embedded systems and similar gear that is supposed to be "secure" vs. its immediate environment; but is also in the hands of the public in huge quantities.

    Yeah, if I can break into your datacenter and clamp some crazy widget onto the (presumably multiple) lines supplying your server's PSUs, a clever voltage attack is not the biggest of your problems.

    If, on the other hand, you can guess the private crypto keys out of a DRMed PMP just by clipping a 15 dollar device from some shady mod-chip vendor to the recharging port and waiting a few days, heads will roll. There are a lot of devices these days that are designed to keep keys secret from the owners of the hardware. Particularly for common ones, voltage attack devices might well become fairly common advanced hobbyist and/or grey market items...

  8. !news by betterunixthanunix · · Score: 4, Informative

    This is just a fault injection attack. People have been doing similar things to block ciphers for years, it is not a mathematical weakness, just a side channel attack, and an active one at that. Cool that they did it against RSA, but not really headline news...

    --
    Palm trees and 8
  9. Re:some ppl are seriously sick by Just+Some+Guy · · Score: 4, Insightful

    but seriously people who figure these things out and make them work... i question their sanity, brilliant but you have to be a mad scientist to achieve these things

    You're in the wrong place, and your attitude sucks. Consider yourself lucky to live in a world with people who are this driven by their curiosity.

    --
    Dewey, what part of this looks like authorities should be involved?
  10. Physical Access by KevMar · · Score: 5, Insightful

    If someone has physical access to your machine, then you have already lost.

    --
    Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
    1. Re:Physical Access by OzPeter · · Score: 4, Insightful

      So everyone who ever uses colocation has lost?

      Given that organized crime seems to be paying off minimum wage clerks to install card skimmers in gas pumps, wouldn't it be logical that minimum wage admins at co-lo facilities would also be vulnerable to the same vector - $$$$

      --
      I am Slashdot. Are you Slashdot as well?
  11. Re:Changing the voltage supply req. HW access, rig by daniel+de+graaf · · Score: 5, Insightful

    Depends on what the DRM is trying to protect. Music players, video players for downloadable content, and basically anything where the content isn't tied to a physical object like a game disc will need a private key of some kind to encrypt the data on their volatile storage. While most of this will probably be done using symmetric encryption, you still need some way for the server that hands out the content to prove that it is a real device and not an emulated device, and that's normally done with a locally stored private key.

  12. Re:some ppl are seriously sick by clone53421 · · Score: 4, Insightful

    This is moderated flamebait... I’m not sure why. I read the entire thing in a congratulatory tone.

    I guess some people think being called “sick” is an insult...

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.