What if a server was overheating, which has the same effect as running with too low a voltage (i.e., circuit delay is proportional to temperature)...
If an overheated server responded to an authentication and had a computation error in the generation of the crypto-signature, that would, according to the article, reveal a random 4-bit portion of the private key. Simply record these errors overtime and the associated key bits to a central repository, and soon some overheated data center will be compromised (since private keys rarely change).
Given the likelihood of overheating in data centers, this seems like a non-trivial risk for a poorly cooled center.
Actually, the approach in the paper is quite different that Differential Power Analysis (DPA) .
DPA, as the "A" implies, analyzes the power drawn by a cryptographic algorithm, since each operation a CPU performs takes small differences in the amount of power, the resulting aggregate power draw from the CPU draws a picture about what the algorithm is doing. Using DPA analysis, it then becomes possible to infer information about the key, IF changes in the key bits cause changes in operations, and thus power demands. The primary means to protect again DPA is to make the power draw of a crypto core INDEPENDENT of the key bits, which is very challenging.
These blokes have done something quite different... By starving the CPU for energy (by dropping the voltage) they cause occasional operations in the crypto algorithm to fail, and a single bit failure in a multiply, according to the paper, reveals 4 bits in the private key. They use a kind of "what if" computation to reveal the 4 missing bits. It's a cool idea.
As for applicability, I'm a circuit geek, and there three easy ways to get a circuit to fail:
1) run will too little voltage (what the paper does)
2) overclock the system (mentioned in earlier comments)
3) overheat the system (since circuit delay rises with temperature)
Here would be in interesting study: I wonder if overheated servers sometimes cause failures in RSA authentication that inadvertently leaks 4-bits of the private key to the outside world. Normal SSL libraries would simply retry the authentication if they got a bogus reply, but a clever SSL library could do the "what if" computation and donate the 4-bit result to a central repository, logged under the epicly-failing website address.
Slashdot Mirror
What if a server was overheating, which has the same effect as running with too low a voltage (i.e., circuit delay is proportional to temperature)...
If an overheated server responded to an authentication and had a computation error in the generation of the crypto-signature, that would, according to the article, reveal a random 4-bit portion of the private key. Simply record these errors overtime and the associated key bits to a central repository, and soon some overheated data center will be compromised (since private keys rarely change).
Given the likelihood of overheating in data centers, this seems like a non-trivial risk for a poorly cooled center.
Actually, the approach in the paper is quite different that Differential Power Analysis (DPA) .
DPA, as the "A" implies, analyzes the power drawn by a cryptographic algorithm, since each operation a CPU performs takes small differences in the amount of power, the resulting aggregate power draw from the CPU draws a picture about what the algorithm is doing. Using DPA analysis, it then becomes possible to infer information about the key, IF changes in the key bits cause changes in operations, and thus power demands. The primary means to protect again DPA is to make the power draw of a crypto core INDEPENDENT of the key bits, which is very challenging.
These blokes have done something quite different... By starving the CPU for energy (by dropping the voltage) they cause occasional operations in the crypto algorithm to fail, and a single bit failure in a multiply, according to the paper, reveals 4 bits in the private key. They use a kind of "what if" computation to reveal the 4 missing bits. It's a cool idea.
As for applicability, I'm a circuit geek, and there three easy ways to get a circuit to fail:
1) run will too little voltage (what the paper does)
2) overclock the system (mentioned in earlier comments)
3) overheat the system (since circuit delay rises with temperature)
Here would be in interesting study: I wonder if overheated servers sometimes cause failures in RSA authentication that inadvertently leaks 4-bits of the private key to the outside world. Normal SSL libraries would simply retry the authentication if they got a bogus reply, but a clever SSL library could do the "what if" computation and donate the 4-bit result to a central repository, logged under the epicly-failing website address.