Researchers Find Way To Zap RSA Algorithm 173
alphadogg writes "Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and e-commerce servers. RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace. The researchers in their paper outline how they made the attack (PDF) on a SPARC system running Linux."
some ppl are seriously sick (Score:3, Interesting)
hackers these days are seriously sick, not long ago one guy dissolved chips and listened in on instructions right on die
now this, just take a look at that paper
sure the principle is simple, create condition that causes errors and incidentally more of the bits you have guessed the less errors you have etc etc etc
but seriously people who figure these things out and make them work... i question their sanity, brilliant but you have to be a mad scientist to achieve these things
Re:Changing the voltage supply req. HW access, rig (Score:3, Interesting)
This attack is relevant when you are trying to extract the private key of something like a TPM, in order to defeat the DRM protections it is trying to provide, or decrypt the drive whose key it is holding.
Re:Changing the voltage supply req. HW access, rig (Score:4, Interesting)
Sadly, most DRM-crippled hardware isn't going to have the private keys inside. For example, the PS3 and Wii will only have the public keys in the hardware so that they can check signatures on code. The private keys will be on hardware somewhere inside Sony and Nintendo, and presumably carefully guarded from unauthorized access.
Re:Changing the voltage supply req. HW access, rig (Score:3, Interesting)
A similar sidechannel attack might be usable to extract such information though.
Re:Physical Access (Score:2, Interesting)
If someone has physical access to your machine, then you have already lost.
So everyone who ever uses colocation has lost?
Re:Physical Access (Score:3, Interesting)
If someone has physical access to your machine, then you have already lost.
Quoted for truth.
If someone can gain access to your datacenter power systems remotely and change output voltages, your admins are idiots and you've got more problems than just a RSA vulnerability. And if someone already has physical access to your server thats performing the encryption in the first place, is it any surprise that they can bypass said encryption?
It's a nifty attack, but not terribly practical.
Re:wrong headline (Score:2, Interesting)
"In theory there is no difference between theory and practice. But, in practice, there is."
(p.s. Who originally said this, anyway?)
Re:Changing the voltage supply req. HW access, rig (Score:3, Interesting)
TPM chips and certainly high end smart card chips are protected against this kind of attacks using the power source. You certainly cannot get a Common Criteria certification if you don't protect against these kind of side channel attacks. Of course, for consumer CPU's there' no CC certification or protection measures like these.
Re:"overclocking" machines vulnerable (Score:2, Interesting)
Re:"overclocking" machines vulnerable (Score:3, Interesting)
The PS3 attack was very obvious (i.e. the hypervisor lives in external memory, essentially unsecured), and the Cell chip is fairly well documented itself. That's breaking security by obscurity (where obscurity is the high-speed memory bus), and isn't really comparable to what this article talks about. Also, it doesn't rely on tweaking CPU voltage to produce internal errors, but rather on glitching the memory bus. This is a lot easier, and has a (small - the PS3 hack as performed by geohot is highly unpredictable) chance of working and not screwing up the rest of the system (as long as the rest of the system is essentially quiescent). Keep in mind that the PS3 attack also relies on privilege escalation; it wouldn't work at all if you couldn't already run your own code under the hypervisor. Privilege escalation is a lot easier than breaking into a system from scratch.
All the juicy PS3 crypto stuff does live inside the CPU (in an isolated SPE), and that's nowhere near broken yet. Heck, even with full physical access, I'd be very surprised if someone were able to use this article's technique to recover console-private RSA keys from the isolated SPE, even though you can glitch the Cell's power supply :)
Really, the RSA hack is a very interesting mathematical procedure for recovering keys from glitchy signatures, but the physical attack as presented is pretty much impossible in practical systems, at least as presented.