[Infowarrior] - Researchers find way to zap RSA security scheme

Richard Forno rforno at infowarrior.org
Fri Mar 5 18:44:33 UTC 2010 

(c/o AJR)

This story appeared on Network World at

http://www.networkworld.com/news/2010/030410-rsa-security-attack.html


Researchers find way to zap RSA security scheme
University of Michigan security researchers outline voltage-based  
attack on the RSA authentication scheme
By Network World Staff, Network World
March 04, 2010 09:46 AM ET

Three University of Michigan computer scientists say they have found a  
way to exploit a weakness in RSA security technology used to protect  
everything from media players to smartphones and e-commerce servers.

RSA authentication is susceptible, they say, to changes in the voltage  
supplied to a private key holder. The researchers – Andrea Pellegrini,  
Valeria Bertacco and Todd Austin -- outline their findings in a paper  
titled “Fault-based attack of RSA authentication”  to be presented  
March 10 at the Design, Automation and Test in Europe conference.

"The RSA algorithm gives security under the assumption that as long as  
the private key is private, you can't break in unless you guess it.  
We've shown that that's not true," said Valeria Bertacco, an associate  
professor in the Department of Electrical Engineering and Computer  
Science, in a statement.

The RSA algorithm was introduced in a 1978 paper outlining the public- 
key cryptosystem.  The annual RSA security conference is being held  
this week in San Francisco.

While guessing the 1,000-plus digits of binary code in a private key  
would take unfathomable hours, the researchers say that by varying  
electric current to a secured computer using an inexpensive purpose- 
built device they were able to stress out the computer and figure out  
the 1,024-bit private key in about 100 hours – all without leaving a  
trace.

The researchers in their paper outline how they made the attack on a  
SPARC system running Linux. They also say they have come    up with a  
solution, which involves a cryptographic technique called salting that  
involves randomly juggling a private key's digits.

The research is funded by the National Science Foundation and the  
Gigascale Systems Research Center.

More information about the Infowarrior mailing list