Chip Malfunctions Reveal Private Keys

By Robert Vamosi | 7/30/12 5:27 AM

Key leakage via side channel attacks, were the attacker "listens" to fluctuations in voltage as the encryption takes place, is well known. Recently, German researchers found that a faulty processor might also leak secrets during encryption. Known as transient faults, these were considered hard to produce … until now.

At last week's Black Hat Briefing in Las Vegas, Valeria Bertacco, associate professor of electrical engineering and computer science at University of Michigan and her team, found a way to produce transient faults on Linux servers they built running an Open SSL library and RSA encryption. The team found several ways for the server to fail: by altering the voltage; by changing the temperature of the chips; by over-clocking (it shortens the time to traverse the logic cloud); and natural particles that change internal signals. She demonstrated these adverse conditions on a Leon3 SPARC system using OpenSSL 0.9.8i ’s fixed Window Exponentiation algorithm.

Read More >

Bit9: FIPS Compliance May Weaken OpenSSL

By Robert Vamosi | 4/24/12 6:30 AM

A security researcher has poked holes in an upcoming release of a FIPS-based OpenSSL version by arguing that it is insecure before it is even available.

Read More >

OpenSSL Vulnerability Patched

By Robert Vamosi | 4/23/12 4:04 AM

Last week the OpenSSL team released a fix for a recently discovered vulnerability.

Read More >

Timing Attack Jeopardizes OpenSSL

By Robert Vamosi | 5/25/11 6:31 AM

Two researchers have developed a timing attack that steals the private key from an OpenSSL server.

Read More >

Serious Flaw Found in OpenSSL

By JDavis | 3/8/10 11:48 AM

Computer scientists at the University of Michigan have found a way to uncover the secret cryptographic keys of devices secured with the OpenSSL crypto library. By modifying the current running through a device's power supply as it processed encrypted data, researchers were able to extrapolate small bits of the device's private crypto key. After repeated interventions, they were successful in assembling the entire 1024-bit key.

Read More >

Hints from Mocana Engineering

By JDavis | 11/7/08 1:31 PM

Can I use OpenSSL certificate and keys with NanoSSL?

Read More >