Key leakage via side channel attacks, were the attacker "listens" to fluctuations in voltage as the encryption takes place, is well known. Recently, German researchers found that a faulty processor might also leak secrets during encryption. Known as transient faults, these were considered hard to produce … until now.
At last week's Black Hat Briefing in Las Vegas, Valeria Bertacco, associate professor of electrical engineering and computer science at University of Michigan and her team, found a way to produce transient faults on Linux servers they built running an Open SSL library and RSA encryption. The team found several ways for the server to fail: by altering the voltage; by changing the temperature of the chips; by over-clocking (it shortens the time to traverse the logic cloud); and natural particles that change internal signals. She demonstrated these adverse conditions on a Leon3 SPARC system using OpenSSL 0.9.8i ’s fixed Window Exponentiation algorithm.Read More
Computer scientists at the University of Michigan have found a way to uncover the secret cryptographic keys of devices secured with the OpenSSL crypto library. By modifying the current running through a device's power supply as it processed encrypted data, researchers were able to extrapolate small bits of the device's private crypto key. After repeated interventions, they were successful in assembling the entire 1024-bit key.Read More