Chip Malfunctions Reveal Private Keys

June 24, 2014

Key leakage via side channel attacks, were the attacker "listens" to fluctuations in voltage as the encryption takes place, is well known. Recently, German researchers found that a faulty processor might also leak secrets during encryption. Known as transient faults, these were considered hard to produce … until now.

At last week's Black Hat Briefing in Las Vegas, Valeria Bertacco, associate professor of electrical engineering and computer science at University of Michigan and her team, found a way to produce transient faults on Linux servers they built running an Open SSL library and RSA encryption. The team found several ways for the server to fail: by altering the voltage; by changing the temperature of the chips; by over-clocking (it shortens the time to traverse the logic cloud); and natural particles that change internal signals. She demonstrated these adverse conditions on a Leon3 SPARC system using OpenSSL 0.9.8i ’s fixed Window Exponentiation algorithm.

Read More

Bit9: FIPS Compliance May Weaken OpenSSL

June 24, 2014

A security researcher has poked holes in an upcoming release of a FIPS-based OpenSSL version by arguing that it is insecure before it is even available.

Read More

OpenSSL Vulnerability Patched

June 24, 2014

Last week the OpenSSL team released a fix for a recently discovered vulnerability.

Read More

Timing Attack Jeopardizes OpenSSL

June 24, 2014

Two researchers have developed a timing attack that steals the private key from an OpenSSL server.

Read More

Serious Flaw Found in OpenSSL

June 24, 2014

Computer scientists at the University of Michigan have found a way to uncover the secret cryptographic keys of devices secured with the OpenSSL crypto library. By modifying the current running through a device's power supply as it processed encrypted data, researchers were able to extrapolate small bits of the device's private crypto key. After repeated interventions, they were successful in assembling the entire 1024-bit key.

Read More
COMMENTS