Key leakage via side channel attacks, were the attacker "listens" to fluctuations in voltage as the encryption takes place, is well known. Recently, German researchers found that a faulty processor might also leak secrets during encryption. Known as transient faults, these were considered hard to produce … until now.
At last week's Black Hat Briefing in Las Vegas, Valeria Bertacco, associate professor of electrical engineering and computer science at University of Michigan and her team, found a way to produce transient faults on Linux servers they built running an Open SSL library and RSA encryption. The team found several ways for the server to fail: by altering the voltage; by changing the temperature of the chips; by over-clocking (it shortens the time to traverse the logic cloud); and natural particles that change internal signals. She demonstrated these adverse conditions on a Leon3 SPARC system using OpenSSL 0.9.8i ’s fixed Window Exponentiation algorithm.Read More
Researchers at the 7th Workshop on RFID Security and Privacy 2011 (RFIDsec11) in Amherst, Massachusetts, will demonstrate this weekend a way of observing (and therefore decoding) the encrypted RFID signals from common contactless smartcards. While side channel attacks (SAS) are not new, the method they propose to observe the electronic leakage of data is considerably less expensive than previous methods and thus provides a real world threat as RFID comes into the mainstream.Read More