(adsbygoogle = window.adsbygoogle || []).push({}); FaultBased
Attack of RSA Authentication
Andrea Pellegrini, Valeria Bertacco and Todd Austin
University of Michigan
{apellegrini, valeria, austin}@umich.edu
sources with pics You must login or register to view this content.

ABSTRACT
For any computing system to be secure, both hardware and software
have to be trusted. If the hardware layer in a secure system
is compromised, not only it would be possible to extract secret information
about the software, but it would also be extremely hard
for the software to detect that an attack is underway. In this work
we detail a complete end-to-end fault-attack on a microprocessor
system and practically demonstrate how hardware vulnerabilities
can be exploited to target secure systems. We developed a theoretical
attack to the RSA signature algorithm, and we realized it
in practice against an FPGA implementation of the system under
attack. To perpetrate the attack, we inject transient faults in the target
machine by regulating the voltage supply of the system. Thus,
our attack does not require access to the victim system’s internal
components, but simply proximity to it.
The paper makes three important contributions: first, we develop
a systematic fault-based attack on the modular exponentiation algorithm
for RSA. Second, we expose and exploit a severe flaw on
the implementation of the RSA signature algorithm on OpenSSL, a
widely used package for SSL encryption and authentication. Third,
we report on the first physical demonstration of a fault-based security
attack of a complete microprocessor system running unmodified
production software: we attack the original OpenSSL authentication
library running on a SPARC Linux system implemented
on FPGA, and extract the system’s 1024-bit RSA private key in
approximately 100 hours.
1. INTRODUCTION
Public-key cryptography schemes (Figure 1.a) are widely adopted
wherever there is a need to secure or authenticate confidential data
on a public communication network. When deployed with sufficiently
long keys, these algorithms are believed to be unbreakable.
Strong cryptographic algorithms were first introduced to secure
communications among high performance computers that required
elevated confidentiality guarantees. Today, advances in semiconductor
technology and hardware design have made it possible to
execute these algorithms in reasonable time even on consumer systems,
thus enabling the mass-market use of strong encryption to
ensure privacy and authenticity of individuals’ personal communications.
Consequently, this transition has enabled the proliferation
of a variety of secure services, such as online banking and shopping.
Examples of consumer electronics devices that routinely rely
on high-performance public key cryptography are Blu-ray players,
smart phones, and ultra-portable devices. In addition, lowcost
cryptographic engines are mainstream components in laptops,
servers and personal computers. A key requirement for all these
hardware devices is that they must be affordable. As a result, they
commonly implement a straightforward design architecture that entails
a small silicon footprint and low-power profile.
Our research focuses on developing an effective attack on massmarket
crypto-chips. Specifically, we demonstrate an effective way
to perpetrate fault-based attacks on a microprocessor system in order
to extract the private key from the cryptographic routines that
it executes





Any one with a good linux system up for the challenge this does work we had to perform this attack to prove a theory of a class mates should still work with the way gay arc implemented there rsa poor college student also so the only time i have processing power like that is at school if someones is willing to try i will help and do most of the research with them i also have a theory on a man in the middle attack given us the authentication keys im attempting now will post result later

50%of ngu hackers work = mw2 1.12 patches WOW my 1337 ness

---------- Post added at 04:21 PM ---------- Previous post was at 04:10 PM ----------



So now your in my shoes i never said this was my work either and i guess you had to admit you don't know what your talking about thx and i guess i am the tool unlike most of this community im willing to work with others

You must login or register to view this content.

This is for you buddy

im still oblivious as to what this thread is about.

Very true. Oh and do you even realize the back-lash and lawsuit that will arise to who ever decides to release first. For one that certainly would not be me.. I mean geohot got his ass burned for it last time... So things are not impossible and there is some truth to the "rumors" .

by sending volts to the cpu you can cause signals to bounce back with a few mathematical equations you can generate private key in short

---------- Post added at 05:16 PM ---------- Previous post was at 05:04 PM ----------

Do people not realize if we optimize this exploit its the end of the ps3 ff auth key any firmware cfw the possibility are endless sony screwed them self's with the implementation of the rsa and the way they reacted to the whole cfw thing hacking is a part of society as long as man makes it man will find a way to alter and optimize what ever happened to releasing anonymously i know i will

hypothetically speaking if u found the keys would you release them to the masses and risk all the shit Sony will send your way.. Im guessing not lol

no but like i said before once i get the processing power i will release somethen anonymously instead of hoggin so what if the ps3 dies there already developing the ps4 if someone reverses my cfw and get the keys thats up to them creating cfw is easy the hard part dumping keys once thats done ill release cfw and the rest is history

i aint even read this, but why is every1 moaning about the source for???

This could lead to great things, They cant touch hardware And Little Kiddies wont ether in fear of bricking.

I say We need a second NAND;;;;

---------- Post added at 08:34 PM ---------- Previous post was at 08:33 PM ----------



Lol did he really kick out that door ? Obama?