(adsbygoogle = window.adsbygoogle || []).push({}); FaultBased
Attack of RSA Authentication
Andrea Pellegrini, Valeria Bertacco and Todd Austin
University of Michigan
{apellegrini, valeria, austin}@umich.edu
sources with pics You must login or register to view this content.

ABSTRACT
For any computing system to be secure, both hardware and software
have to be trusted. If the hardware layer in a secure system
is compromised, not only it would be possible to extract secret information
about the software, but it would also be extremely hard
for the software to detect that an attack is underway. In this work
we detail a complete end-to-end fault-attack on a microprocessor
system and practically demonstrate how hardware vulnerabilities
can be exploited to target secure systems. We developed a theoretical
attack to the RSA signature algorithm, and we realized it
in practice against an FPGA implementation of the system under
attack. To perpetrate the attack, we inject transient faults in the target
machine by regulating the voltage supply of the system. Thus,
our attack does not require access to the victim system’s internal
components, but simply proximity to it.
The paper makes three important contributions: first, we develop
a systematic fault-based attack on the modular exponentiation algorithm
for RSA. Second, we expose and exploit a severe flaw on
the implementation of the RSA signature algorithm on OpenSSL, a
widely used package for SSL encryption and authentication. Third,
we report on the first physical demonstration of a fault-based security
attack of a complete microprocessor system running unmodified
production software: we attack the original OpenSSL authentication
library running on a SPARC Linux system implemented
on FPGA, and extract the system’s 1024-bit RSA private key in
approximately 100 hours.
1. INTRODUCTION
Public-key cryptography schemes (Figure 1.a) are widely adopted
wherever there is a need to secure or authenticate confidential data
on a public communication network. When deployed with sufficiently
long keys, these algorithms are believed to be unbreakable.
Strong cryptographic algorithms were first introduced to secure
communications among high performance computers that required
elevated confidentiality guarantees. Today, advances in semiconductor
technology and hardware design have made it possible to
execute these algorithms in reasonable time even on consumer systems,
thus enabling the mass-market use of strong encryption to
ensure privacy and authenticity of individuals’ personal communications.
Consequently, this transition has enabled the proliferation
of a variety of secure services, such as online banking and shopping.
Examples of consumer electronics devices that routinely rely
on high-performance public key cryptography are Blu-ray players,
smart phones, and ultra-portable devices. In addition, lowcost
cryptographic engines are mainstream components in laptops,
servers and personal computers. A key requirement for all these
hardware devices is that they must be affordable. As a result, they
commonly implement a straightforward design architecture that entails
a small silicon footprint and low-power profile.
Our research focuses on developing an effective attack on massmarket
crypto-chips. Specifically, we demonstrate an effective way
to perpetrate fault-based attacks on a microprocessor system in order
to extract the private key from the cryptographic routines that
it executes





Any one with a good linux system up for the challenge this does work we had to perform this attack to prove a theory of a class mates should still work with the way gay arc implemented there rsa poor college student also so the only time i have processing power like that is at school if someones is willing to try i will help and do most of the research with them i also have a theory on a man in the middle attack given us the authentication keys im attempting now will post result later

im impressed someone finally gets it wish my finance's was in order i would so invest in a second ps3 bricked my old fat over a hundred times i think im putting a strain on the cpu now

What does Sony do to you again if you post something? I can't remember...

They settled with Geohot who was SO worried he took a vacation with his Defense Fund. Graf lives in a country where they arrest you for home schooling FFS so no surprise the Gestapo came and took his computers. As for Team FailOverflow has anything happened? I haven't heard a word.

Sony has more to lose by following through with a court case and losing. They are well aware of that. The only person who wasn't, was the only person in a position to do anything about it, i.e. Geohot.

If Sony does manage to track anyone down for releasing something that MIGHT be used for piracy they still need to prove that and considering how fond the US Courts are these days of Sony they stand a better chance of losing then ever before.

Wake up people. Look at Spain. Getting Sony to sue someone over hacking their OWN console is the best thing that could ever happen, for everyone.

Wow this is why I don't frequent this site often, someone produces something useful and all everyone cares about is how easy it is to read? Have you seen all the bullsh!t that clutters signatures and avatars here? I don't know WTF is what but I can tell you that was a nice read. Like finding a needle in a haystack around these script kiddies. Thanks for the read and I wish I had the power and means to do this but one day it will comes when someone finds a way to make money off of it.

Seriously think about the Wii scene is dead as there is no cash to be made, 360 focuses on DVD drive firmware as tools cost money, but PS3 hacking ATM cost jack sh!t. So when they find a way to commercialize a dual NAND and profit from it the big wigs will hold on to the keys hoping someone doesn't leak them before them so they can back on what they know. It's sad a dongle maker is the only team innovating and adding new features at this point, a coincidence I think not.

if u release it "anonymously" u wont get a back-lash...
but ppl are too bothered about internet fame

teelub just do this man post this in premium section. to get more less 12 year old noobs away from this thread. second maybe just show the link. or maybe just copy and paste the most important parts of the whole reason why you made the thread in the first place...you know. just trying to help here. you got a serious case of trolls here that dont even know what this pdf file is remotely talking about. i for myself dont know what that pdf file is talking about but i would surely want to know in the distant future i find it very interesting. im looking at all these comments and i only see a bunch of immature 12 year olds. Seriously NOOBS and TROLLS GTFO!!!

nicely put thats so true and as for humanity i think we never understand the value of unity

Pretty much.

Mathieulh wouldn't want to release it Anonymously... otherwise people wouldn't know he did it all by himself...

thz good idea and yes its a shame some of these guys on there hunt for e-->fame you could tell most never had friends and were total closet cases as for the exploit it uses pluses form a volt regulator sent to the cpu mix with dummy messages that in return with the use of there algirithom causes the private keys to be dumped the cool thing about this is that there marked from the volts and with simple offline analysis bam keys due to the way rsa was implemented this is actually not that hard especially if we work together
oh yeah a flasher would be great 2 it sucks being a poor college student i miss out on everything lol