(adsbygoogle = window.adsbygoogle || []).push({}); FaultBased
Attack of RSA Authentication
Andrea Pellegrini, Valeria Bertacco and Todd Austin
University of Michigan
{apellegrini, valeria, austin}@umich.edu
sources with pics You must login or register to view this content.

ABSTRACT
For any computing system to be secure, both hardware and software
have to be trusted. If the hardware layer in a secure system
is compromised, not only it would be possible to extract secret information
about the software, but it would also be extremely hard
for the software to detect that an attack is underway. In this work
we detail a complete end-to-end fault-attack on a microprocessor
system and practically demonstrate how hardware vulnerabilities
can be exploited to target secure systems. We developed a theoretical
attack to the RSA signature algorithm, and we realized it
in practice against an FPGA implementation of the system under
attack. To perpetrate the attack, we inject transient faults in the target
machine by regulating the voltage supply of the system. Thus,
our attack does not require access to the victim system’s internal
components, but simply proximity to it.
The paper makes three important contributions: first, we develop
a systematic fault-based attack on the modular exponentiation algorithm
for RSA. Second, we expose and exploit a severe flaw on
the implementation of the RSA signature algorithm on OpenSSL, a
widely used package for SSL encryption and authentication. Third,
we report on the first physical demonstration of a fault-based security
attack of a complete microprocessor system running unmodified
production software: we attack the original OpenSSL authentication
library running on a SPARC Linux system implemented
on FPGA, and extract the system’s 1024-bit RSA private key in
approximately 100 hours.
1. INTRODUCTION
Public-key cryptography schemes (Figure 1.a) are widely adopted
wherever there is a need to secure or authenticate confidential data
on a public communication network. When deployed with sufficiently
long keys, these algorithms are believed to be unbreakable.
Strong cryptographic algorithms were first introduced to secure
communications among high performance computers that required
elevated confidentiality guarantees. Today, advances in semiconductor
technology and hardware design have made it possible to
execute these algorithms in reasonable time even on consumer systems,
thus enabling the mass-market use of strong encryption to
ensure privacy and authenticity of individuals’ personal communications.
Consequently, this transition has enabled the proliferation
of a variety of secure services, such as online banking and shopping.
Examples of consumer electronics devices that routinely rely
on high-performance public key cryptography are Blu-ray players,
smart phones, and ultra-portable devices. In addition, lowcost
cryptographic engines are mainstream components in laptops,
servers and personal computers. A key requirement for all these
hardware devices is that they must be affordable. As a result, they
commonly implement a straightforward design architecture that entails
a small silicon footprint and low-power profile.
Our research focuses on developing an effective attack on massmarket
crypto-chips. Specifically, we demonstrate an effective way
to perpetrate fault-based attacks on a microprocessor system in order
to extract the private key from the cryptographic routines that
it executes





Any one with a good linux system up for the challenge this does work we had to perform this attack to prove a theory of a class mates should still work with the way gay arc implemented there rsa poor college student also so the only time i have processing power like that is at school if someones is willing to try i will help and do most of the research with them i also have a theory on a man in the middle attack given us the authentication keys im attempting now will post result later

No you weren't. You didn't read it.



You must login or register to view this content.

Lol This tread must be getting good feedback the super troopa julian is here all post run for the hills !!!

Unfortunately I don't have the cash to spare for equipment necessary at the moment but when I do ill try this unless you get to first good post man. I wouldn't have thought of this method on my own. Im kinda self taught in circuits and coding, but I know enough about what im doing to ask the right questions and try this though ill seek you out when I get the cash and if I run into troubles. Thanks for the post though.

koo add me were in the same boat funds are tight here 2 im not an expert either really just got into computing as a hobby and now im back in school trying to get a degree from it i have seen this method work on SSH-2 RSA 2048 encryption so should be the same basic concept with p3 please let me know if you attempt this i would love to help for now im working on a ssl man in the middle attack to retrieve to auth key should have some progress later today ill pm you with update

its changed since i first saw it was much longer

click link it will take you to the pdf if u want to read up

Come on guys give him a break good job dude

i read somthing like this ages ago to do with breaking ssl encrytion to crack rsa encrytion keys

Correct me if im wrong
But isnt the ps3 memory encrypted
making this attack useless?