Berkeley CSUA MOTD:Entry 53748
Berkeley CSUA MOTD
2017/09/25 [General] UID:1000 Activity:popular

2010/3/9-30 [Computer/HW/CPU, Computer/SW] UID:53748 Activity:nil
        I failed to see why you must starve the CPU of electricity. Why
        can't you just simulate that in software?
        \_ And if you can simulate that in software, why not just single-
           stepping the simulated CPU and get the key out?
Cache (6332 bytes)
encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply. Mar 9th 2010 6:46AM Highly Ranked @MaxL I don't get it, doesn't this mean they need access to the private key in the first place? This requires tampering with the CPU that is encrypting my message with my private key. If you have that access, just take my private key already... If I'm sending an encrypted message over the internet, nobody can fluctuate my computers' power supply before it's already encrypted and shot off to the interwebs. I guess a well implemented virus can do such a thing, but then again, if there's a virus that can 'carefully starve my CPU', it can probably access pretty much anything on my computer anyway. Mar 9th 2010 11:18AM Highly Ranked @MaxL I hate these kind of posts that induce completely unfounded and unrealistic paranoia. First of all this is specific to an implementation, THEIR implementation that relies on meticulously placed data in memory and what not. You do not have access to the server in any real world application. It's like being concerned that a midget could be hiding inside your safe and will open it when a burglar comes by. Mar 9th 2010 3:42AM Highest Ranked You're right, and there's no need to panic, but the fact remains that these hackers cracked industrial strength security using a truly innovative technique. Mar 9th 2010 4:29AM Neutral @jeblis A year ago Cisco had to recall a bunch of their switches/routers that had been manufactured in China and delivered to US agencies because the Chinese had manufactured weaknesses into them in order to aid their hackers. Mar 9th 2010 11:22AM Neutral @linuxamp They did not crack anything. If your server is compromised, you can just transfer the private key via 100s of methods. Including just reading it off the HDD since you have so much access to adjust the CPU voltage. Mar 9th 2010 11:25AM Neutral @jeblis It's not really that hard to imagine a scenario where sensitive items fall into the wrong (or right) hands. Think of all the times that a laptop with sensitive data has been lost or stolen. Or in a war zone where a officers with toughbooks full of troop movements or deployment info being ambushed or simply having their laptop stolen. Very helpful in prosecuting people breaking the law who are smart enough to encrypt their data. This crack could lead to busting of child pornography rings. iit's since 1997 when Rivest, Shamir and Adleman first used that algorithm that was discovered in 1973 by a British mathematician working for the UK intelligence agency (GCHQ)... back in 2002, I met a man at work who had a son (he was just that year) that invented a way to break most of the encryption algorithms used at that time, but then a couple of FBI agents (Not NSA) came with a document (this was in Chile by the way) that stated that the US and Chile had an agreement (as well as most of the world) that was designed to ensure two things; first that nobody developed a stronger algorithm that blocked US ability to scan info around the world and two; that encryption algorithms remain safe for regular people to use. Mar 9th 2010 4:04AM Neutral @Patricio Arnechino Breaks like these are presented all the time. There was even one about Rijndael that could be broken, though it was a few rounds less than what AES-128 required. Me thinks even the US government would welcome such research as it is better to be discovered now by a good guy instead of being instantly exploited by a bad guy. Mar 9th 2010 3:35AM Neutral Sorry, do I understand this correctly that this "hack" requires a physical access to the power supply of a server with the private key? If they have access to that, why not just steal the whole box? It's amazing they did that (talk about precision when you need to generate one error per clock cycle), but it's not a real threat. Mar 9th 2010 5:13AM Neutral @Bratyr Not if your equipment is behind a UPS. Controlling Vcore and other voltages of a computer requires hardware, BIOS, and/or root access. Mar 9th 2010 5:22AM Neutral @kingu I meant if they have that level of physical access already you have a problem since adjusting power to the server would require access to the servers actual power supply if not motherboard not simply the mains feeding it - any blips you caused in the mains would be smoothed out by the PSU or the server would just shut off. but this kind of implementation flaw is unfixable in the algorithm. Not to worry, though - it's always been up to sysadmins to provide physical & control-level security for their computers. Mar 9th 2010 7:57AM Neutral Since it seems you would need physical access to the machine, the only thing I can see this being useful for is breaking disc encryption. assuming they don't have a better one already that they're not telling us about. This technique relies on the cpu already knowing the key; if you've got that, then there are more invasive and easier techniques to get that. If you've got just a HD and no key, then this won't help you. Mar 9th 2010 4:41PM Neutral Could be a possible technique for getting keys from 'anti-consumer' technology where a consumer box already has the key to decode movies/games/etc, but it's difficult to extract. AOL News Boss of the Year Entry Form Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.