The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered.
RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety of their customers' information online.
The scientists found they could foil the security system by varying the voltage supply to the holder of the "private key," which would be the consumer's device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly unlikely that a hacker could use this approach on a large institution, the researchers say. These findings would be more likely to concern media companies and mobile device manufacturers, as well as those who use them.
Andrea Pellegrini, a doctoral student in the Department of Electrical Engineering and Computer Science, will present a paper on the research at the upcoming Design, Automation and Test in Europe (DATE) conference in Dresden on March 10.
"The RSA algorithm gives security under the assumption that as long as the private key is private, you can't break in unless you guess it. We've shown that that's not true," said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science.
These private keys contain more than 1,000 digits of binary code. To guess a number that large would take longer than the age of the universe, Pellegrini said. Using their voltage tweaking scheme, the U-M researchers were able to extract the private key in approximately 100 hours.
They carefully manipulated the voltage with an inexpensive device built for this purpose. Varying the electric current essentially stresses out the computer and causes it to make small mistakes in its communications with other clients. These faults reveal small pieces of the private key. Once the researchers caused enough faults, they were able to reconstruct the key offline.
This type of attack doesn't damage the device, so no tamper evidence is left.
"RSA authentication is so popular because it was thought to be so secure," said Todd Austin, a professor in the Department of Electrical Engineering and Computer Science. "Our work redefines the level of security it offers. It lowers the safety assurance by a significant amount."
Although this paper only discusses the problem, the professors say they've identified a solution. It's a common cryptographic technique called "salting" that changes the order of the digits in a random way every time the key is requested.
"We've demonstrated that a fault-based attack on the RSA algorithm is possible," Austin said. "Hopefully, this will cause manufacturers to make a few small changes to their implementation of the algorithm. RSA is a good algorithm and I think, ultimately, it will survive this type of attack."
###
University of Michigan: http://www.umich.edu/ Thanks to University of Michigan for this article.
This article has been viewed 308 time(s).
 |
 Digg |
 FarkIt |
 |
 StumbleUpon |
 del.icio.us |
 |
Computer scientists from the University of California, San Diego broke "the terabyte barrier" – and a world record – when they sorted more than one terabyte of data (1,000 gigabytes or 1 million megabytes) in just 60 seconds. During this 2010 "Sort Benchmark" competition – the "World Cup of data sorting" – the computer scientists also tied a world record for fastest data sorting rate.
A research group led by computer scientists at the UCLA Henry Samueli School of Engineering and Applied Science has proved that cryptography — the practice and study of hiding information — that is based solely on physical location is possible by using quantum mechanics.
Google it. That's what many college students do when asked to read an excerpt of a play for class, write a resume or find the e-mail address of a politician.
Thousands of people around the world have died in train wrecks caused by natural disasters. In 2004, the tsunami in Southeast Asia derailed a Sri Lankan train, killing 1,700 people. But with modern advances, these tragedies can be avoided ― and a Tel Aviv University researcher, working in collaboration with teams from seven countries, is leading the way.
Researchers have shown that an advanced cooling technology being developed for high-power electronics in military and automotive systems is capable of handling roughly 10 times the heat generated by conventional computer chips.
To many big companies, you aren't just a customer, but are described by multiple "dimensions" of information within a computer database. Now, a University of Utah computer scientist has devised a new method for simpler, faster "data mining," or extracting and analyzing massive amounts of such data.
A new approach to processing X-ray data could lower by a factor of ten or more the amount of radiation patients receive during cone beam CT scans, report researchers from the University of California, San Diego.
As physician-guided robots routinely operate on patients at most major hospitals, the next generation robot could eliminate a surprising element from that scenario -- the doctor.