RSA-1024bit hacked

popoffka

Well-Known Member
Member
Joined
Jun 9, 2009
Messages
341
Trophies
0
Location
Riga
Website
popoffka.ru
XP
411
Country
QUOTE said:
ANN ARBOR, Mich.—The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered.

RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety of their customers' information online.

The scientists found they could foil the security system by varying the voltage supply to the holder of the "private key," which would be the consumer's device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly unlikely that a hacker could use this approach on a large institution, the researchers say. These findings would be more likely to concern media companies and mobile device manufacturers, as well as those who use them.

Andrea Pellegrini, a doctoral student in the Department of Electrical Engineering and Computer Science, will present a paper on the research at the upcoming Design, Automation and Test in Europe (DATE) conference in Dresden on March 10.

"The RSA algorithm gives security under the assumption that as long as the private key is private, you can't break in unless you guess it. We've shown that that's not true," said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science.

These private keys contain more than 1,000 digits of binary code. To guess a number that large would take longer than the age of the universe, Pellegrini said. Using their voltage tweaking scheme, the U-M researchers were able to extract the private key in approximately 100 hours.

They carefully manipulated the voltage with an inexpensive device built for this purpose. Varying the electric current essentially stresses out the computer and causes it to make small mistakes in its communications with other clients. These faults reveal small pieces of the private key. Once the researchers caused enough faults, they were able to reconstruct the key offline.

This type of attack doesn't damage the device, so no tamper evidence is left.

"RSA authentication is so popular because it was thought to be so secure," said Todd Austin, a professor in the Department of Electrical Engineering and Computer Science. "Our work redefines the level of security it offers. It lowers the safety assurance by a significant amount."

Although this paper only discusses the problem, the professors say they've identified a solution. It's a common cryptographic technique called "salting" that changes the order of the digits in a random way every time the key is requested.

"We've demonstrated that a fault-based attack on the RSA algorithm is possible," Austin said. "Hopefully, this will cause manufacturers to make a few small changes to their implementation of the algorithm. RSA is a good algorithm and I think, ultimately, it will survive this type of attack."

The paper is called "Fault-based Attack of RSA Authentication." This research is funded by the National Science Foundation and the Gigascale Systems Research Center.
Do you think it's possible to do something like this with a DSi?
 

zeromac

Finally reached 1000 posts EXACTLY
Member
Joined
Mar 7, 2009
Messages
2,193
Trophies
0
Age
24
Location
Earth
Website
Visit site
XP
242
Country
Well according to this, you have to run voltage through it so if anyone is willing to do it xD
Imagine that, some retard using jumper cables attached to a power-line and the other end attached to a DSI
 

RupeeClock

Colors 3D Snivy!
Member
Joined
May 15, 2008
Messages
6,453
Trophies
1
Age
31
Website
Visit site
XP
2,182
Country
zeromac said:
Well according to this, you have to run voltage through it so if anyone is willing to do it xD
Imagine that, some retard using jumper cables attached to a power-line and the other end attached to a DSI

BUSHING, GET IN HERE.

But seriously, there's documentation for this, just google "Fault-based Attack of RSA Authentication"
It has a nice simple diagram too.
pZWpN.png
 

Maikel Steneker

M3 Fanboy
Member
Joined
May 16, 2007
Messages
3,393
Trophies
0
Age
30
Website
ndss.nl
XP
350
Country
Netherlands
fgghjjkll said:
NDS/NDSL uses RSA for DS Download Play
Well that's certainly interesting! I can't wait for downloading homebrew via Download Play without using FlashMe!

I guess this would also mean that the DSi uses RSA for Download Play, right? I don't think they have changed anything about that.

Wait, do you actually mean 1024? The DS might use another variant?
 
Joined
Jul 31, 2003
Messages
1,211
Trophies
0
XP
1,770
Country
Afghanistan
This article is bullshit. For starters, RSA is a software algorithm. These scientists clearly attacked a specific RSA implementation and found a weakness there, not in the algorithm. The "Journalist" writing that article obviously didn't have the brains to comprehend that.

tl;dr
RSA != broken
 

Site & Scene News

General chit-chat
Help Users
  • Flame @ Flame:
    did you own a genesis ken
  • Flame @ Flame:
    or maybe you still do
  • kenenthk @ kenenthk:
    Pretty sure I did I remember playing lion King on it
  • CompSciOrBust @ CompSciOrBust:
    Uni wifi slow af today
  • sorabora tempBOT:
    sorabora has left the room.
  • felixsrg tempBOT:
    felixsrg has left the room.
  • CeeDee @ CeeDee:
    CeeDee has left the room.
  • impeeza @ impeeza:
    I want yo eat more veggies.
  • impeeza @ impeeza:
    but I am anticoagulted so no can do ;(
  • kenenthk @ kenenthk:
    You wouldn't like my veggie
  • PeeJay Bonobo @ PeeJay Bonobo:
    BUMPER CARS
  • kenenthk tempBOT: @ kenenthk
    Into the thick of it
  • XAIXER @ XAIXER:
    Pretty quiet Shoutbox
  • SG854 @ SG854:
    Chit chat move at too fast a pace. Before when it was like 4 people I could keep up.
  • SylvWolf tempBOT:
    SylvWolf has left the room.
  • XAIXER @ XAIXER:
    True
  • PeeJay Bonobo @ PeeJay Bonobo:
    Nowadays, everybody wanna talk like they got something to say, but nothing comes out
  • MochaMilk @ MochaMilk:
    New update looks clean as heck!
    +1
  • XAIXER @ XAIXER:
    Never seen it get to 0 before...
  • PeeJay Bonobo @ PeeJay Bonobo:
    I have.
  • PeeJay Bonobo @ PeeJay Bonobo:
    but the issue is, when you start talking, it increases to 1
  • PeeJay Bonobo @ PeeJay Bonobo:
    So I guess it counts the active people in the chat.
    +1
    PeeJay Bonobo @ PeeJay Bonobo: So I guess it counts the active people in the chat. +1