Recent research has demonstrated that common but highly secure public/private key encryption methods are vulnerable to fault-based attack.
This basically means that it is now practical to crack the coding systems that we trust every day: the security that banks offer for internet banking, the coding software that we rely on for business emails, the security packages that we buy off the shelf in our computer superstores. How can that be possible?
Well, various teams of researchers have been working on this, but the first successful test attacks were by a group at the University of Michigan. They didn't need to know about the computer hardware - they only needed to create transient (i.e. temporary or fleeting) glitches in a computer whilst it was processing encrypted data. Then, by analyzing the output data they identified incorrect outputs with the faults they created and then worked out what the original 'data' was.
Modern security (one proprietary version is known as RSA) relies on a public key and a private key. These encryption keys are 1024 bit and use massive prime numbers which are combined by the software. The problem is just like that of cracking a safe - no safe is absolutely secure, but the better the safe, then the more time it takes to crack it. It has been taken for granted that security based on the 1024 bit key would take too much time to crack, even with all the computers on earth. The latest research has shown that decoding can be achieved in a few days, and even quicker if more computing power is used.
How do they crack it?
Modern computer memory and CPU chips do are so miniaturised that they are prone to occasional faults, but they are designed to self-correct when, for example, a cosmic ray disrupts a memory location in the chip (error correcting memory). Ripples in the power supply can also cause short-lived (transient) faults in the chip. Such faults were the basis of the cryptoattack in the University of Michigan.
Note that the test team did not need access to the internals of the computer, only to be 'in proximity' to it, i.e. to affect the power supply.
Have you heard about the EMP effect of a nuclear explosion? An EMP (Electromagnetic Pulse) is a ripple in the earth's innate electromagnetic field. It may be relatively localised depending on the size and precise type of bomb used. Such pulses could also be generated on a much smaller scale by an electromagnetic pulse gun. A small EMP gun could use that principle locally and be used to create the transient chip faults that could then be monitored to crack encryption.
There is one final twist that affects how quickly encryption keys can be broken.
The level of faults to which integrated circuit chips are susceptible depends on the quality of their manufacture, and no chip is perfect. Chips can be manufactured to offer higher fault rates, by carefully introducing contaminants during manufacture. Chips with higher fault rates could speed up the code-breaking process.
Cheap chips, just slightly more susceptible to transient faults than the average, manufactured on a huge scale, could become widespread. China produces memory chips (and computers) in vast quantities. The implications could be serious.
0 comments:
Post a Comment