|Back | Print | Bookmark
New Generation Computer Code Breaking Attacks
Fault Fault-Based External Assaults
Recent research has shown that common but highly secure public/private key cryptographic
methods are vulnerable to fault-based attack.
Yes, a lot of long words, but read on. The words basically mean that it is now potentially possible to crack the
security that we rely on daily: the security that banks offer for online banking, the security that we rely on for
business emails, the security packages that we buy off the shelf in our PC supermarkets. How can that be?
Well, various teams of researchers have been working on this, but the first successful test attacks were by a team
at the University of Michigan. They didn’t need to know about the computer hardware – all they needed to do was to
create transient (i.e. temporary or fleeting) faults in a computer whilst it was processing secure data. Then, by
monitoring the output and comparing that with what was expected, they identified incorrect outputs with the faults
they created. From this, using high power processing, they could work out what the ‘data’ was. That is, they could
break the code.
Modern security (one proprietary version is known as RSA) relies on two keys – a public key and a private key.
These keys are 1024 bit (128 bytes) and use massive prime numbers which interact. Now the problem is just like that
of cracking a safe – no safe is absolutely secure, but the better the safe, then the longer it takes to crack it.
Until now, it has been assumed that security based on the 1024 bit key would take too long to crack (we are talking
thousands of years), even with all the computing power on the planet. The latest research has shown that it can be
done in a matter of days, and even quicker if more computing power is used.
How do they crack it?
Modern computer memory and CPU chips do not run smoothly all the time, but they are designed to
self-correct when, for example, a cosmic ray disrupts a memory location in the chip (error correcting memory).
Ripples in the computer’s power supplies can also cause disruptions in the chip, and that was the basis of the test
attack in the University of Michigan.
Note that the test team did not need access to the internals of the computer, only to be ‘in proximity’ to it, i.e.
to affect the power supply.
Now, one way of protecting against this would be to increase the key size to say 2048 bits. That would require a
knowledge of prime numbers which is currently beyond us. There is no overall pattern of prime numbers, no formula
which maps them out. They have to be discovered, by trial and error computing. It is still one of the major puzzles
of modern mathematics.
Have you heard about the EMP effect of a nuclear explosion? An EMP (Electromagnetic Pulse) is a giant ripple in the
earth’s innate electromagnetic field which may be widespread or relatively localised depending on the size and
precise nature of the bomb used. An EMP would wreck electricity supply lines and non-hardened (specially protected)
radio and copper wire communications. Such pulses could also be generated on a much smaller scale by an
electromagnetic pulse gun, and such a pulse gun could be used to cause the transient chip faults that can be
monitored to crack encryption.
There is one final twist.
The level of faults to which chips are susceptible depends on the quality of their manufacture, and no chip is
perfect. The flip side is that chips can be manufactured to offer higher fault rates, by injecting contaminants
during production. Chips with higher fault rates could speed up the code-breaking process.
Cheap chips, slightly more susceptible to transient faults than the average, manufactured on a huge scale, could
become pervasive in world computers. It sounds like conspiracy theory, but some countries (China for example) plan
on a very long time scale. China also produces memory chips (and computers) in vast quantities.
It’s an interesting projection, makes you think.
I worked out a way that this proximal decoding could be done - it's one of the supporting
sub-plots in 'Gate of
(c) 2011 James Marinero
June 30, 2011
James Marinero is a professionally qualified IT consultant with over 30 years experience in
the information systems industry.
↑ Back to Top