Fault-Based External Assaults
Recent research has shown that common but highly secure public/private key cryptographic methods are vulnerable to fault-based attack.
Yes, a lot of long words, but read on. The words basically mean that it is now potentially possible to crack the security that we rely on daily: the security that banks offer for online banking, the security that we rely on for business emails, the security packages that we buy off the shelf in our PC supermarkets. How can that be?
Well, various teams of researchers have been working on this, but the first successful test attacks were by a team at the University of Michigan. They didn’t need to know about the computer hardware – all they needed to do was to create transient (i.e. temporary or fleeting) faults in a computer whilst it was processing secure data. Then, by monitoring the output and comparing that with what was expected, they identified incorrect outputs with the faults they created. From this, using high power processing, they could work out what the ‘data’ was. That is, they could break the code.
Modern security (one proprietary version is known as RSA) relies on two keys – a public key and a private key.These keys are 1024 bit (128 bytes) and use massive prime numbers which interact. Now the problem is just like that of cracking a safe – no safe is absolutely secure, but the better the safe, then the longer it takes to crack it.Until now, it has been assumed that security based on the 1024 bit key would take too long to crack (we are talking thousands of years), even with all the computing power on the planet. The latest research has shown that it can be done in a matter of days, and even quicker if more computing power is used.
How do they crack it?
Modern computer memory and CPU chips do not run smoothly all the time, but they are designed to self-correct when, for example, a cosmic ray disrupts a memory location in the chip (error correcting memory). Ripples in the computer’s power supplies can also cause disruptions in the chip, and that was the basis of the test attack in the University of Michigan.
Note that the test team did not need access to the internals of the computer, only to be ‘in proximity’ to it, i.e.to affect the power supply.
Now, one way of protecting against this would be to increase the key size to say 2048 bits. That would require a knowledge of prime numbers which is currently beyond us. There is no overall pattern of prime numbers, no formula which maps them out. They have to be discovered, by trial and error computing. It is still one of the major puzzles of modern mathematics.
Have you heard about the EMP effect of a nuclear explosion? An EMP (Electromagnetic Pulse) is a giant ripple in the earth’s innate electromagnetic field which may be widespread or relatively localised depending on the size and precise nature of the bomb used. An EMP would wreck electricity supply lines and non-hardened (specially protected)radio and copper wire communications. Such pulses could also be generated on a much smaller scale by an electromagnetic pulse gun, and such a pulse gun could be used to cause the transient chip faults that can be monitored to crack encryption.
There is one final twist
The level of faults to which chips are susceptible depends on the quality of their manufacture, and no chip is perfect. The flip side is that chips can be manufactured to offer higher fault rates, by injecting contaminants during production. Chips with higher fault rates could speed up the code-breaking process.
Cheap chips, slightly more susceptible to transient faults than the average, manufactured on a huge scale, could become pervasive in world computers. It sounds like conspiracy theory, but some countries (China for example) plan on a very long time scale. China also produces memory chips (and computers) in vast quantities.
It’s an interesting projection, makes you think.
I worked out a way that this proximal decoding could be done – it’s one of the supporting sub-plots in ‘Gate of Tears’.
(c) 2011 James Marinero
June 30, 2011