Since 1977, RSA public-key
encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500
years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the
University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully
hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.
posted March 9th 2010 2:47AM
If humans make it, Humans can destroy it.
Its that simple.
@MaxL
That's why some people only buy Alienware™.
Humans didn't make math. The math behind RSA encryption is still sound. Pentiums suck.
@MaxL
I don't get it, doesn't this mean they need access to the private key in the first place? This requires tampering with the CPU that is encrypting my message with my private key. If you have that access, just take my private key already... If I'm sending an encrypted message over the internet, nobody can fluctuate my computers' power supply before it's already encrypted and shot off to the interwebs.
I guess a well implemented virus can do such a thing, but then again, if there's a virus that can 'carefully starve my CPU', it can probably access pretty much anything on my computer anyway.
@JoeRodricks
They used P4s to get the key from a SPARC
@MaxL
I hate these kind of posts that induce completely unfounded and unrealistic paranoia. First of all this is specific to an implementation, THEIR implementation that relies on meticulously placed data in memory and what not. Anything can be setup to fail like this. You do not have access to the server in any real world application. This is not a reason to be even slightly concerned.
It's like being concerned that a midget could be hiding inside your safe and will open it when a burglar comes by.
@Kurian
Theirs a midget in my safe? why din't anyone tell me this sooner??? I have to get home!
Paranoia, even as pun, wasn't intended... I suppose!
However, I think the beauty is in the process, and how they did it...
Better late than never.
/. reported this ages ago.
Downranking a comment because Engadget reports old news?
Go Blue :)
It's unlikely that an attacker would have access to the server hardware to cause power fluctuations.
You're right, and there's no need to panic, but the fact remains that these hackers cracked industrial strength security using a truly innovative technique.
@jeblis
A year ago Cisco had to recall a bunch of their switches/routers that had been manufactured in China and delivered to US agencies because the Chinese had manufactured weaknesses into them in order to aid their hackers.
Where are your power supplies made? Is anything out of the question in this day and age?
@formetopoopon
link please I would love to read that store.
@linuxamp
Indeed! That is one helluva clever approach.
I thought I might add though that they don't need access to your server room. If you think about it one carefully placed router tweaked internally would suffice
@formetopoopon yes, link please - i can't find it on google.
@linuxamp
They did not crack anything. If your server is compromised, you can just transfer the private key via 100s of methods. Including just reading it off the HDD since you have so much access to adjust the CPU voltage.
@jeblis
It's not really that hard to imagine a scenario where sensitive items fall into the wrong (or right) hands.
Think of all the times that a laptop with sensitive data has been lost or stolen. Or in a war zone where a officers with toughbooks full of troop movements or deployment info being ambushed or simply having their laptop stolen.
There's also the NSA law enforcement line. Any equipment seized in a raid can be cracked. Very helpful in prosecuting people breaking the law who are smart enough to encrypt their data. This crack could lead to busting of child pornography rings.
Or you could just beat up the admin until he gives you the password...
@PyRo1509
I already know the password. This is just for fun. *CLUB*
@PyRo1509
Brute force FTW!
Practical or not, that is an amazing accomplishment.
Die hard did it first
So, if somebody steals your supercomputer, they might be able to hack it?
Pentium 4 ftw!
It's not since 1977... iit's since 1997 when Rivest, Shamir and Adleman first used that algorithm that was discovered in 1973 by a British mathematician working for the UK intelligence agency (GCHQ)... just saying. True story; back in 2002, I met a man at work who had a son (he was just that year) that invented a way to break most of the encryption algorithms used at that time, but then a couple of FBI agents (Not NSA) came with a document (this was in Chile by the way) that stated that the US and Chile had an agreement (as well as most of the world) that was designed to ensure two things; first that nobody developed a stronger algorithm that blocked US ability to scan info around the world and two; that encryption algorithms remain safe for regular people to use. So I think this guys will soon hear from them :)
@Patricio Arnechino
Breaks like these are presented all the time. There was even one about Rijndael that could be broken, though it was a few rounds less than what AES-128 required.
Me thinks even the US government would welcome such research as it is better to be discovered now by a good guy instead of being instantly exploited by a bad guy.
@Patricio Arnechino: that just sounds like bull... Noone can prevent you from using any encryption-algorithm..
@Patricio Arnechino You're not right in what you say, RSA was in use way before 1997. The rest of your comment is pure conspiracy junk.
2048 bit encryption it is then!
@sacredgeometry In this method encryption length will not greatly increase processing time
@petebob796 im sure thats only true up until a point
@sacredgeometry - usually these bit-flipping attacks are more linear than exponential (like brute force is), so, mathematically speaking, doubling the key size doesn't slow down an attacker - it'll take 10 days instead of 5.
Sorry, do I understand this correctly that this "hack" requires a physical access to the power supply of a server with the private key? If they have access to that, why not just steal the whole box? To me that'd be the bigger issue.
Also, would that work on a server running in a VM?
It's amazing they did that (talk about precision when you need to generate one error per clock cycle), but it's not a real threat.
@StanO Encryption like this isn't always just used on a server hidden away somewhere. For instance the xbox 360 signs games in a similar way.
Hackers... What don't they know !!
@analogx
How to stop themselves from hacking...
@brolin
your mom?
If they can adjust how much power is getting to your server you're already screwed.
@Bratyr Not if your equipment is behind a UPS. Which servers often are. Controlling Vcore and other voltages of a computer requires hardware, BIOS, and/or root access.
@kingu
I meant if they have that level of physical access already you have a problem since adjusting power to the server would require access to the servers actual power supply if not motherboard not simply the mains feeding it - any blips you caused in the mains would be smoothed out by the PSU or the server would just shut off.
"until RSA hopefully fixes the flaw"
"RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography[1]. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography."
How can an algorithm fix itself?
@bergwitz RSA also refers to a company: http://en.wikipedia.org/wiki/RSA_Security
... but this kind of implementation flaw is unfixable in the algorithm. Not to worry, though - it's always been up to sysadmins to provide physical & control-level security for their computers.
Since it seems you would need physical access to the machine, the only thing I can see this being useful for is breaking disc encryption. If the FBI/NSA/KGB/MI5/Stasi confiscates your heavily encrypted drive, they might be able to break the encryption using this technique....assuming they don't have a better one already that they're not telling us about. :)
@ragtag half correct. This technique relies on the cpu already knowing the key; if you've got that, then there are more invasive and easier techniques to get that. If you've got just a HD and no key, then this won't help you.
not applicable, most probably not reproducible.
So then this is how ninjas hack in to our servers...
2048 it is.
Could be a possible technique for getting keys from 'anti-consumer' technology where a consumer box already has the key to decode movies/games/etc, but it's difficult to extract.