1 April 2010—A new chink has been found in the cryptographic armor that protects bank transactions, credit-card payments, and other secure Internet traffic. And although programmers have devised a patch for it, clever hackers might still be able to break through.
The hack, presented in March at a computer security conference in Dresden, Germany, involves lowering the input voltage on a computer’s cryptography chip set and collecting the errors that leak out when the power-starved chips try and (sometimes) fail to encode messages. Crooks would then use those errors to reconstruct the secret key on which the encryption is based. More important, say the hack’s creators, the same attack could also be performed from afar on stressed systems, such as computer motherboards that run too hot or Web servers that run too fast.
The attacks would succeed because the standard cryptographic functions (called OpenSSL) don’t always double-check their work before sending it out into the world. The researchers found that an encrypting chip running on low voltage might not scramble the digits thoroughly, leaving instead the digital relics of four to eight bits of the secret key that encoded the message. With the right kind of guesswork and some clever math, the researchers say, those snippets could be picked off, one at a time, until the entire 1024-bit crypto key was decoded.
By manipulating a crypto chip on their lab bench, the research team cracked the commonplace RSA 1024 computer security standard (which typically uses OpenSSL) in 104 hours. As a result, the authors of the new study say, even supposedly ironclad secure crypto systems could be broken—at least in laboratory environments—if persistently attacked for hundreds of hours. Compared to the ”age of the universe” timescales supposedly needed for brute force to guess the codes that could crack standard Internet security protocols, the new attack represents a step forward for evil.
”We work in resilient system design; we spend most of our time trying to fix faults,” says the paper’s coauthor Todd Austin, who is a professor of electrical engineering and computer science at the University of Michigan. ”So we know how to inject [faults] in so they’re really evil and can’t be found.”
Austin, along with Michigan colleagues Valeria Bertacco and Andrea Pellegrini, designed and publicized their hack so that the forces of good could prevent it from falling into the wrong hands. The researchers also wrote a patch for OpenSSL that ensures it always double-checks its encryption before transmitting any encrypted message.
On the other hand, even if system administrators all over the world patched every Web server running OpenSSL tomorrow, Austin says, there are still millions of other computer chips (smart cards, mobile phones, motherboards on pay-TV boxes) that come with OpenSSL hard-coded. These would be more difficult to patch or update.