Subtle Chip or Apllication Math Errors Can Lead to Big Problems

Over the weekend, the New Yorks Times ran an article on a potential IT security problem posed by errors in microprocessor chips such as the Intel Pentium error of a few years back or the recent Microsoft Excel spreadsheet bug.

Adi Shamir, a professor at the Weizmann Institute of Science in Israel and one of the three designers of the RSA public key algorithm, circulated a research note about how an attacker could exploit an undetected subtle math error and make breaking public key cryptography possible.

The Times article notes that Mr. Shamir believes that "if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be 'trivially broken with a single chosen message.' Executing the attack would require only knowledge of the math flaw and the ability to send a 'poisoned' encrypted message to a protected computer. It would then be possible to compute the value of the secret key used by the targeted system. With this approach, 'millions of PCâ''s can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually.' "

It isn't believed that this technique is being used - yet. It still seems easier to poison PC components themselves like hard drives at the factory, which recently happened to Seagate Maxtor drives made in Thailand and which were pre-loaded with password stealing Trojan horses.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City