'Severe' OpenSSL vuln busts public key crypto
Private keys pilfered through power supply
Computer scientists say they've discovered a "severe vulnerability" in the world's most widely used software encryption package that allows them to retrieve a machine's secret cryptographic key.
The bug in the OpenSSL cryptographic library is significant because the open-source package is used to protect sensitive data in countless applications and operating systems throughout the world. Although the attack technique is difficult to carry out, it could eventually be applied to a wide variety of devices, particularly media players and smartphones with anti-copying mechanisms.
"Wherever you need to verify the origin of a piece of software or a piece of information, those building blocks come in handy," said Karsten Nohl, an independent security researcher. Nohl has in unrelated attacks broken encryption in widely used smartcards and cordless phones. "The OpenSSL library provides much more than just SSL."
The scientists, from the University of Michigan's electrical engineering and computer science departments, said the bug is easily fixed by applying cryptographic "salt" to an underlying error-checking algorithm. The additional randomization would make the attack unfeasible.
An OpenSSL official, who asked that his name not be published, said engineers are in the process of pushing out a patch and stressed the attack is difficult to carry out in real-world settings.
The university scientists found that they could deduce tiny pieces of a private key by injecting slight fluctuations in a device's power supply as it was processing encrypted messages. In a little more than 100 hours, they fed the device enough "transient faults" that they were able to assemble the entirety of its 1024-bit key.
"This is probably not as much of a threat to a server system as it is to a consumer device," said Todd Austin, one of the scientists who devised the attack. "The place where this would be more applicable would be if you want to attack a Blu-ray player (where) you have an environment where someone is giving you a device that has a private key to protect intellectual property and you have physical access to the device."
Servers, by contrast, would be much harder to attack because they are generally located in places that prevent people from manipulating their power supply. But that doesn't mean they're immune to such exploits. In events where a machine was overheating or otherwise experiencing power fluctuations, the vulnerability will cause servers to leak secret data that could be intercepted by attackers.
The scientists are also experimenting with the possibility of exploiting the bug using lasers or natural radiation sources, they said.
The attack is enabled by what the researchers described as a "severe vulnerability" in the OpenSSL innards that carry out authentication based on the RSA public key encryption algorithm. It resides in the so-called fixed window exponentiation algorithm of the open-source crypto library, which is used when errors arise. By triggering a single-bit error in a multiplication operation, the scientists were able to force OpenSSL to divulge 4 bits of the secret key.
Once they gathered about 8,800 malformed messages from the targeted device, they fed the data into an 81-machine cluster of 2.4 GHz Pentium-4 systems running a custom-designed algorithm. They applied the technique to an embedded hardware device consisting of a Sparc processor running a Linux operating system and were able to extract its 1024-bit private key in 104 hours.
The researchers said it may be possible to apply the method to other crypto libraries, such as one offered by the Mozilla Foundation.
The other two scientists working on the project were Valeria Bertacco and Andrea Pellegrini. Their paper (pdf) will be presented next week in Dresden at the Design Automation and Test in Europe conference. ®
nothing to do with openssl
I find this article is in poor form. This is a hardware attack, and not a new one at that. People have been injecting power supply and clock glitches in to systems for years. There are references all over the net about this, and specific attacks.
To claim that this is anything new is wrong, and to name the openSSL project, and the mozilla foundation software projects in this context is wrong. This is not about a bug in any of them and the bad press is unfounded. Yes you can glitch computers and chips, and that is a matter of hardware/physical security.
OpenSSL are entirely innocent here. They do not have a bug, especially not a 'severe' one.
Blu-ray uses AACS crypto, and has nothing to do with OpenSSL.
You need fine grained control over the power to chip to do this, and you need to know the specific chip. A random 'hot' server is not going to do this. You'd need physical access to the machine, and need to lift the power supply pin to a chip and inject your own fine grained power, and be able to run a controlled crypto test over and over while observing the results.
This smells like someone fishing for publicity, and an article picked up and run by someone who really doesnt understand the subject.
It doesn't work
After reading this, I tried to induce my Sky box to divulge it's porn channels for free by modulating the power supply with my Arc welder. It seems Sky, in their wisdom, anticipated this attack and have built in a protection mechanism where the box shuts down permanently after emitting a modest amount of smoke.
It would probably be better if the Reg resisted publishing these types of stories until the 1st April.
Bring back shops!
There was nowt like this to worry about in the days of shops and banks.
All this interweb telesales malarkey's a load of old bobbins.