More Web Proxy on the site http://driver.im/

research-article

Fault-based attack of RSA authentication

Authors:

Andrea Pellegrini,

Valeria Bertacco,

Todd AustinAuthors Info & Claims

DATE '10: Proceedings of the Conference on Design, Automation and Test in Europe

Pages 855 - 860

Published: 08 March 2010 Publication History

Abstract

For any computing system to be secure, both hardware and software have to be trusted. If the hardware layer in a secure system is compromised, not only it would be possible to extract secret information about the software, but it would also be extremely hard for the software to detect that an attack is underway. In this work we detail a complete end-to-end fault-attack on a microprocessor system and practically demonstrate how hardware vulnerabilities can be exploited to target secure systems. We developed a theoretical attack to the RSA signature algorithm, and we realized it in practice against an FPGA implementation of the system under attack. To perpetrate the attack, we inject transient faults in the target machine by regulating the voltage supply of the system. Thus, our attack does not require access to the victim system's internal components, but simply proximity to it.

The paper makes three important contributions: first, we develop a systematic fault-based attack on the modular exponentiation algorithm for RSA. Second, we expose and exploit a severe flaw on the implementation of the RSA signature algorithm on OpenSSL, a widely used package for SSL encryption and authentication. Third, we report on the first physical demonstration of a fault-based security attack of a complete microprocessor system running unmodified production software: we attack the original OpenSSL authentication library running on a SPARC Linux system implemented on FPGA, and extract the system's 1024-bit RSA private key in approximately 100 hours.

References

[1]

OpenSSL: The Open Source toolkit for SSL/TLS. http://www.openssl.org.

[2]

C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert. Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In Proc. of the Workshop on Cryptographic Hardware and Embedded Systems, Aug 2003.

Digital Library

[3]

F. Bao, R. Deng, Y. Han, A. Jeng, D. Narasimhalu, and T.-H. Ngair. Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults. In Proc. of the Workshop on Security Protocols, Apr 1998.

Digital Library

[4]

H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan. The sorcerer's apprentice guide to fault attacks. Proc. of the IEEE, Feb 2006.

[5]

E. Biham, Y. Carmeli, and A. Shamir. Bug Attacks. In Proc. of Advances in Cryptology, Aug 2008.

Digital Library

[6]

D. Boneh, R. Demillo, and R. Lipton. On the importance of eliminating errors in cryptographic computations. Journal of Cryptology, Dec 2001.

[7]

M. Boreale. Attacking right-to-left modular exponentiation with timely random faults. In Proc. of the Workshop of Fault Diagnosis and Tolerance in Cryptography, Oct 2006.

Digital Library

[8]

D. Brumley and D. Boneh. Remote timing attacks are practical. In Proc. of USENIX Security Symposium, Jun 2003.

Digital Library

[9]

K. Hamaguchi, A. Morita, and S. Yajima. Efficient construction of binary moment diagrams for verifying arithmetic circuits. In Proc. of the International Conference on Computer-Aided Design, Nov 1995.

Digital Library

[10]

M. Joye, A. Lenstra, and J.-J. Quisquater. Chinese remaindering based cryptosystems in the presence of faults. Journal of Cryptology, Dec 1999.

Digital Library

[11]

A. Menezes, P. V. Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, Oct. 1996.

Digital Library

[12]

J. Rabaey, A. Chandrakasan, and B. Nikolic. Digital Integrated Circuits. Prentice Hall, 2 edition, Jan 2003.

[13]

R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, Feb 1978.

Digital Library

[14]

J. Schmidt and C. Herbst. A practical fault attack on square and multiply. In Proc. of the Workshop of Fault Diagnosis and Tolerance in Cryptography, Aug 2008.

Digital Library

[15]

D. Wagner. Cryptanalysis of a provably secure CRT-RSA algorithm. In Proc. of the Conference on Computer and communications security, Oct 2004.

Digital Library

Cited By

Kanuparthi AKarri R(2015)Reliable Integrity Checking in Multicore ProcessorsACM Transactions on Architecture and Code Optimization10.1145/273805212:2(1-23)Online publication date: 11-May-2015
https://dl.acm.org/doi/10.1145/2738052
Ancajas DChakraborty KRoy S(2014)Fort-NoCsProceedings of the 51st Annual Design Automation Conference10.1145/2593069.2593144(1-6)Online publication date: 1-Jun-2014
https://dl.acm.org/doi/10.1145/2593069.2593144
Zick KSrivastav MZhang WFrench MHutchings BBetz V(2013)Sensing nanosecond-scale voltage attacks and natural transients in FPGAsProceedings of the ACM/SIGDA international symposium on Field programmable gate arrays10.1145/2435264.2435283(101-104)Online publication date: 11-Feb-2013
https://dl.acm.org/doi/10.1145/2435264.2435283
Show More Cited By

Recommendations

Seifert’s RSA Fault Attack: Simplified Analysis and Generalizations
Information and Communications Security
Abstract
Seifert (ACM CCS 2005) recently described a new fault attack against an implementation of RSA signature verification. Seifert’s attack differs from the seminal work of Boneh, DeMillo and Lipton (EUROCRYPT 1997) in that it targets a public-key ...
Structure-Based RSA fault attacks
ISPEC'12: Proceedings of the 8th international conference on Information Security Practice and Experience

Fault attacks against cryptographic schemes as used in tamper- resistant devices have led to a vibrant research activity in the past. This area was recently augmented by the discovery of attacks even on the public key parts of asymmetric cryptographic ...
Fault-injection Attack and Improvement of a CRT-RSA Exponentiation Algorithm
ICCNS '19: Proceedings of the 2019 9th International Conference on Communication and Network Security

RSA cryptosystem is a widely-used public-key cryptographic algorithm in TLS/SSL and IPSec protocols. Fault-injection attack has a powerful threat on the CRT-based implementation of RSA cryptosystem. In 2016, Y. Choi et al. proposed a new right-to-left ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

DATE '10: Proceedings of the Conference on Design, Automation and Test in Europe

March 2010

1868 pages

ISBN:9783981080162

General Chairs:
Giovanni De Micheli
EPF Lausanne, CH
,
Bashir Al-Hashimi
University of Southampton, UK
,
Program Chairs:
Wolfgang Mueller
University of Paderborn, SE
,
Enrico Macii
Politecnico di Torino, IT

Sponsors

EDAA: European Design Automation Association
ECSI
EDAC: Electronic Design Automation Consortium
SIGDA: ACM Special Interest Group on Design Automation
The IEEE Computer Society TTTC
The IEEE Computer Society DATC
The Russian Academy of Sciences: The Russian Academy of Sciences

Publisher

European Design and Automation Association

Leuven, Belgium

Publication History

Published: 08 March 2010

Check for updates

Qualifiers

Research-article

Conference

DATE '10

Sponsor:

EDAA
EDAC
SIGDA
The Russian Academy of Sciences

DATE '10: Design, Automation and Test in Europe

March 8 - 12, 2010

Germany, Dresden

Acceptance Rates

Overall Acceptance Rate 518 of 1,794 submissions, 29%

Upcoming Conference

DATE '25

Sponsor:
sigda

Design, Automation and Test in Europe

March 31 - April 2, 2025

Lyon , France

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
360
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kanuparthi AKarri R(2015)Reliable Integrity Checking in Multicore ProcessorsACM Transactions on Architecture and Code Optimization10.1145/273805212:2(1-23)Online publication date: 11-May-2015
https://dl.acm.org/doi/10.1145/2738052
Ancajas DChakraborty KRoy S(2014)Fort-NoCsProceedings of the 51st Annual Design Automation Conference10.1145/2593069.2593144(1-6)Online publication date: 1-Jun-2014
https://dl.acm.org/doi/10.1145/2593069.2593144
Zick KSrivastav MZhang WFrench MHutchings BBetz V(2013)Sensing nanosecond-scale voltage attacks and natural transients in FPGAsProceedings of the ACM/SIGDA international symposium on Field programmable gate arrays10.1145/2435264.2435283(101-104)Online publication date: 11-Feb-2013
https://dl.acm.org/doi/10.1145/2435264.2435283
Chen CWang TTian J(2013)Improving timing attack on RSA-CRT via error detection and correction strategyInformation Sciences: an International Journal10.1016/j.ins.2012.01.027232(464-474)Online publication date: 1-May-2013
https://dl.acm.org/doi/10.1016/j.ins.2012.01.027
Hernandez-Ardieta JGonzalez-Tablas ADe Fuentes JRamos B(2013)A taxonomy and survey of attacks on digital signaturesComputers and Security10.1016/j.cose.2012.11.00934(67-112)Online publication date: 1-May-2013
https://dl.acm.org/doi/10.1016/j.cose.2012.11.009
Chen CWang TCheung BHui LSandhu RWong D(2011)A new and extended fault analysis on RSAProceedings of the 6th ACM Symposium on Information, Computer and Communications Security10.1145/1966913.1966980(466-470)Online publication date: 22-Mar-2011
https://dl.acm.org/doi/10.1145/1966913.1966980
Kirkpatrick MKerr SBertino ECheung BHui LSandhu RWong D(2011)PUF ROKsProceedings of the 6th ACM Symposium on Information, Computer and Communications Security10.1145/1966913.1966934(155-164)Online publication date: 22-Mar-2011
https://dl.acm.org/doi/10.1145/1966913.1966934
Pellegrini ABertacco VScheffer LPhillips JHu A(2010)Application-aware diagnosis of runtime hardware faultsProceedings of the International Conference on Computer-Aided Design10.5555/2133429.2133531(487-492)Online publication date: 7-Nov-2010
https://dl.acm.org/doi/10.5555/2133429.2133531

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents