RSA Attack Efficiency Improves
- Date: 2006-11-28 - Word Count: 521
Share This!
August 2006 saw the disclosure of a fairly interesting attack against the RSA encryption algorithm (most famously being used in SSL – protecting online transactions). While it didn't target the actual algorithm, which still has not been broken, it is a so-called side channel attack, targeting the peculiarities associated with implementing the algorithm on various computing hardware.
The team behind the initial disclosure have recently submitted a modified approach to the attack, resulting in almost-astronomical improvements in attack efficiency.
In basic terms, the attacks rely upon a phenomenon known as 'Branch Prediction Analysis', where a program / attacker is able to predict what other software is doing as it passes through the CPU of a system.
In the first iteration of the described attack, the method required snooping on what was happening with the CPU for a relatively long period (or number of cycles), and certain software that implemented SSL protection (OpenSSL) quickly introduced patches to protect against this listening attack.
While many hardware manufacturers and Operating System developers have introduced defensive mechanisms to try and prevent this sort of attack taking place, it has been discovered that Pentium-IV (PIV) chips with Hyper-Threading enabled still have two caches that are not adequately protected. The new iteration of the attack, using a technique dubbed 'Simple Branch Prediction Analysis' (SBPA) targets both of these caches and can extract almost the complete secret SSL key in just one cycle. Running as an unprivileged user, this method can also target and extract data from any other software processes running on the system (SSL is an example in this case).
The technical black magic of how a branch predictor attack works can be explained as follows. Although modern CPUs are very quick, they still can't process absolutely every bit of information that they need to without a queue building up. This queue of instructions / data waiting for processing sits in a cache next to the CPU and they are executed in order of priority / time spent in the queue (various tuning settings come into play). By attempting to monopolise the CPU's attention, and filling the cache, the miniscule timing differences between when instructions from the same process are executed can give hints about what other instructions and data are moving through the CPU. Being able to interpret what this data is exactly, is key to branch prediction.
Mitigating the issue is the requirement to be running secure and insecure processes on the same processor at the same time, and for the attacker being able to run their process as a local user. Due the spying process capturing almost 100% CPU continuously while it is running, normal system monitoring software should be alerting administrators to something out of the ordinary running on the system.
What real-world threat exists for this relatively esoteric attack? Shared-server installations. It would be possible for a lesser-privileged account holder on a shared server to run the spying process while other account holders are negotiating SSL connections. A well timed attack will allow them to run their spying process once (and thus minimise the attention drawn to it), and then be able to effectively intercept SSL communications directed at the target.
The team behind the initial disclosure have recently submitted a modified approach to the attack, resulting in almost-astronomical improvements in attack efficiency.
In basic terms, the attacks rely upon a phenomenon known as 'Branch Prediction Analysis', where a program / attacker is able to predict what other software is doing as it passes through the CPU of a system.
In the first iteration of the described attack, the method required snooping on what was happening with the CPU for a relatively long period (or number of cycles), and certain software that implemented SSL protection (OpenSSL) quickly introduced patches to protect against this listening attack.
While many hardware manufacturers and Operating System developers have introduced defensive mechanisms to try and prevent this sort of attack taking place, it has been discovered that Pentium-IV (PIV) chips with Hyper-Threading enabled still have two caches that are not adequately protected. The new iteration of the attack, using a technique dubbed 'Simple Branch Prediction Analysis' (SBPA) targets both of these caches and can extract almost the complete secret SSL key in just one cycle. Running as an unprivileged user, this method can also target and extract data from any other software processes running on the system (SSL is an example in this case).
The technical black magic of how a branch predictor attack works can be explained as follows. Although modern CPUs are very quick, they still can't process absolutely every bit of information that they need to without a queue building up. This queue of instructions / data waiting for processing sits in a cache next to the CPU and they are executed in order of priority / time spent in the queue (various tuning settings come into play). By attempting to monopolise the CPU's attention, and filling the cache, the miniscule timing differences between when instructions from the same process are executed can give hints about what other instructions and data are moving through the CPU. Being able to interpret what this data is exactly, is key to branch prediction.
Mitigating the issue is the requirement to be running secure and insecure processes on the same processor at the same time, and for the attacker being able to run their process as a local user. Due the spying process capturing almost 100% CPU continuously while it is running, normal system monitoring software should be alerting administrators to something out of the ordinary running on the system.
What real-world threat exists for this relatively esoteric attack? Shared-server installations. It would be possible for a lesser-privileged account holder on a shared server to run the spying process while other account holders are negotiating SSL connections. A well timed attack will allow them to run their spying process once (and thus minimise the attention drawn to it), and then be able to effectively intercept SSL communications directed at the target.
Related Tags: security, information security, sunnet beskerming, rsa, https, online transactions
Carl is the founder and lead researcher for Sūnnet Beskerming (http://www.beskerming.com), an Information Security company that services the world and still maintains the local touch.
Your Article Search Directory : Find in ArticlesRecent articles in this category:
- Using Weights With Yoga - 3 Reasons Why You Should Be Doing It
By putting these two together that you are fulfilling the wants and desires of your respective syste - 3 Elements Of Your Classified Ad That Are Key For Your Success
Classified advertising is still an effective way to promote your products and services. When doing c - 2 Ways To Make Your Next Classified Ad Work
If you want to have success with classified advertising, then you will want to generate a lead. With - What Not To Do When Running Classified Ads
Classified ads are a great way to build your business brand and to get qualified prospects to your b - 6 Tips For Writing Winning Classified Ads
Are you currently running classified ads with little to no response? If so then you may benefit from - Best Ways To Market Your Product
Marketing the products properly to improve the sales rates is very important in any kind of business - Find The Best Digital Printing Services Company
Aside from price considerations, other aspects you need to look into include the company's turnaroun - Choosing Eco-friendly Designs For A Kitchen Cabinet - What Are The Advantages?
You may like the idea of having a bamboo kitchen cabinet if you have an environmentally friendly att - Choosing A Kitchen Cabinet - What You Need To Pay Attention Before Buying
You can turn you kitchen, which is the most often used place in your home, more appealing by install - Supply Promotional Bags To Extend Your Client Base
Although plastic shopping bags and tote bags are the most liked variety, it is worth noting that the
Most viewed articles in this category:
- Color Psychology - Logo Design
When we see colors, we connect with them instantly on a subliminal level. No one can be sure if our - Phonewords - 13, 1300 And 1800 Numbers As Marketing Tools
In the Concise Oxford Dictionary, image is described as "the character or reputation of a person or - How My Father Treated His High Blood Pressure Naturally?
My Father treated his high blood pressure problem in a natural way recently, without any doctor's tr - The Secret to Effective Business Card Marketing
Marketing a business may come in different forms. You may opt for print advertising or cash in on th - Putting Junkmail to Good Use in Your Company
The junkmail that you receive is just tipping over with treasure for you to use in your company. It - Create A Natural Looking Stone Wall With Joint Compound And A Stencil
Interior stone walls are expensive, tedious to install, and needless to say; a back breaking experie - Eyes Wide on the Internet
How could I get tired of advertising seminars or conferences? Not only can I count on scoring - Sports Betting Online
Online betting is just another rapidly growing diversion in the visual community. You will bet on th - Custom Banners Have the Power to Convince Target Audience
Are you eager to inform the masses about your new launch? It is quite obvious that you would really - Quartz Infrared Heaters: What's Not To Like?
In case you haven't heard, quartz infrared heaters are the "hot" item this heating season. Although