[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Fault-Based Attack of RSA Authentication



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

basile wrote:
> I thought this might be of interest to the list.   Pellegrini, Bertacco
> and Austin at U of Michigan have found an interesting way to deduce the
> secret key by fluctuating a device's power supply.  Its a minimal threat
> against servers, but against hand held devices its more practical.  The
> openssl people say there's an easy fix by salting.
Looks like against hand devices has already been done  ;-)
I submitted your links to my friend Barenghi of Politecnico di Milano
who is researching in this field: last year they ran this kind of
attack against a SPEAr Head200 development board, equipped with an
ARM926EJ-S running on Linux 2.6.15. Results on RSA attacks are published
here: http://home.dei.polimi.it/barenghi/files/FDTC2009.pdf
While he was at it, he also added that they'll publish soon newer
attacks against AES 128, 192 and 256, quite impressing stuff! Which has
just been pubblished as a technical report at:
http://eprint.iacr.org/2010/130

ciao!

- --
Marco Bonetti
Tor research and other stuff: http://sid77.slackware.it/
Slackintosh Linux Project Developer: http://workaround.ch/
Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/

My GnuPG key id: 0x0B60BC5F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuVBWUACgkQTYvJ9gtgvF98WQCeK5QfduAnAyG2BGljAr9hj0nC
wOgAoN+Dj5/yZy/3H7+/fLWa3pPhhfpm
=syNY
-----END PGP SIGNATURE-----
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/