1024-bit RSA Encryption Cracked

An amazing paper published by Andrea Pellegrini, Valeria Bertacco and Todd Austin entitled “Fault-Based Attack of RSA Authentication”, will be discussed on Design, Automation and Test conference in Europe. The authors claim to attack the RSA system by fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. The paper is available here.

So far the practical attack feasibility is pretty low, in fact the attacker needs to control the power adapter of the attacked machine, which means having physical control on hardwares. Of course when you have control on hardware there are tons of way easier and faster then forcing hardware faults to recover private key. Moreover David Naccache et Al. have already shown how is possible to share information utilizing covert channels like temperature, power pics and sound, but the concept described by Pellegrini is really interesting and innovative.

Finally I totally recommend this reading, pretty brilliant, easy to read and innovative concept of attack.