informa
/
Risk
News

Using Chip Malfunction To Leak Private Keys

Black Hat researcher shows attackers could manipulate Linux machines running Open SSL and RSA encryption to gain access to authentication encryption keys for spoofing
Many financial institutions and other security-conscious organizations rely on the RSA Algorithm in encrypted authentication applications to not only authenticate users are who they say they are, but also the other way around -- to assure users they are interacting with their vendor's website rather than a spoof. Fundamental to this encrypted method of assurance is that the RSA private key held by the secured organization always remain a secret. This week at Black Hat, a researcher from University of Michigan will show how small electrical malfunctions in server processor chips can make it possible for attackers to quietly glean the contents of an entire private key.

Click here for more of Dark Reading's Black Hat articles.

"We basically made the hardware temporarily fail and through that the system gives incorrect signed messages from which we can then extract a private key," says Valeria Bertacco, associate professor of electrical engineering and computer science at University of Michigan, summing up the work she's presenting on at Black Hat.

Bertacco says she and her team built on theoretical work done by researchers in Frankfurt who found that if a server encrypting the message with a private key executed a certain mistake, it would send to the client an incorrectly encrypted message that the client could use to extract a few bits of the private key.

At the time, those researchers believed such a small mistake and small leak would prove difficult to reproduce. But Bertacco and her team were able to reproduce those errors on Linux servers they built running an Open SSL library and RSA encryption.

"The way we do that is making the transistors in the machine that runs the server fail every now and then," she says, explaining that they did this through two different methods, by tinkering with the voltage fed to the chip and also by increasing the temperature at the chip socket.

"The technique we used the first time around was by lowering the power voltage on the system, so instead of operating at the correct voltage, it was operating a little bit of a lower voltage to get some mistakes sometimes," she says.

Not all the errors that the server produced were the errors the team was looking for. In fact, it had to collect 8,000 erroneous messages to get about 800 of the type they wanted.

"But those 800 were good enough to get us the entire 1024-bit private key," she says.

Many would argue that such a method poses a low risk to secured organizations because attackers wouldn't have control over a server's voltage. But Bertacco says the research has applicability on embedded devices that depend on encrypted authentication protocols.

"People who attack systems using this type of technique can definitely start attacking common machines that use embedded systems that use Linux and use authentication: DVD players, Playstations, even automobiles," she says.

Additionally, the second vulnerability that would create the right kind of errors could be exploited remotely. She reports that an overheated processor within a very specific temperature range created the same effect as lowering the voltage. This is a dangerous condition considering the number of overheated servers present in data centers around the world.

"That's one of the main problems in data centers. They're often overheated," she says. "I might not know which servers, but if I'm careful enough to look around I'll find some. So that's actually a situation where I can exploit a remote server for this type of attack."

When it comes to protecting against these types of attack, the theory is simple, she says. The server should conduct integrity checking of the message it sends to make sure that it isn't erroneous or at least be using some sort of blinding technique to protect from such a data leak.

"It's not that complicated but doing these things would require more computing resources and sometimes people are pretty sensitive to the response time of the server," she says.

At the moment, OpenSSL has no specific patch against her attack, Bertacco says, but if a user encrypts using its top-level function, RSA_private_decrypt, and the library is compiled with blinding enabled then they would be protected from this kind of attack as well as timing-based attacks. "However, if blinding is disabled, or if a user called directly the exponentiation function--RSA_eay_mod_exp--then the library provides no protection against the attack, even in its most recent version," she says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading:
Editors' Choice
Brad Moldenhauer, CISO – Americas at Zscaler
Kelly Sheridan, Senior Editor