A New Type Of Code Breaking Is Here

By:


Recently, testing has shown that everyday but highly secure public/private key cryptographic methods are vulnerable to fault-based attack.

This basically means that it is now practical to crack the security that we rely on daily: the systems that banks offer for internet banking, the coding software that we rely on for business emails, the security packages that we buy off the shelf in our PC supermarkets. How can that be?

Well, various teams of researchers have been working on this, and the first successful test attacks were by a team at the University of Michigan. Knowledge of the computer hardware was not required - all they needed to do was to create transient (i.e. temporary or fleeting) glitches in the computer whilst it was processing encrypted data. Then, by analyzing the output data and using high power processing, they worked out what the original 'data' was.

Modern security - the so-called AES alogrithm - relies on a public key and a private key. These keys are 1024 bit and use massive prime numbers which are combined by the software. The problem is just like that of cracking a safe - no safe is absolutely secure, but the better the safe, then the longer it takes to crack it. Until now, it has been assumed that security based on the 1024 bit key would take too much time to crack, even with all the computing power on the planet. The Michigan group (and others) has shown that decoding can be achieved in a few days, and this could be speeded up with more computing power and higher fault rates.

How do they crack it?

Modern computer memory and CPU chips do not run smoothly all the time , but they are designed to self-correct (error correcting memory). Ripples in the power supply can also cause short-lived (transient) faults in the chip. Such faults were induced as the basis of the cryptoattack in the University of Michigan.

Note that the test team did not need access to the internals of the computer, only to be 'in proximity' to it, i.e. to affect the power supply.

Have you heard about the EMP effect of a nuclear explosion? An EMP (Electromagnetic Pulse) is a ripple in the earth's innate electromagnetic field. It may be widespread depending on the size and precise nature of the bomb used. Such pulses could also be generated on a much smaller scale by an electromagnetic pulse gun. A small EM pulse gun could generate that effect and be directed to create the transient chip glitches that could then be monitored to decode the secure data.

There is one final twist that affects how quickly encryption keys can be cracked.

The frequency of faults to which integrated circuit chips are susceptible depends on the quality of their manufacture, and no chip is perfect. The flip side is that chips can be manufactured to offer higher fault rates, by injecting contaminants during their production. Such chips would make code-breaking easier.

Cheap chips, slightly more susceptible to transient faults than the average, manufactured on a huge scale, could become widespread. China produces memory and processing chips (and computers) in vast quantities. The implications could be serious.

About the Author:
James Marinero projects modern technology into thrillers such as Gate of Tears - code breaking, NATO and China in conflict in the air using the latest technology. How will the Chinese J20 Annihilator perform in action? More of James's background articles at his site.



Article Originally Published On: http://www.articlesnatch.com


Tags: , , , , , , , ,

|

Loading...
Related....
Videos...

Recent Computers-and-Technology Articles

Comments

Still can't find what you are looking for? Search for it!

Loading

Site Navigation:

Copyright 2005-2011 ArticleSnatch, LLC - All Rights Reserved.
Privacy Policy | Terms of Service.