Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Researchers find weakness in common digital security system

04.03.2010
The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered.

RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety of their customers' information online.

The scientists found they could foil the security system by varying the voltage supply to the holder of the "private key," which would be the consumer's device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly unlikely that a hacker could use this approach on a large institution, the researchers say. These findings would be more likely to concern media companies and mobile device manufacturers, as well as those who use them.

Andrea Pellegrini, a doctoral student in the Department of Electrical Engineering and Computer Science, will present a paper on the research at the upcoming Design, Automation and Test in Europe (DATE) conference in Dresden on March 10.

"The RSA algorithm gives security under the assumption that as long as the private key is private, you can't break in unless you guess it. We've shown that that's not true," said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science.

These private keys contain more than 1,000 digits of binary code. To guess a number that large would take longer than the age of the universe, Pellegrini said. Using their voltage tweaking scheme, the U-M researchers were able to extract the private key in approximately 100 hours.

They carefully manipulated the voltage with an inexpensive device built for this purpose. Varying the electric current essentially stresses out the computer and causes it to make small mistakes in its communications with other clients. These faults reveal small pieces of the private key. Once the researchers caused enough faults, they were able to reconstruct the key offline.

This type of attack doesn't damage the device, so no tamper evidence is left.

"RSA authentication is so popular because it was thought to be so secure," said Todd Austin, a professor in the Department of Electrical Engineering and Computer Science. "Our work redefines the level of security it offers. It lowers the safety assurance by a significant amount."

Although this paper only discusses the problem, the professors say they've identified a solution. It's a common cryptographic technique called "salting" that changes the order of the digits in a random way every time the key is requested.

"We've demonstrated that a fault-based attack on the RSA algorithm is possible," Austin said. "Hopefully, this will cause manufacturers to make a few small changes to their implementation of the algorithm. RSA is a good algorithm and I think, ultimately, it will survive this type of attack."

The paper is called "Fault-based Attack of RSA Authentication." This research is funded by the National Science Foundation and the Gigascale Systems Research Center.

Todd Austin: www.eecs.umich.edu/~taustin

Valeria Bertacco: www.eecs.umich.edu/~valeria

Andrea Pellegrini: www.rackham.umich.edu/giving/spotlight/andrea_pellegrini

Full text of paper: www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf

DATE conference: www.date-conference.com

The University of Michigan College of Engineering is ranked among the top engineering schools in the country. At $160 million annually, its engineering research budget is one of the largest of any public university. Michigan Engineering is home to 11 academic departments and a National Science Foundation Engineering Research Center. The college plays a leading role in the Michigan Memorial Phoenix Energy Institute and hosts the world-class Lurie Nanofabrication Facility. Michigan Engineering's premier scholarship, international scale and multidisciplinary scope combine to create The Michigan Difference.

Nicole Casal Moore | EurekAlert!
Further information:
http://www.umich.edu
http://www.engin.umich.edu

More articles from Information Technology:

nachricht Construction of practical quantum computers radically simplified
05.12.2016 | University of Sussex

nachricht UT professor develops algorithm to improve online mapping of disaster areas
29.11.2016 | University of Tennessee at Knoxville

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Electron highway inside crystal

Physicists of the University of Würzburg have made an astonishing discovery in a specific type of topological insulators. The effect is due to the structure of the materials used. The researchers have now published their work in the journal Science.

Topological insulators are currently the hot topic in physics according to the newspaper Neue Zürcher Zeitung. Only a few weeks ago, their importance was...

Im Focus: Significantly more productivity in USP lasers

In recent years, lasers with ultrashort pulses (USP) down to the femtosecond range have become established on an industrial scale. They could advance some applications with the much-lauded “cold ablation” – if that meant they would then achieve more throughput. A new generation of process engineering that will address this issue in particular will be discussed at the “4th UKP Workshop – Ultrafast Laser Technology” in April 2017.

Even back in the 1990s, scientists were comparing materials processing with nanosecond, picosecond and femtosesecond pulses. The result was surprising:...

Im Focus: Shape matters when light meets atom

Mapping the interaction of a single atom with a single photon may inform design of quantum devices

Have you ever wondered how you see the world? Vision is about photons of light, which are packets of energy, interacting with the atoms or molecules in what...

Im Focus: Novel silicon etching technique crafts 3-D gradient refractive index micro-optics

A multi-institutional research collaboration has created a novel approach for fabricating three-dimensional micro-optics through the shape-defined formation of porous silicon (PSi), with broad impacts in integrated optoelectronics, imaging, and photovoltaics.

Working with colleagues at Stanford and The Dow Chemical Company, researchers at the University of Illinois at Urbana-Champaign fabricated 3-D birefringent...

Im Focus: Quantum Particles Form Droplets

In experiments with magnetic atoms conducted at extremely low temperatures, scientists have demonstrated a unique phase of matter: The atoms form a new type of quantum liquid or quantum droplet state. These so called quantum droplets may preserve their form in absence of external confinement because of quantum effects. The joint team of experimental physicists from Innsbruck and theoretical physicists from Hannover report on their findings in the journal Physical Review X.

“Our Quantum droplets are in the gas phase but they still drop like a rock,” explains experimental physicist Francesca Ferlaino when talking about the...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

ICTM Conference 2017: Production technology for turbomachine manufacturing of the future

16.11.2016 | Event News

Innovation Day Laser Technology – Laser Additive Manufacturing

01.11.2016 | Event News

#IC2S2: When Social Science meets Computer Science - GESIS will host the IC2S2 conference 2017

14.10.2016 | Event News

 
Latest News

Researchers identify potentially druggable mutant p53 proteins that promote cancer growth

09.12.2016 | Life Sciences

Scientists produce a new roadmap for guiding development & conservation in the Amazon

09.12.2016 | Ecology, The Environment and Conservation

Satellites, airport visibility readings shed light on troops' exposure to air pollution

09.12.2016 | Health and Medicine

VideoLinks
B2B-VideoLinks
More VideoLinks >>>