Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

RSA 1024-bit private key encryption cracked

Researchers find weakness in security system

Article comments

Three University of Michigan computer scientists say they have found a way to exploit a weakness in RSA security technology used to protect everything from media players to smartphones and ecommerce servers.

RSA authentication is susceptible, they say, to changes in the voltage supply to a private key holder. The researchers – Andrea Pellegrini, Valeria Bertacco and Todd Austin - outline their findings in a paper titled “Fault-based attack of RSA authentication”  to be presented 10 March at the Design, Automation and Test in Europe conference.

"The RSA algorithm gives security under the assumption that as long as the private key is private, you can't break in unless you guess it. We've shown that that's not true," said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science, in a statement

The RSA algorithm was introduced in a 1978 paper outlining the public-key cryptosystem. The annual RSA security conference is being held this week in San Francisco.

While guessing the 1,000-plus digits of binary code in a private key would take unfathomable hours, the researchers say that by varying electric current to a secured computer using an inexpensive purpose-built device they were able to stress out the computer and figure out the 1,024-bit private key in about 100 hours – all without leaving a trace.

The researchers in their paper outline how they made the attack on a SPARC system running Linux. They also say they have come up with a solution, which involves a cryptographic technique called salting that involves randomly juggling a private key's digits.

The research is funded by the National Science Foundation and the Gigascale Systems Research Center



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *