Recent research has demonstrated that common but highly secure public/private key encryption methods are vulnerable to fault-based assault.
This fundamentally means that it is now practical to crack the coding systems that they trust every day: the security that banks offer for web banking, the coding application that they depend on for business emails, the security packages that they buy off the shelf in our computer superstores. How can that be feasible?
Well, various teams of researchers have been working on this, but the first successful check assaults were by a group at the University of California. They didn't need to know about the computer hardware - they only needed to generate transient (i.e. temporary or fleeting) glitches in a computer whilst it was processing encrypted knowledge. Then, by analyzing the output knowledge they identified incorrect outputs with the faults they created & then worked out what the original 'data' was.
Modern security proprietary version is named RSA) depends on a public key & a private key. These encryption keys are 1024 bit & use giant prime numbers which are combined by the application. The issue is like that of cracking a safe - no safe is absolutely secure, but the better the safe, then the more time it takes to crack it. It is been taken for granted that security based on the 1024 bit key would take much time to crack, even with all the computers on earth. The latest research has shown that decoding can be achieved in a few days, & even faster if more computing power is used.
How do they crack it?
Modern computer memory & CPU chips do are so miniaturized that they are liable to occasional faults, but they are designed to self-correct when, for example, a cosmic ray disrupts a memory location in the chip (error correcting memory). Ripples in the power supply can also cause short-lived (transient) faults in the chip. Such faults were the basis of the crypto attack in the University of California.
Note that the check team did not need access to the internals of the computer, only to be 'in proximity' to it, i.e. to affect the power supply.
Have you heard about the EMP effect of a nuclear explosion? An EMP (Electromagnetic Pulse) is a ripple in the earth's innate electromagnetic field. It may be comparatively localized depending on the size & exact type of bomb used. Such pulses could even be generated on a much smaller scale by an electromagnetic pulse gun. A little EMP gun could use that principle locally & be used to generate the transient chip faults that could then be monitored to crack encryption.
There is final twist that affects how quickly encryption keys can be broken.
The level of faults to which integrated circuit chips are susceptible depends on the quality of their manufacture, & no chip is ideal. Chips can be manufactured to offer higher fault rates, by carefully introducing contaminants in the work of manufacture. Chips with higher fault rates could speed up the code-breaking method.
Cheap chips, slightly more susceptible to transient faults than the average, manufactured on an immense scale, could become widespread. China produces memory chips (& computers) in giant quantities. The implications could be serious.
Tidak ada komentar:
Posting Komentar