Abstract
Fault attacks against cryptographic schemes as used in tamper- resistant devices have led to a vibrant research activity in the past. This area was recently augmented by the discovery of attacks even on the public key parts of asymmetric cryptographic schemes like RSA, DSA, and ECC. While being very powerful in principle, all existing attacks until now required very sophisticated hardware attacks to mount them practically - thus excluding them from being a critical break-once-run-everywhere attack.
In contrast, this paper develops a purely software-based fault attack against the RSA verification process. This novel attack consists in completely replacing the modulus by attacking the structures managing the public key material. This approach contrasts strongly with known attacks which merely change some bits of the original modulus by introducing hardware faults. It is important to emphasize that the attack described in this paper poses a real threat: we demonstrate the practicality of our new public key attack against the RSA-based verification process of a highly protected and widely deployed conditional access device - a set-top box from Microsoft used by many IPTV providers. Furthermore, we successfully applied our attack method against a 3G access point, leading to root access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. In: Proceedings of the IEEE 1994, pp. 370–382 (2006)
Biehl, I., Meyer, B., Müller, V.: Differential Fault Attacks on Elliptic Curve Cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)
Brier, E., Chevallier-Mames, B., Ciet, M., Clavier, C.: Why One Should Also Secure RSA Public Key Elements. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 324–338. Springer, Heidelberg (2006)
BT-Vision. STB Software Package (2010), http://ref-bootstrap.nevis.btopenworld.com/upgrade/upgrade-files/005/Philips_DiT9719_05_L3/1.6.25077.835/PKG.DIR
Bushing, Marcan: Console Hacking 2008: Wii Fail (2008), http://events.ccc.de/congress/2008/Fahrplan/events/2799.en.html
Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-Control-Data Attacks Are Realistic Threats. In: USENIX Security Symposium, pp. 177–192 (2005)
Gueron, S., Seifert, J.-P.: Is It Wise to Publish Your Public RSA Keys? In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 1–12. Springer, Heidelberg (2006)
Huang, A.: Hacking the Xbox. No Starch Press (2003)
Huang, A.: Xbox Hardware Hacking (2003), http://events.ccc.de/congress/2003/fahrplan/event/604.en.html
ITU. Abstract Syntax Notation One (ASN.1): Specification of basic notation (ITU-T Recommendation X.680). International Telecommunications Union, Nov. 2208
Jonsson, J., Kaliski, B.: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational) (February 2003)
Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)
Kleinjung, T., et al.: Factorization of a 768-bit RSA modulus. Cryptology ePrint Archive, 2010/006
Knuth, D.E.: The Art of Computer Programming, 3rd edn., vol. 2. Addison-Wesley (1997)
Lenstra, A.K., Hendrik, J., Lenstra, W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Berlin (1993)
Leyland, P.: The comp.security.pgp FAQ (1997), http://www.pgp.net/pgpnet/pgp-faq/#KEY-PUBLIC-KEY-FORGERY
Microsoft. Mediaroom, http://www.microsoft.com/mediaroom/you/
MIPS Technologies. MIPS32 Architecture (2008), http://www.mips.com/products/architectures/mips32/#specifications
Mitre. Common Vulnerabilities and Exposures: CVE-2006-4339, RSA Signature Forgery (2006), http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
Muir, J.A.: Seiferts RSA fault attack: Simplified analysis and generalizations. IACR Eprint archive (2005)
Naccache, D., Nguyên, P.Q., Tunstall, M., Whelan, C.: Experimenting with Faults, Lattices and the DSA. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 16–28. Springer, Heidelberg (2005)
National Institute of Standards and Technology. Secure Hash Standard. Federal Information Processing Standard (FIPS) 180-1 (April 1993)
National Institute of Standards and Technology. NIST’s Policy on Hash Functions (2008), http://csrc.nist.gov/groups/ST/hash/policy.html
Paar, C., Pelzl, J.: Understanding Cryptography. A Textbook for Students and Practitioners. Springer, Heidelberg (2010)
Plenkk. Pkgtool (2010), http://www.t-hack.com/wiki/index.php/Download_Update_Files
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)
Seifert, J.-P.: On authenticated computing and RSA-based authentication. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 122–127. ACM, New York (2005)
Ubiquisys. Residential femtocells, http://www.ubiquisys.com/residential-3g-femtocells
US-CERT. Vulnerability note vu#748355 (2002), http://www.kb.cert.org/vuls/id/748355
US-CERT. Technical cyber security alert ta04-041a (2004), http://www.us-cert.gov/cas/techalerts/TA04-041A.html
Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Zimmermann, P.: GMP-ECM, http://ecm.gforge.inria.fr/
Zimmermann, P.: Optimal parameters for ECM, http://www.loria.fr/~zimmerma/records/ecm/params.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Michéle, B., Krämer, J., Seifert, JP. (2012). Structure-Based RSA Fault Attacks. In: Ryan, M.D., Smyth, B., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2012. Lecture Notes in Computer Science, vol 7232. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29101-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-29101-2_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29100-5
Online ISBN: 978-3-642-29101-2
eBook Packages: Computer ScienceComputer Science (R0)