Scientists find glitch in common digital security system

Subscribe to Oneindia News

Washington, Mar 7 (ANI): Computer scientists at University of Michigan have found a major flaw in a most common digital security technique used to protect both media copyright and Internet communications.

The experts claim that they could foil RSA authentication system by varying the voltage supply to the holder of the "private key," which would be the consumer's device in the case of copy protection and the retailer or bank in the case of Internet communication.

RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices.

Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science, said: "The RSA algorithm gives security under the assumption that as long as the private key is private, you can't break in unless you guess it. We've shown that that's not true."

Experts were able to extract the private key in approximately 100 hours using their voltage tweaking scheme, even though the private keys contain more than 1,000 digits of binary code.

It was found that varying the electric current stresses out the computer, which ends up making small errors in its communications with other clients.

Todd Austin, a professor in the Department of Electrical Engineering and Computer Science, said: "RSA authentication is so popular because it was thought to be so secure. Our work redefines the level of security it offers. It lowers the safety assurance by a significant amount.

"We've demonstrated that a fault-based attack on the RSA algorithm is possible. Hopefully, this will cause manufacturers to make a few small changes to their implementation of the algorithm. RSA is a good algorithm and I think, ultimately, it will survive this type of attack."

The paper titled 'Fault-based Attack of RSA Authentication' will be presented at the upcoming Design, Automation and Test in Europe (DATE) conference in Dresden on March 10. (ANI)

Please Wait while comments are loading...