Computer scientists at the University of Michigan have found a way to uncover the secret cryptographic keys of devices secured with the OpenSSL crypto library. By modifying the current running through a device’s power supply as it processed encrypted data, researchers were able to extrapolate small bits of the device’s private crypto key. After repeated interventions, they were successful in assembling the entire 1024-bit key.

According to a recent article on The Register,

The attack is enabled by what the researchers described as a “severe vulnerability” in the OpenSSL innards that carry out authentication based on the RSA public key encryption algorithm. It resides in the so-called fixed window exponentiation algorithm of the open-source crypto library, which is used when errors arise. By triggering a single-bit error in a multiplication operation, the scientists were able to force OpenSSL to divulge 4 bits of the secret key.

Once they gathered about 8,800 malformed messages from the targeted device, they fed the data into an 81-machine cluster of 2.4 GHz Pentium-4 systems running a custom-designed algorithm…and were able to extract its 1024-bit private key in 104 hours.

The Register reports that an OpenSSL representative has confirmed that a patch is currently in development.

Tags: openssl, security

This entry was posted on Monday, March 8th, 2010 at 7:48 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.