Skip to main content
SpringerLink
Log in

Structure-Based RSA Fault Attacks

  • Conference paper
Information Security Practice and Experience (ISPEC 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7232))

Abstract

Fault attacks against cryptographic schemes as used in tamper- resistant devices have led to a vibrant research activity in the past. This area was recently augmented by the discovery of attacks even on the public key parts of asymmetric cryptographic schemes like RSA, DSA, and ECC. While being very powerful in principle, all existing attacks until now required very sophisticated hardware attacks to mount them practically - thus excluding them from being a critical break-once-run-everywhere attack.

In contrast, this paper develops a purely software-based fault attack against the RSA verification process. This novel attack consists in completely replacing the modulus by attacking the structures managing the public key material. This approach contrasts strongly with known attacks which merely change some bits of the original modulus by introducing hardware faults. It is important to emphasize that the attack described in this paper poses a real threat: we demonstrate the practicality of our new public key attack against the RSA-based verification process of a highly protected and widely deployed conditional access device - a set-top box from Microsoft used by many IPTV providers. Furthermore, we successfully applied our attack method against a 3G access point, leading to root access.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. In: Proceedings of the IEEE 1994, pp. 370–382 (2006)

    Google Scholar 

  2. Biehl, I., Meyer, B., Müller, V.: Differential Fault Attacks on Elliptic Curve Cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Brier, E., Chevallier-Mames, B., Ciet, M., Clavier, C.: Why One Should Also Secure RSA Public Key Elements. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 324–338. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. BT-Vision. STB Software Package (2010), http://ref-bootstrap.nevis.btopenworld.com/upgrade/upgrade-files/005/Philips_DiT9719_05_L3/1.6.25077.835/PKG.DIR

  5. Bushing, Marcan: Console Hacking 2008: Wii Fail (2008), http://events.ccc.de/congress/2008/Fahrplan/events/2799.en.html

  6. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-Control-Data Attacks Are Realistic Threats. In: USENIX Security Symposium, pp. 177–192 (2005)

    Google Scholar 

  7. Gueron, S., Seifert, J.-P.: Is It Wise to Publish Your Public RSA Keys? In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 1–12. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Huang, A.: Hacking the Xbox. No Starch Press (2003)

    Google Scholar 

  9. Huang, A.: Xbox Hardware Hacking (2003), http://events.ccc.de/congress/2003/fahrplan/event/604.en.html

  10. ITU. Abstract Syntax Notation One (ASN.1): Specification of basic notation (ITU-T Recommendation X.680). International Telecommunications Union, Nov. 2208

    Google Scholar 

  11. Jonsson, J., Kaliski, B.: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational) (February 2003)

    Google Scholar 

  12. Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)

    Google Scholar 

  13. Kleinjung, T., et al.: Factorization of a 768-bit RSA modulus. Cryptology ePrint Archive, 2010/006

    Google Scholar 

  14. Knuth, D.E.: The Art of Computer Programming, 3rd edn., vol. 2. Addison-Wesley (1997)

    Google Scholar 

  15. Lenstra, A.K., Hendrik, J., Lenstra, W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Berlin (1993)

    MATH  Google Scholar 

  16. Leyland, P.: The comp.security.pgp FAQ (1997), http://www.pgp.net/pgpnet/pgp-faq/#KEY-PUBLIC-KEY-FORGERY

  17. Microsoft. Mediaroom, http://www.microsoft.com/mediaroom/you/

  18. MIPS Technologies. MIPS32 Architecture (2008), http://www.mips.com/products/architectures/mips32/#specifications

  19. Mitre. Common Vulnerabilities and Exposures: CVE-2006-4339, RSA Signature Forgery (2006), http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

  20. Muir, J.A.: Seiferts RSA fault attack: Simplified analysis and generalizations. IACR Eprint archive (2005)

    Google Scholar 

  21. Naccache, D., Nguyên, P.Q., Tunstall, M., Whelan, C.: Experimenting with Faults, Lattices and the DSA. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 16–28. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. National Institute of Standards and Technology. Secure Hash Standard. Federal Information Processing Standard (FIPS) 180-1 (April 1993)

    Google Scholar 

  23. National Institute of Standards and Technology. NIST’s Policy on Hash Functions (2008), http://csrc.nist.gov/groups/ST/hash/policy.html

  24. Paar, C., Pelzl, J.: Understanding Cryptography. A Textbook for Students and Practitioners. Springer, Heidelberg (2010)

    MATH  Google Scholar 

  25. Plenkk. Pkgtool (2010), http://www.t-hack.com/wiki/index.php/Download_Update_Files

  26. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  27. Seifert, J.-P.: On authenticated computing and RSA-based authentication. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS 2005, pp. 122–127. ACM, New York (2005)

    Chapter  Google Scholar 

  28. Ubiquisys. Residential femtocells, http://www.ubiquisys.com/residential-3g-femtocells

  29. US-CERT. Vulnerability note vu#748355 (2002), http://www.kb.cert.org/vuls/id/748355

  30. US-CERT. Technical cyber security alert ta04-041a (2004), http://www.us-cert.gov/cas/techalerts/TA04-041A.html

  31. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Google Scholar 

  32. Zimmermann, P.: GMP-ECM, http://ecm.gforge.inria.fr/

  33. Zimmermann, P.: Optimal parameters for ECM, http://www.loria.fr/~zimmerma/records/ecm/params.html

Download references

Author information

Authors and Affiliations

  1. Security in Telecommunications, Technische Universität Berlin and Telekom Innovation Laboratories, Germany

    Benjamin Michéle, Juliane Krämer & Jean-Pierre Seifert

Authors
  1. Benjamin Michéle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juliane Krämer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Pierre Seifert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, University of Birmingham, UK

    Mark D. Ryan

  2. Toshiba Corporation, 1, Komukai-Toshiba–Cho, 212-8582, Saiwai-ku, Kawasaki, Japan

    Ben Smyth

  3. School of Computer Science & Software Engineering, University of Wollongong, Northfields Avenue, 2522, Wollongong, NSW, Australia

    Guilin Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Michéle, B., Krämer, J., Seifert, JP. (2012). Structure-Based RSA Fault Attacks. In: Ryan, M.D., Smyth, B., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2012. Lecture Notes in Computer Science, vol 7232. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29101-2_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29101-2_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29100-5

  • Online ISBN: 978-3-642-29101-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation