Structure-Based RSA Fault Attacks

Fault attacks against cryptographic schemes as used in tamper- resistant devices have led to a vibrant research activity in the past. This area was recently augmented by the discovery of attacks even on the public key parts of asymmetric cryptographic schemes like RSA, DSA, and ECC. While being very powerful in principle, all existing attacks until now required very sophisticated hardware attacks to mount them practically - thus excluding them from being a critical break-once-run-everywhere attack. In contrast, this paper develops a purely software-based fault attack against the RSA verification process. This novel attack consists in completely replacing the modulus by attacking the structures managing the public key material. This approach contrasts strongly with known attacks which merely change some bits of the original modulus by introducing hardware faults. It is important to emphasize that the attack described in this paper poses a real threat: we demonstrate the practicality of our new public key attack against the RSA-based verification process of a highly protected and widely deployed conditional access device - a set-top box from Microsoft used by many IPTV providers. Furthermore, we successfully applied our attack method against a 3G access point, leading to root access.

[1]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[4]  Jean-Pierre Seifert,et al.  On authenticated computing and RSA-based authentication , 2005, CCS '05.

[5]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[6]  Dj Daniel Bernstein,et al.  A general number field sieve implementation , 1993 .

[7]  Christophe Clavier,et al.  Why One Should Also Secure RSA Public Key Elements , 2006, CHES.

[8]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[9]  Yongge Wang,et al.  Public Key Cryptography Standards: PKCS , 2012, ArXiv.

[10]  James A. Muir,et al.  Seifert's RSA Fault Attack: Simplified Analysis and Generalizations , 2006, ICICS.

[11]  Serge Vaudenay Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23-26, 2005, Proceedings , 2005, Public Key Cryptography.

[12]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[13]  Andrew bunnie Huang Hacking the Xbox , 2003 .

[14]  Jean-Pierre Seifert,et al.  Is It Wise to Publish Your Public RSA Keys? , 2006, FDTC.

[15]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[16]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[17]  Christof Paar,et al.  Understanding Cryptography: A Textbook for Students and Practitioners , 2009 .

[18]  Neal Koblitz,et al.  Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology , 1996 .

[19]  Israel Koren,et al.  Fault Diagnosis and Tolerance in Cryptography, Third International Workshop, FDTC 2006, Yokohama, Japan, October 10, 2006, Proceedings , 2006, FDTC.

[20]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[21]  Luigi Lo Iacono Understanding Cryptography , 2018, CCNA® Security Study Guide.

[22]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[23]  Jakob Jonsson,et al.  Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.

[24]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[25]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[26]  Joan Hash,et al.  Security Guide for Interconnecting Information Technology Systems: Recommendations of the National Institute of Standards and Technology: NIST Special Publication 800-47 , 2002 .

[27]  P. T. Barry,et al.  Abstract syntax notation-one (ASN.1) , 1992 .

[28]  Arjen K. Lenstra,et al.  Factorization of a 768-Bit RSA Modulus , 2010, CRYPTO.

[29]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[30]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[31]  M. D. MacLaren The Art of Computer Programming. Volume 2: Seminumerical Algorithms (Donald E. Knuth) , 1970 .

[32]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[33]  David Naccache,et al.  Experimenting with Faults, Lattices and the DSA , 2005, Public Key Cryptography.

[34]  Jun Xu,et al.  Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.