The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Differential Fault Attacks on Elliptic Curve Cryptosystems
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
On authenticated computing and RSA-based authentication
Proceedings of the 12th ACM conference on Computer and communications security
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Understanding Cryptography: A Textbook for Students and Practitioners
Understanding Cryptography: A Textbook for Students and Practitioners
Why one should also secure RSA public key elements
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Is it wise to publish your public RSA keys?
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Experimenting with faults, lattices and the DSA
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Hi-index | 0.00 |
Fault attacks against cryptographic schemes as used in tamper- resistant devices have led to a vibrant research activity in the past. This area was recently augmented by the discovery of attacks even on the public key parts of asymmetric cryptographic schemes like RSA, DSA, and ECC. While being very powerful in principle, all existing attacks until now required very sophisticated hardware attacks to mount them practically - thus excluding them from being a critical break-once-run-everywhere attack. In contrast, this paper develops a purely software-based fault attack against the RSA verification process. This novel attack consists in completely replacing the modulus by attacking the structures managing the public key material. This approach contrasts strongly with known attacks which merely change some bits of the original modulus by introducing hardware faults. It is important to emphasize that the attack described in this paper poses a real threat: we demonstrate the practicality of our new public key attack against the RSA-based verification process of a highly protected and widely deployed conditional access device - a set-top box from Microsoft used by many IPTV providers. Furthermore, we successfully applied our attack method against a 3G access point, leading to root access.