Randomized algorithms
Algorithmic number theory
Authenticated Operation of Open Computing Devices
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
On Generation of Probable Primes By Incremental Search
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Computer
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A new CRT-RSA algorithm secure against bellcore attacks
Proceedings of the 10th ACM conference on Computer and communications security
ACM Transactions on Embedded Computing Systems (TECS)
Trusted Computing Platforms: Design and Applications
Trusted Computing Platforms: Design and Applications
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Fault Attacks on Public Key Elements: Application to DLP-Based Schemes
EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
The Carry Leakage on the Randomized Exponent Countermeasure
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Perturbating RSA Public Keys: An Improved Attack
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Fault Attacks on RSA Public Keys: Left-To-Right Implementations Are Also Vulnerable
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Securing RSA against Fault Analysis by Double Addition Chain Exponentiation
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Safe-error attack on SPA-FA resistant exponentiations using a HW modular multiplier
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Public key perturbation of randomized RSA implementations
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
A new and extended fault analysis on RSA
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Modulus fault attacks against RSA-CRT signatures
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Seifert's RSA fault attack: simplified analysis and generalizations
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Why one should also secure RSA public key elements
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Is it wise to publish your public RSA keys?
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Fault analysis of the NTRUSign digital signature scheme
Cryptography and Communications
Structure-Based RSA fault attacks
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
| Hi-index | 0.00 |
This paper presents a novel hardware attack against RSA-based authentication of programs. Like the seminal paper from [10] it exploits the attacker's ability to arbitrarily tamper with a computational device during its data processing. But, contrary to [10] our method targets the RSA signature verification which processes only public data. Surprisingly, we prove how to let the RSA verification process accept signatures (with high probability and assuming the Riemann Hypothesis) of arbitrary code --- signed with our own self-created private key. While our attack is so far only theoretical, its practical feasibility has been already implicitly confirmed, cf. [6]. In fact, through real experiments with tamper-resistant devices [4] discovered the following caveat being at the heart of our vulnerability: the most often observed fault during RSA-computations exposed to glitch attacks is the erroneous modification of the moduli. Moreover, our attack relies only upon the simplest and most easiest practically implementable fault induction method described by [8]. Our idea is somehow inspired by practiced methods circumventing the FLASH Boot ROM authentication mechanism of the Xbox due to F. Lehner, cf[17]. Our attack can be interpreted as the extrapolation of the mathematical foundation underlying those Xbox vulnerabilities.