News

RSA inventor: RSA standard made vulnerable through chip-design

Millions of computers running the RSA security standard could be vulnerable to hacking attacks because the design of modern processors makes it harder to detect bugs.

These flaws could be targeted by hackers to easily overcome encryption techniques like RSA, which is used worldwide to conduct on-line payments and transactions, said Adi Shamir, the founder of the RSA standard and the "S" in RSA.

He said design flaws which make their way into processors will become more likely as chip design becomes more complex and because chipmakers keep design specifications a trade secret,

"Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually", said Shamir in a research note.

Shamir revealed that causing a calculation error would make it possible for an attacker to break the protection of public key cryptography. If an intelligence organisation discovered such an error in a widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message".

He made no claim that such errors already exist or are already being exploited but said that the tiniest error in chip design could have a devastating impact even on public key cryptography if countermeasures were not taken.

"The main countermeasures had already been deployed by smart card makers to protect themselves from side channel attacks such as timing, power and fault attacks. These were not used so far in PC-based systems since PCs were believed to be immune to such attacks, and the countermeasures have considerable impact on performance," he said.

An Intel spokesman said that the flaw was a theoretical one and required a lot of contingencies and added that the company looked at everything when it came to processor design.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy