RSA inventor: RSA standard made vulnerable through chip-design

Millions of computers running the RSA security standard could be vulnerable to hacking attacks because the design of modern processors makes it harder to detect bugs.

Millions of computers running the RSA security standard could be vulnerable to hacking attacks because the design of modern processors makes it harder to detect bugs.

These flaws could be targeted by hackers to easily overcome encryption techniques like RSA, which is used worldwide to conduct on-line payments and transactions, said Adi Shamir, the founder of the RSA standard and the "S" in RSA.

He said design flaws which make their way into processors will become more likely as chip design becomes more complex and because chipmakers keep design specifications a trade secret,

"Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually", said Shamir in a research note.

Shamir revealed that causing a calculation error would make it possible for an attacker to break the protection of public key cryptography. If an intelligence organisation discovered such an error in a widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message".

He made no claim that such errors already exist or are already being exploited but said that the tiniest error in chip design could have a devastating impact even on public key cryptography if countermeasures were not taken.

"The main countermeasures had already been deployed by smart card makers to protect themselves from side channel attacks such as timing, power and fault attacks. These were not used so far in PC-based systems since PCs were believed to be immune to such attacks, and the countermeasures have considerable impact on performance," he said.

An Intel spokesman said that the flaw was a theoretical one and required a lot of contingencies and added that the company looked at everything when it came to processor design.




Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close