FaultBased
Attack of RSA Authentication
Andrea Pellegrini, Valeria Bertacco and Todd Austin
University of Michigan
{apellegrini, valeria, austin}@umich.edu
sources with pics http://www.eecs.umich.edu/~taustin/p...DATE10-rsa.pdf

ABSTRACT
For any computing system to be secure, both hardware and software
have to be trusted. If the hardware layer in a secure system
is compromised, not only it would be possible to extract secret information
about the software, but it would also be extremely hard
for the software to detect that an attack is underway. In this work
we detail a complete end-to-end fault-attack on a microprocessor
system and practically demonstrate how hardware vulnerabilities
can be exploited to target secure systems. We developed a theoretical
attack to the RSA signature algorithm, and we realized it
in practice against an FPGA implementation of the system under
attack. To perpetrate the attack, we inject transient faults in the target
machine by regulating the voltage supply of the system. Thus,
our attack does not require access to the victim system’s internal
components, but simply proximity to it.
The paper makes three important contributions: first, we develop
a systematic fault-based attack on the modular exponentiation algorithm
for RSA. Second, we expose and exploit a severe flaw on
the implementation of the RSA signature algorithm on OpenSSL, a
widely used package for SSL encryption and authentication. Third,
we report on the first physical demonstration of a fault-based security
attack of a complete microprocessor system running unmodified
production software: we attack the original OpenSSL authentication
library running on a SPARC Linux system implemented
on FPGA, and extract the system’s 1024-bit RSA private key in
approximately 100 hours.
1. INTRODUCTION
Public-key cryptography schemes (Figure 1.a) are widely adopted
wherever there is a need to secure or authenticate confidential data
on a public communication network. When deployed with sufficiently
long keys, these algorithms are believed to be unbreakable.
Strong cryptographic algorithms were first introduced to secure
communications among high performance computers that required
elevated confidentiality guarantees. Today, advances in semiconductor
technology and hardware design have made it possible to
execute these algorithms in reasonable time even on consumer systems,
thus enabling the mass-market use of strong encryption to
ensure privacy and authenticity of individuals’ personal communications.
Consequently, this transition has enabled the proliferation
of a variety of secure services, such as online banking and shopping.
Examples of consumer electronics devices that routinely rely
on high-performance public key cryptography are Blu-ray players,
smart phones, and ultra-portable devices. In addition, lowcost
cryptographic engines are mainstream components in laptops,
servers and personal computers. A key requirement for all these
hardware devices is that they must be affordable. As a result, they
commonly implement a straightforward design architecture that entails
a small silicon footprint and low-power profile.
Our research focuses on developing an effective attack on massmarket
crypto-chips. Specifically, we demonstrate an effective way
to perpetrate fault-based attacks on a microprocessor system in order
to extract the private key from the cryptographic routines that
it executes

Any one with a good linux system up for the challenge this does work we had to perform this attack to prove a theory of a class mates should still work with the way gay arc implemented there rsa poor college student also so the only time i have processing power like that is at school if someones is willing to try i will help and do most of the research with them i also have a theory on a man in the middle attack given us the authentication keys im attempting now will post result later