Cryptology Attacks: What’s New
A new attack on RSA called Simple Branch Prediction Analysis promises to reveal “almost all of the secret key bits” by executing a parallel spy process that only needs to watch a single execution of the RSA private key. Some more technical details show it to be a sophisticated, dangerous attack:
Namely, in the context of simple side-channel attacks, it is widely believed that equally balancing the operations after branches is a secure countermeasure against such simple attacks. Unfortunately, this is not true, as even such “balanced branch” implementations can be completely broken by our SBPA attacks. Moreover, despite sophisticated hardware-assisted partitioning methods such as memory protection, sandboxing or even virtualization, SBPA attacks empower an unprivileged process to successfully attack other processes running in parallel on the same processor.
If that weren’t bad enough, a rootkit now can be persisted in your PCI device. A paper called Implementing and Detecting a PCI Rootkit details how PCI cards execute bios code which can be flashed from the windows software if the user is running as an administrator. Combined with a remote exploit, this could lead to a remote rootkit injection. Also, given that PCI BIOS software is not verified in any way, the rootkit would difficult to detect.
This entry was posted on Sunday, November 19th, 2006 at 12:58 am and is tagged with remote exploit, dangerous attack, prediction analysis, memory protection, sophisticated hardware, bios software, branch prediction, rootkit, key bits, pci cards, pci device, countermeasure, private key, windows software, technical details, weren, execution, spy, side channel attacks, simple branch. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.
