Sårbarhet i OpenSSL:s ECDSA-implementation

En ny tidsattack (timing attack) har uppdagats i OpenSSL:s implementation av Elliptic Curve Digital Signature Algorithm (ECDSA). Med hjälp av denna attack så är det möjligt att läsa ut den privata nyckeln via exempelvis protokollet TLS. Sårbarheten hittades av Billy Bob Brumley och Nicola Tuveri:

”For over two decades, timing attacks have been an active area of research within applied cryptography. These attacks exploit cryptosystem or protocol implementations that do not run in constant time. When implementing an elliptic curve cryptosystem that provides side-channel resistance, the scalar multiplication routine is a critical component. In such instances, one attractive method often suggested in the literature is Montgomery’s ladder that performs a fixed sequence of curve and field operations.

This paper describes a timing attack vulnerability in OpenSSL’s ladder implementation for curves over binary fields. We use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, we mount a lattice attack that recovers the private key.”

Läs även:

Remote Timing Attacks are Still Practical:
http://eprint.iacr.org/2011/232.pdf

Jonas Lejon

Om Jonas Lejon

En av sveriges främsta experter inom cybersäkerhet med över 20 års erfarenhet. Frågor? Kontakta mig på: [email protected] eller LinkedIn Twitter

Skriv en kommentar