Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 11 MINUTES AGO.
You are here: Home / Network Security / Chip Design Could Subvert Encryption
Chip Design Flaw Could Subvert Encryption
Chip Design Flaw Could Subvert Encryption
By Richard Koman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
21
2007
Adi Shamir, a leading expert on computer cryptography, has posited that a new security risk might be dawning as computer chips get more and more complex. Shamir is a professor at the Weizmann Institute of Science in Israel and is the "S" is RSA.

The New York Times reported recently that Shamir circulated a research note to colleagues hypothesizing that a subtle math error in advanced computer chips could be recognized and exploited in a way that would break public-key cryptography systems, including RSA security.

Shamir said that if an intelligence organization discovered such a flaw, security software on a computer with a compromised chip could be "trivially broken with a single chosen message." The attacker would send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.

Trouble with Design Secrets

"Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually," Shamir wrote.

One problem, Shamir said, is that due to the top-secret nature of chip design, it would be impossible to verify that a manufacturer's chip was not flawed. "Even if we assume that Intel had learned its lesson and meticulously verified the correctness of its multipliers," he said, "there are many smaller manufacturers of microprocessors who may be less careful with their design."

Andrew Storms, director of security operations for nCircle Network Security, emphasized that Shamir's work is hypothetical and intended for discussion among his peers.

"It's important to note that Shamir had not intended for his notes to be dispersed among large crowds," Storms wrote in an e-mail. "This was more of the case of him sending an interesting note among trusted colleagues." Times reporter John Markoff made the issue one for public discussion by reporting on it.

Still in a Theoretical Stage

"This is a hypothetical thought process at this time and if it hadn't come from Shamir, one of the co-inventors of RSA, then it would not be receiving so much attention," Storms said. "My guess is that Shamir is also reticent that this is now open to public discourse at this time."

The attack that Shamir postulated is "still in a theoretical stage," Storms said. This is why we have innovators like Shamir, who can help to invent a method to secure data and years later discover potential flaws with that method, he added. Storms said that, for the time being, there is no imminent threat and the fact that Shamir has done this research provides awareness to microchip producers to ensure new products are free of potential problems.

Jean-Jacques Quisquater, a cryptographic researcher at Louvain University in Belgium was quoted by the Times as saying that the remarkable thing about Shamir's note is that "Adi Shamir is saying that RSA is potentially vulnerable."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.