New Timing Attack Against RSA
A new paper describes a timing attack against RSA, one that bypasses existing security measures against these sorts of attacks. The attack described is optimized for the Pentium 4, and is particularly suited for applications like DRM.
Meta moral: If Alice controls the device, and Bob wants to control secrets inside the device, Bob has a very difficult security problem. These “side-channel” attacks—timing, power, radiation, etc.—allow Alice to mount some very devastating attacks against Bob’s secrets.
I’m going to write more about this for Wired next week, but for now you can read the paper, the Slashdot thread, and the essay I wrote in 1998 about side-channel attacks (also this academic paper).
greg • November 21, 2006 8:32 AM
Its an interesting attack. In all liklyhood this can be extended to other similar arch types like dual cores. The big question is what about vitual servers?
Also as a defence, what about “slicing” the RSA with either other RSA operations with different keys or even extra instructions that affect the branch predictions, putting it all on the same thread/core? ie you take the performance hit to prevent the attack.