Researchers have closed a cybersecurity vulnerability that could have allowed hackers to retrieve the secret exponent of an encryption key in OpenSSL, a popular encryption program used for secure interactions on websites and for signature authentication.
Recently, attackers sought to exploit a security vulnerability in OpenSSL by briefly listening in on unintended side channel signals from smartphones. The attackers took advantage of programming that was, ironically, designed to provide better security.
Side channel attacks extract sensitive information from signals created by electronic activity within computing devices during normal operation, that includes electromagnetic emanations created by current flows within the devices computational and power-delivery circuitry, variation in power consumption and sound, temperature and chassis potential variation.
The attack analyzed signals in a relatively narrow—40 MHz wide—band around the phones' processor clock frequencies, which are close to one GHz. They were able to take advantage of a uniformity in programing that aims to overcome previous vulnerabilities involving variations in how the programs operate.
A team from Georgia Institute of Technology successfully attacked the phones and an embedded system board— which all used ARM processors—and listened in on two different Android phones using probes located near but not touching the phones. They proposed a software fix that was adopted in versions of the program made available in May.
“Any variation is essentially leaking information about what the program is doing, but the constancy allowed us to pinpoint where we needed to look,” Milos Prvulovic, the associate chair of Georgia Tech's School of Computer Science, said in a statement. “Once we got the attack to work, we were able to suggest a fix for it fairly quickly. Programmers need to understand that portions of the code that are working on secret bits need to be written in a very particular way to avoid having them leak.”
The attackers used intercepted electromagnetic signals from the phones, which could be analyzed with a small device. However, unlike previous attacks that require analyzing several logins, this attack was conducted by just listening in on one decryption cycle and was the first attack that showed a single recoding of a cryptography key trace was enough to break 2,048 bits of a private RSA key.
“This is something that could be done at an airport to steal people's information without arousing suspicion and makes the so-called 'coffee shop attack' much more realistic,” Prvulovic said. “The designers of encryption software now have another issue that they need to take into account because continuous snooping over long periods of time would no longer be required to steal this information.”
The team next plans to address other software that could have similar vulnerabilities and then develop a program that would allow automated analysis of security vulnerabilities.
“Our goal is to automate this process so it can be used on any code,” Alenka Zajic, an associate professor in Georgia Tech's School of Electrical and Computer Engineering, said in a statement. “We'd like to be able to identify portions of code that could be leaky and require a fix. Right now, finding these portions requires considerable expertise and manual examination."