[Cryptography] RNG exploits are stealthy

Philipp Gühring pg at futureware.at
Fri Feb 14 16:52:38 EST 2014


Hi,

> Because this attack is stealthy.  Rigidized interrupt timing is
> invisible to the users, invisible to the sysadmin, barely visible to
> the running OS, and not specific to the OS running under the VM or
> SMM.  It generates no Internet traffic -- at all.  It works with each
> new operating system release.  Yet it could allow a remote attacker
> halfway across the net -- like NSA -- do a successful brute-force
> search for keys generated from that interrupt timing.

One of the candidates for this kind of attack I stumbled across lately is
rigidized interrupt handling with the potential cover-up to "save battery
power".
The argumentation line goes like this:
The CPUs currently have various different sleep-states, and the longer and
deeper they can sleep, the less energy they need. So the best thing is to
save battery is to maximize the time between the interrupts. How to this?
There are interrupts that are so regular, that they can be planned, by
configuring the devices accordingly.
And there are some interrupts that can be delayed a little without any
problems.
The idea now is to synchronize those regular interrupts and/or to delay
interrupts where necessary.
So in the name of battery saving, some people actually developed interrupt
rigidizing beasts:

http://www.researchgate.net/publication/235679705_Improving_Energy_Efficiency_for_Mobile_Platforms_by_Exploiting_Low-power_Sleep_States/file/32bfe512808a1e1f23.pdf

Best regards,
Philipp



More information about the cryptography mailing list