Author
|
Topic: Adding Math to List of Security Threats (Read 695 times) |
|
Walter Watts
Archon
Gender: 
Posts: 1571
Reputation: 8.89
Rate Walter Watts
Just when I thought I was out-they pull me back in
  
|
 |
Adding Math to List of Security Threats
« on: 2007-11-17 01:38:23 » |
 |
The New York Times
November 17, 2007
Adding Math to List of Security Threats
By JOHN MARKOFF
SAN FRANCISCO, Nov. 16 — One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.
Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors.
Historically, the risk has been demonstrated in incidents like the discovery of an obscure division bug in Intel’s Pentium microprocessor in 1994 and, more recently, in a multiplication bug in Microsoft’s Excel spreadsheet program, he wrote.
A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography.
Using this approach, a message can be scrambled using a publicly known number and then unscrambled with a secret, privately held number.
The technology makes it possible for two people who have never met to exchange information securely, and it is the basis for all kinds of electronic transactions.
Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be “trivially broken with a single chosen message.”
Executing the attack would require only knowledge of the math flaw and the ability to send a “poisoned” encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.
With this approach, “millions of PC’s can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,” Mr. Shamir wrote.
The research note is significant, cryptographers said, in part because of Mr. Shamir’s role in designing the RSA public key algorithm, software that is widely used to protect e-commerce transactions from hackers.
“The remarkable thing about this note is that Adi Shamir is saying that RSA is potentially vulnerable,” said Jean-Jacques Quisquater, a professor and cryptographic researcher at the Université Catholique de Louvain in Belgium.
Mr. Shamir is the S in RSA; he, Ronald Rivest and Leonard Adleman developed it in 1977.
Because the exact workings of microprocessor chips are protected by laws governing trade secrets, it is difficult, if not impossible, to verify that they have been correctly designed, Mr. Shamir wrote.
“Even if we assume that Intel had learned its lesson and meticulously verified the correctness of its multipliers,” he said, “there are many smaller manufacturers of microprocessors who may be less careful with their design.”
The class of problem that Mr. Shamir described has been deeply explored by cryptography experts, said Paul Kocher, who is president of Cryptography Research, a consulting and design firm in San Francisco. However, he added that it illustrated how small flaws could subvert even the strongest security.
An Intel spokesman noted that the flaw was a theoretical one and something that required a lot of contingencies.
“We appreciate these and we look at everything,” said George Alfs, an Intel spokesman.
In e-mail correspondence after he sent the note, Mr. Shamir said he had no evidence that anyone is using an attack like the one he described.
Copyright 2007 The New York Times Company
|
Walter Watts
Tulsa Network Solutions, Inc.
No one gets to see the Wizard! Not nobody! Not no how!
|
|
|
Hermit
Archon
Posts: 4287
Reputation: 8.94
Rate Hermit
Prime example of a practically perfect person
|
|
Re:Adding Math to List of Security Threats
« Reply #1 on: 2007-11-17 09:37:03 » |
|
Rejoice! ODL* was way ahead of Adi Shamir. Consider that ODL had clearly determined that Iran seeking Knowledge of Mass Destruction might lead to World War III, which is why we are now engaged in a War on Knowledge. Fortunately, whereas it had previously been thought that knowledge cannot be destroyed, patriotic research by Faux TV has proved that it is trivial to suppress cognition to a level where knowledge is eliminated. As the ongoing bleating of neocons indicates, knowledge is neither required nor helpful to our national aims. While the program still has a few flaws (fortunately it merely destroys ethical judgment, rationality and reasoning ability, no life threatening issues are involved), it clearly is a national priority to eliminate all KMDs wherever they may be found before WW III destroys our Way of Life. Seen in this light, knowledge of a dangerous munition like cryptography is merely a subset of our larger problem. Knowledge must be eradicated before it destroys us all.
Love
Hermit
.
*Our Dear Leader
|
With or without religion, you would have good people doing good things and evil people doing evil things. But for good people to do evil things, that takes religion. - Steven Weinberg, 1999
|
|
|
Walter Watts
Archon
Gender:
Posts: 1571
Reputation: 8.89
Rate Walter Watts
Just when I thought I was out-they pull me back in
|
|
Re:Adding Math to List of Security Threats
« Reply #2 on: 2007-11-17 14:17:43 » |
|
Quote from: Hermit on 2007-11-17 09:37:03
Rejoice! ODL* was way ahead of Adi Shamir. Consider that ODL had clearly determined that Iran seeking Knowledge of Mass Destruction might lead to World War III, which is why we are now engaged in a War on Knowledge. Fortunately, whereas it had previously been thought that knowledge cannot be destroyed, patriotic research by Faux TV has proved that it is trivial to suppress cognition to a level where knowledge is eliminated. As the on going bleating of neocons indicates, knowledge is neither required nor helpful to our national aims. While the program still has a few flaws (fortunately it merely destroys ethical judgment, rationality and reasoning ability, no life threatening issues are involved), it clearly is a national priority to eliminate all KMDs whereever they may be found before WW III destroys our [b]Way of Life[/i]. Seen in this light, knowledge of a dangerous munition like cryptography is merely a subset of our larger problem. Knowledge must be eradicated before it destroys us all.
Love
Hermit
.
*Our Dear Leader
|
Please tell me you don't think ODL is thinking what I'm hoping he's not thinking.
Walter
[who recently is having dreams of KMD of ODL in an agonizing fashion and watching it on Faux TV as the commentators parade the weeping by in real time]
PS---Notice that I said "dream" and not "nightmare". That was NOT a typo.
|
Walter Watts
Tulsa Network Solutions, Inc.
No one gets to see the Wizard! Not nobody! Not no how!
|
|
|
|
Logged
