Adding Math to List of Security Threats

Adding Math to List of Security Threats
Adding Math to List of Security Threats

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By John Markoff
The New York Time
November 17, 2007

SAN FRANCISCO, Nov. 16 =E2=80=94 One of the world=E2=80=99s most prominent 
cryptographers issued a warning on Friday about a hypothetical incident 
in which a math error in a widely used computing chip places the 
security of the global electronic commerce system at risk.

Adi Shamir, a professor at the Weizmann Institute of Science in Israel, 
circulated a research note about the problem to a small group of 
colleagues. He wrote that the increasing complexity of modern 
microprocessor chips is almost certain to lead to undetected errors.

Historically, the risk has been demonstrated in incidents like the 
discovery of an obscure division bug in Intel=E2=80=99s Pentium microprocessor 
in 1994 and, more recently, in a multiplication bug in Microsoft=E2=80=99s Excel 
spreadsheet program, he wrote.

A subtle math error would make it possible for an attacker to break the 
protection afforded to some electronic messages by a popular technique 
known as public key cryptography.

Using this approach, a message can be scrambled using a publicly known 
number and then unscrambled with a secret, privately held number.

The technology makes it possible for two people who have never met to 
exchange information securely, and it is the basis for all kinds of 
electronic transactions.

Mr. Shamir wrote that if an intelligence organization discovered a math 
error in a widely used chip, then security software on a PC with that 
chip could be =E2=80=9Ctrivially broken with a single chosen message.=E2=80=9D

Executing the attack would require only knowledge of the math flaw and 
the ability to send a =E2=80=9Cpoisoned=E2=80=9D encrypted message to a protected 
computer, he wrote. It would then be possible to compute the value of 
the secret key used by the targeted system.

With this approach, =E2=80=9Cmillions of PC=E2=80=99s can be attacked simultaneously, 
without having to manipulate the operating environment of each one of 
them individually,=E2=80=9D Mr. Shamir wrote.


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Visit InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods