Research team finds a way to pick-pocket OpenSSL based devices

The academic preprint that made its public appearance a couple of days ago shows yet another vulnerability of the Bitcoin protocol.

To improve protection of any system one needs to know its fracture points and the best way to find these is to attempt to break the system. The combined efforts of computer security researchers from The University of Adelaide (Australia) and University of Bristol (UK) in show that it is possible to use timing side-channels for Bitcoin private key stealing.

Listening to the Thunder

In cryptography side-channel attacks exploit the information not directly from the code but by the certain patterns of physical behavior that come with the work of a cryptosystem. There are different “weak spots” that can be used: power consumption, data remanence, sound or even electromagnetic radiation. The yet-to-become paper though researched the timing attack.

As comes from its name this attack measures how much time is required for certain calculations. The closest real life analogy is probably measuring the distance between you and a lightning bolt by counting seconds between the flash and the thunder.

Of course there are actions one can take when writing the cryptographic code to prevent these attacks. However, as the Chief Technology Officer at Uptime Technologies, Ltd, Björn Stein remarked in his comments to the preprint - “It is difficult to ensure that any computer code is truly good, which is why responsible programmers avoid reinventing the wheel and use a widely-used cryptography library such as OpenSSL.”

Follow us on Facebook