RSA Keys: pt 2
Home Up


Fast, reliable data access for ODBC, JDBC, ADO.NET and XML
Business Intelligence with R&R ReportWorks
Got SOX compliance?
Movielink Logo 88x31
IBM eserver xSeries 306m 8849 - P4 3.4 GHz
iTunes Logo 88x31-1


Databases, Networks and Digital Certificates Vexed by Pervasive Security Flaw

<<Prev 1 2

Sponsor Links
Fast, reliable data access for ODBC, JDBC, ADO.NET and XML

Simple Branch Prediction Analysis

Researchers Onur Acıicmez, Cetin Kaya Koc and Jean-Pierre Seifert recently published a paper on another RSA vulnerability affecting OpenSSL. They were able to show a spy process running concurrently with an RSA process is capable of collecting almost all of the secret key bits during a single signing process.

The researchers' method, a Simple Branch Prediction Analysis (SBPA) attack, analyzes the CPU "Branch Predictor states through spying on a single quasi-parallel computation process."

The SBPA attack is a more serious concern than timing attacks on RSA, which require taking many execution-time measurements under the same key. The SBPA method saves an averaging of 1000 to 10,000 measurements.

Applying a time-dependent random self-improvement heuristic with SBPA measurements, the authors tried multiple attacks against Open SSL RSA, with the most successful revealing 508 of the 512 secret key bits.

They concluded the SBPA attack against the OpenSSL RSA implementation showed "the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless."

Certs and Software Affected by OpenSSL Security Flaws

The exponent 3 public key and SBPA vulnerabilities raise concerns about X.509 certificates that are widely used for secure web browsing. X.509 certificates are used for single sign-on (network access), secure e-mail, authenticating SQL database users, J2EE authentication and message-level security, web services security (SAML, WS-Security), grid security, and a variety of other purposes. RSA with exponent 3 has been accepted, for example, as a European standard for healthcare signatures.

Browsers that require updates for OpenSSL security vulnerabilities include Firefox, Konqueror, Mozilla / Sea Monkey, Netscape and Opera. There is also a long list of other software that might be affected by the OpenSSL buffer overrun, DoS, RSA key handling and SBPA vulnerabilities.

Below is a partial list of software built with the OpenSSL toolkit. Use it to check for due diligence by your software providers in addressing the OpenSSL security issues. Hardware products such as cryptography accelerators are also affected.


Provider Product or Software
Adobe Macromedia JRun, Adobe Premier Elements, Flash Player 9
Apache HTTP Server, XML Security
Apple Mac OS X
BrightStor ARCServe Backup
Business Objects Business Objects XI
Check Point SecureXL Turbocard
Cisco IPS, Secure ACS, Security Agent, Security Monitoring, Analysis and Response System (MARS), Unified Presence Server, SIP Proxy Server, Transport Manager, Unified Personal Communicator, Wireless LAN Controller
Citrix MetaFrame Presentation Server for UNIX
Debian GNU/Linux GnuTLS
FreeBSD Project FreeBSD
Globus Alliance Globus Toolkit
HP (Compaq) Internet Express for Tru64TM UNIX, Insight Manager, OpenPegasus SDK, OpenView, OpenVMS Secure Web Server, Rack and Power Manager, Systems Inventory Manager, HP-UX Host Intrusion Detection System, HP-UX IPSec, HP-UX SNAPlus, HP-UX Web Server Suite, WBEM Services Software Developers Kit for HP-UX
IBM DB2 Content Manager Enterprise Edition, DB2 Content Manager for z/OS, DB2 Content Manager Standard Edition, DB2 Information Integrator for Content, Hardware Management Console (HMC), Informix Dynamic Server, Service Processor, Tivoli Access Manager, Tivoli Kernel Services
Intel Viiv Software Premium Content Module (SPCM), Solectron
InterSoft NetTerm
InterVideo InstantON
Mandriva Linux Bind DNS server
Mozilla Network Security Services (NSS) library
NetBSD Project NetBSD
Nortel ENSM IP Address Manager, Self-Service Media Processing Server 500, VPN Router 600, 1010, 1050, 1100, 1700, 1740, 1750, 2700, 5000, VPN Router Contivity 2600, 4500, 4600, WLAN Wireless Gateway 7250
Novell eDirectory 8.7 for Solaris, Linux, and AIX, Linux Desktop 9, Linux POS 9, NetMail, Open Enterprise Server, SUSE LINUX 10.1, SUSE LINUX 10.0, SUSE LINUX 9.3, SUSE LINUX 9.2, SUSE Linux Desktop 1.0, SUSE Linux Enterprise Server 8, SUSE Linux Openexchange Server 4, SUSE LINUX Retail Solution 8, SUSE Linux School Server, SUSE Linux Standard Server 8, SUSE SLED 10, SUSE SLES 10, SUSE SLES 9, United Linux 1.0
OmniPilot Lasso
Open Solaris Project Open Solaris
Oracle Application Server (9i, 10g), Collaboration Suite 10g, Database Server (8i, 9i, 10g), Drive, HTTP Server, PeopleSoft, Secure Backup
Progress Software PeerDirect Replication Engine (PDRE)
QNX Neutrino
Red Hat  Fedora, Desktop (v. 4), Enterprise Linux AS (v. 4), Enterprise Linux ES (v. 4), Enterprise Linux WS (v. 4), Stronghold Enterprise
Slackware Project Slackware Linux
Sony Personal Communicator
Sun Crypto Accelerator (board), Java System Application Server 7, Java System Application Server Enterprise Edition 8.1, Java System Application Server Platform Edition 8.1, Java System Proxy Server 3.6, Java System Web Server 6.0, Java System Web Server 6.1, ONE Application Server 7, Secure Global Desktop, Solaris 9, Solaris 10, StarOffice
Sybase Afaria, Appeon, Adaptive Server Enterprise, BPI for Healthcare, Data Auditing, Data Integration Suite, EA Server, E-Biz Impact, ECDA, WII Avaki SDF, FFI Global Fix, FFI BPTW, FFI Cons Banking, FFI Corp Banking, FFI UOFX, Sybase IQ, Sybase IQ Extended Edition, Mach Desktop, MFOLIO, ODBC drivers, OLE DB Providers, PowerBuilder, Risk Analytics Platform, RFID Enterprise, RTDS, SDK, Solonde ETL, Unwired Accelerator and Enterprise Portal, Unwired Orchestrator 4.x, Unwired Orchestrator 5.x, Workspace
Symantec Clientless VPN Gateway, Mail Security
Ubuntu Project Ubuntu 5.04, Ubuntu 5.10, Ubuntu 6.06 LTS
VA Software VA Linux
Veritas NetBackup, NetBackup Advanced Client, NetBackup for SAP, NetBackup for Windows, Storage Foundation for Oracle RAC
VMWare  ESX Server


On the Power of Simple Branch Prediction Analysis  
Onur Acıicmez, Cetin Kaya Koc, Jean-Pierre Seifert

About the Author

Ken North is the author or co-author of several books and a regular contributor to industry publications. He wrote the Database Developer column for Dr. Dobb's Sourcebook and Web Techniques and chaired the Nextware and XML Devcon 200x conferences. Ken develops software, speaks at conferences and teaches seminars. He is the editor of, and .

<<Prev 1 2

Security  Database Server Watch  SQLSummit Home Page   Articles  

Visit (Grid Computing Knowledge Portal)

2006 Ken North Computing, LLC. All rights reserved.