ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Tshiab Sab Channel Attack Technique kom Rov qab ECDSA Keys

Tshiab Sab Channel Attack Technique kom Rov qab ECDSA Keys

Cov kws tshawb fawb los ntawm University. Masaryk tsis pom cov ntaub ntawv hais txog yooj yim nyob rau hauv ntau yam kev siv ntawm ECDSA / EdDSA digital kos npe tsim algorithm, uas tso cai rau koj los kho tus nqi ntawm tus yuam sij ntiag tug raws li kev txheeb xyuas ntawm cov ntaub ntawv xau ntawm tus kheej cov khoom uas tshwm sim thaum siv cov txheej txheem kev tshuaj xyuas thib peb. Cov vulnerabilities tau codenamed Minerva.

Cov haujlwm uas paub zoo tshaj plaws uas cuam tshuam los ntawm txoj kev tawm tsam yog OpenJDK / OracleJDK (CVE-2019-2894) thiab lub tsev qiv ntawv libgcrypt (CVE-2019-13627) siv hauv GnuPG. Kuj raug rau qhov teeb meem MatrixSSL, Crypto ++, wolfCrypt, lub cev, jsrsasign, python-ecdsa, ruby_ecdsa, fastecdsa, yooj yim-ec thiab Athena IDProtect ntse phaib. Tsis tau sim, tab sis siv tau S/A IDflex V, SafeNet eToken 4300 thiab TecSec Armored Card phaib, uas siv tus qauv ECDSA module, kuj tau tshaj tawm tias muaj feem cuam tshuam.

Qhov teeb meem twb tau kho nyob rau hauv qhov kev tso tawm ntawm libgcrypt 1.8.5 thiab wolfCrypt 4.1.0, cov haujlwm tseem ceeb tseem tsis tau tsim kho tshiab. Koj tuaj yeem taug qab kev txhim kho rau qhov tsis zoo hauv pob libgcrypt hauv kev faib tawm ntawm nplooj ntawv no: Debian, Ubuntu, RHEL, Fedora, openSUSE / SUSE, FreeBSD, Koov.

Vulnerabilities tsis raug OpenSSL, Botan, mbedTLS thiab BoringSSL. Tseem tsis tau sim Mozilla NSS, LibreSSL, Nettle, BearSSL, cryptlib, OpenSSL hauv FIPS hom, Microsoft .NET crypto,
libkcapi los ntawm Linux ntsiav, Sodium thiab GnuTLS.

Qhov teeb meem yog tshwm sim los ntawm lub peev xwm los txiav txim qhov tseem ceeb ntawm tus kheej cov khoom thaum lub sij hawm scalar multiplication nyob rau hauv elliptic nkhaus ua hauj lwm. Txoj kev tsis ncaj, xws li kwv yees kev ncua sij hawm, yog siv los rho tawm cov ntaub ntawv me ntsis. Kev tawm tsam yuav tsum tsis muaj kev nkag mus rau tus tswv tsev uas kos npe digital yog tsim (tsis yog cais thiab kev tawm tsam tej thaj chaw deb, tab sis nws yog qhov nyuaj heev thiab yuav tsum muaj ntau cov ntaub ntawv rau kev tsom xam, yog li nws tuaj yeem suav tias tsis zoo). Rau kev thauj khoom muaj cov cuab yeej siv rau kev tawm tsam.

Txawm hais tias qhov loj me me ntawm cov xau, rau ECDSA qhov kev tshawb pom ntawm txawm tias ob peb yam nrog cov ntaub ntawv hais txog kev pib vector (tsis yog) yog txaus los ua kom muaj kev tawm tsam kom rov qab tau tag nrho cov yuam sij ntiag tug. Raws li cov kws sau ntawv ntawm txoj kev, kom ua tiav ib qho tseem ceeb, kev tsom xam ntawm ntau pua mus rau ntau txhiab tus kos npe digital tsim rau cov lus paub rau tus neeg tawm tsam txaus. Piv txwv li, 90 txhiab tus lej kos npe tau txheeb xyuas siv secp256r1 elliptic nkhaus los txiav txim siab tus yuam sij siv ntawm Athena IDProtect ntse daim npav raws li Sab Hauv Ruaj Ntseg AT11SC nti. Lub sijhawm tawm tsam tag nrho yog 30 feeb.

Tau qhov twg los: opennet.ru

Ntxiv ib saib