View Full Version : Flame's crypto attack may have needed $200,000 worth of compute power

06-11-12, 09:40 PM
http://cdn.arstechnica.net/wp-content/uploads/2012/06/playstation_3_cluster2.png A cluster of 200 PlayStation 3 consoles used in 2008 to find a cryptographic collision in the MD5 algorithm.
Alex Sotirov (https://trailofbits.files.wordpress.com/2012/06/flame-md5.pdf)


Discovery of new "zero-day" exploit links developers of Stuxnet, Flame (http://arstechnica.com/security/2012/06/zero-day-exploit-links-stuxnet-flame/)
Microsoft contains Flame with Windows Update revamp (http://arstechnica.com/security/2012/06/revamped-windows-update-contains-flame/)
Flame espionage malware issues self-destruct command (http://arstechnica.com/security/2012/06/flame-espionage-malware-issues-self-destruct-command/)
Crypto breakthrough shows Flame was designed by world-class scientists (http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/)
Flame's "god mode cheat code" wielded to hijack Windows 7, Server 2008 (Updated) (http://arstechnica.com/security/2012/06/flames-god-mode-cheat-code-wielded-to-hijack-windows-7-server-2008/)
The cryptographic attack that Flame engineers used to hijack Microsoft's Windows Update process was so computationally demanding, it would have required the equivalent of $200,000 worth of computing time from Amazon's EC2 Web service (http://aws.amazon.com/ec2/) for most people to carry it out.

That estimate was delivered over the weekend at the SummerCon conference by Alex Sotirov, a co-founder and chief scientist of New York-based security firm Trail of Bits (http://www.trailofbits.com/). One of seven researchers behind a 2008 "collision" attack that generated an SSL certificate authority (http://arstechnica.com/security/2008/12/theoretical-attacks-yield-practical-attacks-on-ssl-pki/) trusted by all major operating systems and browsers, Sotirov said the exploit required the equivalent of about $20,000 worth of computing time from EC2. The cost is because the precise window in which a fraudulent certificate could be constructed was just one second. That required him to try minting the certificate four times before he was successful. Rather than use the Amazon service, Sotirov's team used a cluster of 200 PlayStation 3 consoles, which over a weekend delivered an equivalent amount of computing resources.

"Based on my analysis of Flame so far, the timing precision that they needed for Flame was one millisecond," Sotirov told Ars on Monday. "That's one-thousandth of a second, which is quite a bit more difficult to achieve than our work in 2008. Because of this timing issue, I'm speculating that the Flame authors had to try their attack many times, probably many more than the four I needed in 2008."

Read more (http://arstechnica.com/security/2012/06/flame-crypto-attack-may-have-needed-massive-compute-power/) | Comments (http://arstechnica.com/security/2012/06/flame-crypto-attack-may-have-needed-massive-compute-power/?comments=1#comments-bar)

http://feeds.feedburner.com/~ff/arstechnica/index?i=xqmfEAsVzxE:rjh5KXsqMf0:V_sGLiPBpWU (http://feeds.arstechnica.com/~ff/arstechnica/index?a=xqmfEAsVzxE:rjh5KXsqMf0:V_sGLiPBpWU) http://feeds.feedburner.com/~ff/arstechnica/index?i=xqmfEAsVzxE:rjh5KXsqMf0:F7zBnMyn0Lo (http://feeds.arstechnica.com/~ff/arstechnica/index?a=xqmfEAsVzxE:rjh5KXsqMf0:F7zBnMyn0Lo) http://feeds.feedburner.com/~ff/arstechnica/index?d=qj6IDK7rITs (http://feeds.arstechnica.com/~ff/arstechnica/index?a=xqmfEAsVzxE:rjh5KXsqMf0:qj6IDK7rITs) http://feeds.feedburner.com/~ff/arstechnica/index?d=yIl2AUoC8zA (http://feeds.arstechnica.com/~ff/arstechnica/index?a=xqmfEAsVzxE:rjh5KXsqMf0:yIl2AUoC8zA)

More... (http://feeds.arstechnica.com/~r/arstechnica/index/~3/xqmfEAsVzxE/)