page header image


article feature
Back |  Print  |  Bookmark
Proximal Cryptographic Attacks
Cracking The AES Cipher

Recently, testing has demonstrated that everyday but very secure dual key encryption software is vulnerable to fault-based attack. That means it is almost practical to break encryption, even strong encryption.

The words basically mean that it is now practical to crack the coding systems that we trust every day: the systems that banks use for online banking, the coding software that we rely on for everyday business sales and purchase, the security packages that we buy off the shelf in our computer supermarkets. How can that be?

Well, various teams of researchers have been working on this, but the first successful test attacks were made by a team at the University of Michigan. They didn’t need to know about the computer hardware - all they needed to do was to create transient (i.e. short-lived) faults in a computer whilst it was processing secure data. Then, by monitoring the output they identified incorrect outputs with the faults they created, they could decode the data.


Modern security (the AES alogrithm) relies on two encryption keys. These encryption keys are 1024 bit (128 bytes) and use huge prime numbers which are combined by the software. Now the problem is just like that of cracking a safe - no safe is absolutely secure, but the better the safe, then the longer it takes to crack it. Until now, it has been assumed that security based on the 1024 bit key would take too long to decode (we are talking thousands of years), even with all the computing power on the planet. The latest research has shown that it can be done in a matter of days, and even quicker if more computing power is used.

How do they crack it?

Modern computer memory and CPU chips do are so miniaturised that they are prone to occasional faults , but they are designed to self-correct (error correcting memory). Ripples in the computer’s power supplies can also cause short-lived (transient) faults in the chip. Such faults were induced as the basis of the cryptoattack in the University of Michigan.

Note that the test team did not need access to the internals of the computer, only to be ‘in proximity’ to it, i.e. to affect the power supply.


Have you heard about the EMP effect of a nuclear explosion? An EMP (Electromagnetic Pulse) is a ripple in the earth’s innate electromagnetic field. It may be widespread depending on the size and precise nature of the bomb used. An EMP would wreck electricity supply lines and non-hardened (specially protected) radio and copper wire communications. A pulse gun could be used to cause the transient chip faults that could be monitored to crack encryption. That’s how to decrypt the latest encryption keys.

Final Twist

There is one final twist that affects how quickly encryption keys can be broken.

The frequency of faults to which integrated circuit chips are susceptible depends on the quality of their manufacture, and no chip is perfect. The flip side is that chips can be manufactured to offer higher fault rates, by injecting contaminants during manufacture. Chips with higher fault rates could speed up the code-breaking process.

Cheap chips, slightly more susceptible to transient faults than the average, manufactured on a huge scale, could become widespread. China produces memory chips (and computers) in vast quantities.

This is an excerpt of one of the research articles behind 'Gate of Tears'. Full article at

James Marinero
August 20, 2011

James Marinero writes techno thrillers, underpinned by extensive research.

Full Article Source:

 ↑ Back to Top