Dear all,
I came across this recently, and thought you might be intrested. It is my contribution to the discussion on SC security. In brief : if the value of the protected information or possible fraud-mechanism is worth it, then a SC can be 'cracked'. This caused at the time BskyB to stop using symmetric keys, and switch over to asymmetric schemes (RSA). The costs to hack into last generations of SC are still considered "high". The following extract comes from : "On the Security of Digital Tachographs" by Ross Anderson Cambridge University Computer Laboratory (PDF, http://www.cl.cam.ac.uk/ftp/users/rja14/tacho.pdf) "The state of the art in early 1998 (!!) is more advanced; professional pirates now use microscopes fitted with lasers and microprobes to extract card data quite rapidly. One technique is to fit a probe to the line that controls the instruction latch, and use this to prevent new instructions being loaded from the bus. Now when the card is clocked there will be no jump instructions, and all the words in memory will appear on the bus in sequential order. A sec- ond microprobe is then used to recover the memory contents from one bus line at a time. The laser is used to remove the passivation layer from the card surface over the feature to be probed; this avoids removing the whole layer, which may set of an alarm in some card designs. It also creates a depression in which the microprobe will lie stably. The cost of the laboratory equipment needed to perform this attack is about 150,000 ECU, though second-hand equipment is much cheaper. The equip- ment is also available at many university laborato- ries, and at least one EU university teaches chip- card breaking techniques to undergraduates as part of their course work [3]. Sources for the PDF of this section are : RJ Anderson, MG Kuhn, \Tamper Resistance |a Cautionary Note", in The Second USENIX Work- shop on Electronic Commerce Proceedings (Nov 1996) pp 1{11 [3] E Bovenlander, invited talk on smartcard security, Eurocrypt 97 Kind Regards, Olaf Jonkers Utimaco Safeware "Peter Tomlinson" To: <[EMAIL PROTECTED]> <[EMAIL PROTECTED] cc: k> Subject: Re: MUSCLE So is that what the FinRead Sent by: owner-sclinux@d rizzle.com 06/03/2002 06:58 Please respond to sclinux And that solution was what we were talking about at the very first Finread 'Workshop'. Somehow, it got lost along the way. Peter T Bristol UK ----- Original Message ----- From: "Jason Barkeloo" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 06, 2002 3:47 AM Subject: MUSCLE So is that what the FinRead > specs are designed to do? > > jb > > > > From: Michael Gile ([EMAIL PROTECTED]) > Date: Mon Jan 21 2002 - 16:27:57 CST > > The security problem with smart cards is not key recovery. It is the fact > that the smart card must rely on a standard PC (or other insecure host) for > input and output. > > For example, say we have a smart card with a signing application that will > sign arbitrary data from the host PC (an oracle). The attacker no longer > needs access to the key, only an application that can send data to the card. > Even when adding authorization to the key usage (for example a PIN), an > attacker needs only access to the insecure host machine and can then recover > the PIN itself or send bogus data to be signed. > > The solution to the smart card attacks above is to add a secure > communication channel to some special purpose server through which only > encrypted data is ever transmitted outside the card, or provide a more > robust mechanism to the user that can be used for secure input and allows > more storage and computing power on the card itself. > > Regards, > > Michael Gile > Wave Systems Corp. > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > On 1/21/02 12:39 PM, "Matthias Bruestle" <[EMAIL PROTECTED]> wrote: > > > On Sun, Jan 20, 2002 at 08:03:26PM -0800, David Corcoran wrote: > >> I've got Ben Laurie (yes, the famous Apache hacker) on another list > >> claiming that smart cards are weak storage for keying material. > >> e.g. that physical access to the card is all that is needed for a > >> motivated hacker to pry the key out of the card. > > > > I have never tried to crack a smart card or have much knowledge about > > the technical devices needed, but I have read quite a bit and had to > > do with cards, industry, etc.. > > > > My estimation of the situation: > > > > Smart card manufacturers try to make these as secure as possible, > > but smart cards are a cheap mass product. > > > > I do think, that cracking of smart cards is hard, but not impossible. > > And it is getting harder and harder, because there are are improvements > > in the smart card area regarding security, e.g. in the Infineon series > > 44 -> 66S -> 66P. (I'm most familiar with these ICs.) I do believe, > > that the 66P series from Infineon for at least some years secure against > > reading the content of the EEPROM by students and also more sophisticated > > hackers. This is because of the security features they have and because > > so many firms and government agencies do trust them. It would be very > > bad publicity for them if a card would be cracked. But I do not believe, > > that the 66P is secure against the laboratory and knowledge of e.g. Intel. > > > > For the 66S there seams to be not so much trust, e.g. the German > > signature cards from Telesec hat originally a 66S chip and were replaced > > by cards with a 66P. For the 44 there is, as it appears, even much less > > trust, thatn for the 66S. > > > > If you only want to read out a key, some form of power analysis would > > be enough. You need here not very expensive equipment. Card and OS > > manufacturers try als to be secure against this and they do apparently > > also try themself (or pay others to do so) to attack their cards with > > power analysis. My opinion is, that it is very difficult to do a power > > analysis attack with modern cards, but I am not convinced that it is > > impossible. What might make it impossible is to try to design a power > > analysis resitant protocol. E.g. with some sort of error counter. > > > > These are not definite answers. Here is probably a similar situation > > than in the cryptography area. but surrounded by non-openess. > > > > So my advice is to design a smart card application, that an attacker > > can not gain much value, and also to develop some plans what to do, > > if a card get's cracked. > > > > If there is interest, I can also write some about evaluation according to > > ITSEC/CC. > > > > > > Mahlzeit > > endergone Zwiebeltuete > > > > Jason Barkeloo > Director of Research > ACEtek Research > tele 513.225.8765 > http://metaskilled.tripod.com > > > *************************************************************** > Unix Smart Card Developers - M.U.S.C.L.E. > (Movement for the Use of Smart Cards in a Linux Environment) > http://www.linuxnet.com/ > To unsubscribe send an email to [EMAIL PROTECTED] with > unsubscribe sclinux > *************************************************************** > > *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux *************************************************************** *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
