Extracting a 3DES key from an IBM 4758

[aleph1 () securityfocus com]

Extracting a 3DES key from an IBM 4758

The IBM 4758 is an extremely secure crytographic co-processor. It is used 
by banking systems and in other security conscious applications to hold 
keying material. It is designed to make it impossible to extract this keying 
material unless you have the correct permissions and can involve others in a 
conspiracy.

We are able, by a mixture of sleight-of-hand and raw processing power, to 
persuade an IBM 4758 running IBM's ATM (cash machine) support software called 
the "Common Cryptographic Architecture" (CCA) to export any and all its DES 
and 3DES keys to us. All we need is:

* about 20 minutes uninterrupted access to the device
* one person's ability to use the Combine_Key_Parts permission
* a standard off-the-shelf $995 FPGA evaluation board from Altera
* about two days of "cracking" time

The attack can only be performed by an insider with physical access to the 
cryptographic co-processor, but they can act alone. The FPGA evaluation board 
is used as a "brute force key cracking" machine. Programming this is a 
reasonably straightforward task that does not require specialist hardware 
design knowledge. Since the board is pre-built and comes with all the 
necessary connectors and tools, it is entirely suitable for amateur use.

Besides being the first documented attack on the IBM 4758 to be run "in 
anger", we believe that this is only the second DES cracking machine in the 
open community that has actually been built and then used to find an unknown 
key!

Until IBM fix the CCA software to prevent our attack, banks are vulnerable 
to a dishonest branch manager whose teenager has $995 and a few hours to 
spend in duplicating our work.

http://www.cl.cam.ac.uk/~rnc1/descrack/

-- 
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum