IP: Weaknesses in Smart Cards? [ I agree djf]

[Dave Farber <farber () central cis upenn edu>]

Date: Thu, 26 Sep 1996 02:21:25 -0700
To: cypherpunks () toad com
From: tcmay () got net (Timothy C. May)


Thanks, John. I read the full article. I'm skeptical.


At 12:08 PM 9/26/96, John Young wrote:
>   9-26-96. NYP:
>
>   "Potential Flaw In Cash Card Security Seen. Counterfeiting
>   a Risk, Say Bellcore Scientists." Markoff.


>      The Bellcore researchers said that a smart card's
>      security could be breached by forcing the microchip in
>      the card to make a calculation error, whether through
>      sophisticated means like bombarding the card with
>      radiation or perhaps cruder methods like placing it in
>      a microwave oven. A mathematical formula they derived
>      could use this error to extrapolate the secret data that
>      authenticates the card when it is used.


As the researchers note, they haven't actually done this.


Having worked on radiation effects on chips, I'm skeptical that this can be
done economically. Simple radiation sources won't be penetrating enough
(for the high "linear energy transer" (LET) particles needed to deposit
enough energy to flip a logic state) and the penetrating stuff (betas and
gammas) are low-LET and will only disrupt logic states in very high overall
exposures (kilorads).


A cyclotron, for example, could get some high-LET particles through the
packaging to the chips.


Strip-back of the outer packaging is possible, of course. I'd need to know
a lot more about the packaging used by VISA and other smartcard makers to
know how economical this would be. (Breaking any single card is not
necessarily a financial windfall, if the card has a limit, for example.
This puts a limit on how much $$$ can be spent on cracking a chip.)


Also, there are electrically-erasable PROM (EEPROM) chips which are very
difficult to clone, and which would have response properties to radiation
which are much different from static RAMs and microprocessors.


The "microwave oven" point I won't comment on.


Their work on what might be called a kind of "avalanche" algorithm, where a
few flaws in operation yield secrets at the output, seems interesting.


However, one thing that disturbs me (and their work is not the only
example) is the "press release" nature. Especially for _theoretical_ work,
rather than actual demonstration!


When the cracking of a 40-bit key was done about a year ago (by a couple of
Cypherpunks, including the French student), it was a *real* crack, not a
press release about a _possible_ attack. Likewise, the Netscape crack by
Wagner and Goldberg was a *real* attack.


But as the "arms race" for press releases about potential security flaws
escalates, it appears people are pre-announcing results, or gussying-up
potential flaws in the language of scary press releases.


Not a good journalistic trend, in my opinion.


--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay () got net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."