Interesting People mailing list archives
IP: more on Vulnerability Is Discovered in Security for Smart Cards
From: Dave Farber <dave () farber net>
Date: Tue, 14 May 2002 13:20:28 -0400
------ Forwarded Message From: Paul Jimenez <pj () place org> Date: Tue, 14 May 2002 12:18:28 -0500 To: dave () farber net Subject: Re: Vulnerability Is Discovered in Security for Smart Cards ------- Begin Forwarded Message Content-Description: forwarded message X-X-Sender: corcoran () drizzle com Reply-To: sclinux () linuxnet com From: David Corcoran <corcoran () linuxnet com> To: sclinux () linuxnet com Subject: MUSCLE smartcard attacks Hi, There have been a few articles about smartcard attacks recently. I would like to pose a few points in regard to. 1) These attacks all require physical access to the card. They cannot be done remotely. 2) These attacks assume the user has not realizes they have lost their card and has therefore not notified their helpdesk to have the card revolked. 3) These attacks require the user to very carefully remove layers from the outside of the chip to expose the card. This is not easy - in most cases the chip is ruined. 4) These are trial and error attacks - by changing the values of data stored in eeprom, the attacker hopes to change the behavior of the card and have it malfunction by returning data the attacker wants to know. Consider this like a game of minesweeper. You have 262,144 bits in 32k The majority of those bits being changed will deem the card useless. In the other cases, unuseful data might be returned. Even if the data was unciphered in the eeprom (not likely), the user must know where to look for the data which in most cases isn't linear. 5) These attacks are well known - changing the power, clock to get the card to malfunction. Heat, Cold, whatever - most do not work and the attacker has to know alot about the card and data on it. If I wanted to put this work to get free GSM service why not steal a credit card and buy a phone card - at least this is less trackable.... There are some clear things left out of the article. First, those parts are not $30 - I believe you would need some chemicals to expose the chip, you would need a quality microcope, and I'm sure I couldn't pay the Russian bomb specialist $30 to do this attack for me. Point being that there is no perfect solution. I can buy a $10 safe from Walmart to protect my documents from fire up to 10 minutes at 1900 degrees, or I could buy a safe from Diebold for $30,000 which survives a couple of hours at that temperature. The confort of the smartcard is that I know it is 100% safe as long as it is in my pocket ..... Discussion ??? Dave *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to majordomo () linuxnet com with unsubscribe sclinux *************************************************************** Content-Description: .signature ------- End of Forwarded Message ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: more on Vulnerability Is Discovered in Security for Smart Cards Dave Farber (May 14)