Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: more on Vulnerability Is Discovered in Security for Smart Cards

From: Dave Farber <dave () farber net>
Date: Tue, 14 May 2002 13:20:28 -0400

------ Forwarded Message
From: Paul Jimenez <pj () place org>
Date: Tue, 14 May 2002 12:18:28 -0500
To: dave () farber net
Subject: Re: Vulnerability Is Discovered in Security for Smart Cards


------- Begin Forwarded Message
Content-Description: forwarded message
X-X-Sender: corcoran () drizzle com
Reply-To: sclinux () linuxnet com
From: David Corcoran <corcoran () linuxnet com>
To: sclinux () linuxnet com
Subject: MUSCLE smartcard attacks

Hi,

There have been a few articles about smartcard attacks recently.  I would
like to pose a few points in regard to.

1) These attacks all require physical access to the card.  They cannot be
   done remotely.
2) These attacks assume the user has not realizes they have lost their
   card and has therefore not notified their helpdesk to have the card
   revolked.
3) These attacks require the user to very carefully remove layers from the
   outside of the chip to expose the card.  This is not easy - in most
   cases the chip is ruined.
4) These are trial and error attacks - by changing the values of data
   stored in eeprom, the attacker hopes to change the behavior of the card
   and have it malfunction by returning data the attacker wants to know.
   Consider this like a game of minesweeper.  You have 262,144 bits in 32k
   The majority of those bits being changed will deem the card useless.
   In the other cases, unuseful data might be returned.  Even if the data
   was unciphered in the eeprom  (not likely), the user must know where to
   look for the data which in most cases isn't linear.
5) These attacks are well known - changing the power, clock to get the
   card to malfunction.  Heat, Cold, whatever - most do not work and the
   attacker has to know alot about the card and data on it.  If I wanted
   to put this work to get free GSM service why not steal a credit card
   and buy a phone card - at least this is less trackable....

There are some clear things left out of the article.  First, those parts
are not $30 - I believe you would need some chemicals to expose the chip,
you would need a quality microcope, and I'm sure I couldn't pay the
Russian bomb specialist $30 to do this attack for me.

Point being that there is no perfect solution.  I can buy a $10 safe from
Walmart to protect my documents from fire up to 10 minutes at 1900
degrees, or I could buy a safe from Diebold for $30,000 which survives a
couple of hours at that temperature.  The confort of the smartcard is that
I know it is 100% safe as long as it is in my pocket .....

Discussion ???

Dave

***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to majordomo () linuxnet com with
unsubscribe sclinux
***************************************************************

Content-Description: .signature

------- End of Forwarded Message



------ End of Forwarded Message

For archives see:
http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: