Re: Questions on GSM Penetration test

[Wouter Slegers <wouter () yourcreativesolutions nl>]

On Sun, Jan 27, 2002 at 10:00:25PM +0100, Tom Buelens wrote:
> > What would you mean by "peal off"? Would that be some kind of physical
> > tampering? Most smart cards often have some kind of "Tamper Resistant
> > Sealing". Also if you try to peal of the adhesive coating, you will most
> > probably break the delicate fuse wire which most Smart Card companies run
> > in that adhesive coating, thereby making the whole smart-card completely
> > useless.
> "The Netherlands Organisation for Applied Scientific Research" has the tools
> for 'pealing' of the chip layer by layer (thus not the card).
They are BTW very good at what they do.

> Again I do not know the exact technology they use but it is not just
> your ordenary knive and skrewdriver.
Some of these attacks can be done with standard tools available in a
university lab, see Markus Kuhn at al in <URL:http://www.cl.cam.ac.uk/
Research/Security/tamper/>. IBM has very interesting research on
defense.

For non-invasive techniques, look for side-channel attacks in
cryptography such as the power analysis attackt (DPA, SPA etc).

> More like elektron microscope and the likes. And I do not
> think they are the only ones on the planet who can.
No, they are not the only ones. Reverse engineering of semiconductors is
common and has a legitimate role in quality control, research and search
for patent infringements.
To get an idea of the proliferation of this kind of work, just take a look
at the doodles found in chips in the Silicon Zoo <URL:http://micro.magnet.
fsu.edu/creatures/> and imagine how many chips need to be looked at in
that kind of detail to make a collection that large.

> > Tom, if what you are saying is correct, people can make large amounts of
> > money, just copying smart cards with applications like "Pre Paid Telephone
> > Cards", "Electronic Purses" etc.
Labs like these are not cheap :-) Even so, a smart (no pun intended)
implementer of a system with smartcards makes sure that the compromise
of a few of them does not make the whole system insecure, for example by
changing the cryptographic keys every batch of X-thousand cards. You're
looking to make the costs of cracking one and making the counterfeits too
high to make a decent profit (the badguys are in it for the money too).
VISA has an extensive model for calculating the costs for an attacker,
for just this purpose. Balancing this against the additional costs of
the security (remember, this is a bulk, low-profit-per-unit market) is
non-trivial.

With kind regards,
Wouter Slegers

-- 
Wouter Slegers
Your Creative Solutions
"Security solutions you can trust and verify."

Attachment: _bin
Description: