Can smart cards be hacked?

[ADT's PROGRAMMERS REPORT, December 17, 2002] -- Most users of smart cards don't worry about being hacked. That may go for developers working with new smart card-based I/O architectures as well. But both parties might be surprised to learn it is possible for someone to extract information from smart cards by electronically eavesdropping on the chips inside them.

But such eavesdropping is by no means simple.

In essence, the intimidating-sounding operation known as Differential Power Analysis (DPA) allows an intruder to eavesdrop on the fluctuating electrical power consumption of the microprocessors inside allegedly tamper-resistant devices such as smart cards, said a noted security expert. By performing a statistical analysis of the power consumption for a large number of computations with the same cryptographic key, an intruder could extract information from smart cards and use it to create fraudulent transactions, generate counterfeit digital cash or pirate content.

DPA attacks ''have actually happened,'' said Paul Kocher, president and chief scientist at Cryptography Research Inc. (CRI), a seven-year-old San Francisco-based provider of security-related consulting services and technology. The possibility of such attacks was discovered in 1998 by a team of CRI researchers, including Kocher, who had earlier helped develop SSL, the popular browser encryption technique.

How bad the problem is depends on whom you talk to. ''To my knowledge, DPA has never been applied in a commercial situation where a system has been cracked using this means,'' said Randy Vanderhoof, executive director of the Smart Card Alliance, Princeton Junction, N.J. ''It's more of an academic approach.''

Admittedly, cracking a smart card through a DPA attack would be no easy heist. It requires a high level of technical skill in several fields. But, with several thousand dollars' worth of standard equipment, a tamper-proof device could be broken in minutes, according to CRI reps.

According to the Smart Card Alliance's Vanderhoof, the smart cards most vulnerable to DPA attacks are low- and medium-range cards used for basic access control. ''The chips used in financial transaction applications have numerous levels of security built into them for protection against all types of attacks,'' he explained.

Smart cards are credit card-sized plastic cards with an embedded computer chip. Since being developed in the 1970s, they have found application in telecommunications (GSM mobile phones, pay television), financial services (electronic purses, bank cards, online payment systems) and retail, transportation and healthcare industries. Already widely used in Europe and Asia, they are now gaining in popularity in North America.

Said CRI's Kocher, ''If your product is used in a high-risk environment, and it has any vulnerabilities, attackers will find them and exploit them ruthlessly. There will be ill effects, such as theft of money, unauthorized access to high-security premises or intercepted television signals.'' (He lists the last item because, even though the modules used in cable television systems are not in smart-card format, they do contain cryptographic keys and could be targets of DPA attacks.)

Of course, added Kocher, ''Most people are lucky and get away with having vulnerability.'' For instance, he notes that if you put 300 smart cards in a corporate environment, the odds are that no one will try to attack them.

Still, the problem exists, and because building a system to test for DPA has been prohibitively expensive (''You have to build the hardware and software yourself,'' said Kocher), only a handful of labs doing security testing have DPA capabilities. That is why CRI has introduced a workstation that can be purchased off-the-shelf to test for power-related vulnerabilities in smart cards. The DPA Workstation takes a product and, through a series of measurements, figures out what its vulnerabilities are.

The DPA Workstation combines a standard Windows 2000 PC, a PCI card that does high-speed data acquisition, analysis software and digital sampling equipment. The workstation enables researchers to study information leakage in silicon through a high-speed statistical process code for manipulating the data collected. ''You might collect 1Mb of data per operation you observe, so if there were 10,000 operations, you'd have 10Gb of data to analyze. The software is designed to find the needle in the haystack, the signal in the key you're attacking,'' said Kocher.

According to the Smart Card Alliance, more than 31 million smart cards shipped for use in the U.S. and Canada in the first half of 2002, a 100% increase over the same period a year earlier.

Links:
To read more stories of related interest, please see:
''Kit helps you to create safe 'Liberty' Web services'' by John K. Waters at http://www.adtmag.com/article.asp?id=6919,

''Obfuscation: It's not just for Java anymore'' by Jack Vaughan at http://www.adtmag.com/article.asp?id=6951

''What to do before hackers attack your program'' by John K. Waters at http://www.adtmag.com/article.asp?id=6815

For other Programmers Report articles, please go to http://www.adtmag.com/article.asp?id=6265