Can smart cards be hacked?
- By Peter Bochner
[ADT's PROGRAMMERS REPORT, December 17, 2002] -- Most users of smart cards
don't worry about being hacked. That may go for developers working with new
smart card-based I/O architectures as well. But both parties might be surprised
to learn it is possible for someone to extract information from smart cards by
electronically eavesdropping on the chips inside them.
But such eavesdropping is by no means simple.
In essence, the intimidating-sounding operation known as Differential Power
Analysis (DPA) allows an intruder to eavesdrop on the fluctuating electrical
power consumption of the microprocessors inside allegedly tamper-resistant
devices such as smart cards, said a noted security expert. By performing a
statistical analysis of the power consumption for a large number of computations
with the same cryptographic key, an intruder could extract information from
smart cards and use it to create fraudulent transactions, generate counterfeit
digital cash or pirate content.
DPA attacks ''have actually happened,'' said Paul Kocher, president and chief
scientist at Cryptography Research Inc. (CRI), a seven-year-old San
Francisco-based provider of security-related consulting services and technology.
The possibility of such attacks was discovered in 1998 by a team of CRI
researchers, including Kocher, who had earlier helped develop SSL, the popular
browser encryption technique.
How bad the problem is depends on whom you talk to. ''To my knowledge, DPA has
never been applied in a commercial situation where a system has been cracked
using this means,'' said Randy Vanderhoof, executive director of the Smart Card
Alliance, Princeton Junction, N.J. ''It's more of an academic approach.''
Admittedly, cracking a smart card through a DPA attack would be no easy
heist. It requires a high level of technical skill in several fields. But, with
several thousand dollars' worth of standard equipment, a tamper-proof device
could be broken in minutes, according to CRI reps.
According to the Smart Card Alliance's Vanderhoof, the smart cards most
vulnerable to DPA attacks are low- and medium-range cards used for basic access
control. ''The chips used in financial transaction applications have numerous
levels of security built into them for protection against all types of attacks,''
Smart cards are credit card-sized plastic cards with an embedded computer
chip. Since being developed in the 1970s, they have found application in
telecommunications (GSM mobile phones, pay television), financial services
(electronic purses, bank cards, online payment systems) and retail,
transportation and healthcare industries. Already widely used in Europe and
Asia, they are now gaining in popularity in North America.
Said CRI's Kocher, ''If your product is used in a high-risk environment, and
it has any vulnerabilities, attackers will find them and exploit them
ruthlessly. There will be ill effects, such as theft of money, unauthorized
access to high-security premises or intercepted television signals.'' (He lists
the last item because, even though the modules used in cable television systems
are not in smart-card format, they do contain cryptographic keys and could be
targets of DPA attacks.)
Of course, added Kocher, ''Most people are lucky and get away with having
vulnerability.'' For instance, he notes that if you put 300 smart cards in a
corporate environment, the odds are that no one will try to attack them.
Still, the problem exists, and because building a system to test for DPA has
been prohibitively expensive (''You have to build the hardware and software
yourself,'' said Kocher), only a handful of labs doing security testing have DPA
capabilities. That is why CRI has introduced a workstation that can be purchased
off-the-shelf to test for power-related vulnerabilities in smart cards. The DPA
Workstation takes a product and, through a series of measurements, figures out
what its vulnerabilities are.
The DPA Workstation combines a standard Windows 2000 PC, a PCI card that does
high-speed data acquisition, analysis software and digital sampling equipment.
The workstation enables researchers to study information leakage in silicon
through a high-speed statistical process code for manipulating the data
collected. ''You might collect 1Mb of data per operation you observe, so if there
were 10,000 operations, you'd have 10Gb of data to analyze. The software is
designed to find the needle in the haystack, the signal in the key you're
attacking,'' said Kocher.
According to the Smart Card Alliance, more than 31 million smart cards
shipped for use in the U.S. and Canada in the first half of 2002, a 100%
increase over the same period a year earlier.
To read more stories of related interest, please see:
you to create safe 'Liberty' Web services'' by John K. Waters at http://www.adtmag.com/article.asp?id=6919,
''Obfuscation: It's not just for Java anymore'' by Jack Vaughan at http://www.adtmag.com/article.asp?id=6951
''What to do before hackers attack your program'' by John K. Waters at http://www.adtmag.com/article.asp?id=6815
For other Programmers Report articles, please go to http://www.adtmag.com/article.asp?id=6265