Research signals safer smart cards
Eugen Leitl
eugen at leitl.org
Tue Dec 10 08:48:54 EST 2002
http://www.theregister.co.uk/content/55/28489.html
Research signals safer smart cards
By ComputerWire
Posted: 09/12/2002 at 22:49 GMT
Cryptography Research Inc, the company behind the design of the SSL v3.0
protocol that is used to secure transactions on the world wide web, claims
to have discovered a new class of attacks that could be used by hackers to
extract secret keys and information from smart cards and secure
cryptographic tokens.
Known as Differential Power Analysis (DPA), the San Francisco,
California-based company says it could be a serious issue affecting smart
cards and many other supposedly tamper-resistant hardware devices.
DPA is said to exploit characteristic behaviors of transistor logic gates
and software running on many of today's smart cards. DPA eavesdrops on the
fluctuating electrical power consumption of the microprocessors at the
heart of these devices. An attack is performed by monitoring electrical
activity and then applying statistical methods to determine secret
information, such as secret keys and user PINs that are held on the
device. Current generation smart cards are said to be especially
vulnerable because of their small size and minimal shielding.
Although DPA attacks require a high level of technical skill in several
fields to implement, they can be performed using a few thousand dollars of
standard equipment. CRI maintains that once perfected, the technique can
be used to break a device in a few hours or less. DPA attacks can then be
automated.
Unsurprisingly, the company claims to be one step ahead with a workstation
system that will defend against this new class of attacks by testing
power-related security vulnerabilities. Cryptography Research provides a
variety of design and research services to Visa International, Mondex,
Netscape, Microsoft and Intuit.
The market for smart cards surged in the six months ending June 2002, with
shipments to the US and Canada exceeding 31 million cards, more than
double that for the year-ago period.
--
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org
83E5CA02: EDE4 7193 0833 A96B 07A7 1A88 AA58 0E89 83E5 CA02
http://moleculardevices.org http://nanomachines.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list