Research signals safer smart cards

Eugen Leitl eugen at leitl.org
Tue Dec 10 08:48:54 EST 2002


http://www.theregister.co.uk/content/55/28489.html

Research signals safer smart cards
By ComputerWire
Posted: 09/12/2002 at 22:49 GMT


 
Cryptography Research Inc, the company behind the design of the SSL v3.0 
protocol that is used to secure transactions on the world wide web, claims 
to have discovered a new class of attacks that could be used by hackers to 
extract secret keys and information from smart cards and secure 
cryptographic tokens. 

Known as Differential Power Analysis (DPA), the San Francisco, 
California-based company says it could be a serious issue affecting smart 
cards and many other supposedly tamper-resistant hardware devices. 

DPA is said to exploit characteristic behaviors of transistor logic gates 
and software running on many of today's smart cards. DPA eavesdrops on the 
fluctuating electrical power consumption of the microprocessors at the 
heart of these devices. An attack is performed by monitoring electrical 
activity and then applying statistical methods to determine secret 
information, such as secret keys and user PINs that are held on the 
device. Current generation smart cards are said to be especially 
vulnerable because of their small size and minimal shielding. 

Although DPA attacks require a high level of technical skill in several 
fields to implement, they can be performed using a few thousand dollars of 
standard equipment. CRI maintains that once perfected, the technique can 
be used to break a device in a few hours or less. DPA attacks can then be 
automated. 

Unsurprisingly, the company claims to be one step ahead with a workstation 
system that will defend against this new class of attacks by testing 
power-related security vulnerabilities. Cryptography Research provides a 
variety of design and research services to Visa International, Mondex, 
Netscape, Microsoft and Intuit. 

The market for smart cards surged in the six months ending June 2002, with 
shipments to the US and Canada exceeding 31 million cards, more than 
double that for the year-ago period. 


-- 
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org
83E5CA02: EDE4 7193 0833 A96B 07A7  1A88 AA58 0E89 83E5 CA02
http://moleculardevices.org         http://nanomachines.net


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list