Smart Card Cracker at RSA tradeshow - Cool!

R. A. Hettinga rah at shipwright.com
Thu Feb 21 10:54:23 EST 2002


--- begin forwarded text


Status:  U
Date: Thu, 21 Feb 2002 00:46:08 -0800
To: cypherpunks at lne.com
From: Bill Stewart <bill.stewart at pobox.com>
Subject: Smart Card Cracker at RSA tradeshow - Cool!
Sender: owner-cypherpunks at lne.com

Most of the exhibits at the RSA show looked like such things usually do.
But one exhibit was really cool - Datacard Group, near the back around the
middle.
If you're there, you absolutely have to see these guys.

They were cracking smart cards using Differential Power Analysis and
Differential Fault Analysis - they have a stack of equipment with
an oscilloscope and some magic boxes and a PC display, and they were
showing "see these 16 vertical lines?  That's 16 rounds of DES.
Let's zoom in - this shape here is an S-box.  I'll start the cracking program,
and we'll have the key in a minute or two", and sure enough they did.
Triple-DES only takes about 3 times as long...

Finding the two primes from an RSA key took a similar amount of time -
it's not doing some magic factoring technique, it's watching a card
that has the two primes in it signing stuff.  I think that demo was
Differential Fault Analysis, where they hand the card some voltages
and frequencies that are much different than it's designed for,
and look at the different results they get depending on what parts they poke.

I've seen Paul Kocher's descriptions in the past about how this stuff
is possible - it's not the same impact as watching it done,
and seeing how amazingly fast it can be.
They're set up to do a couple formats of cards, including contactless
as well as the standard contact-based things.

Of course, there are also a few dozen smartcard vendors at the show,
talking about how their authentication systems will make
health care and banking and biometric citizen-unit-tracking perfectly
secure :-)

  =================
One other pleasant product was @Stake's bootable linux business-card-CD,
with lots of network analysis tools on it - ethereal, snort, VNC, a few
dozen others.
All the things you'd expect from them, if you dare to put it in your
machine....
They said there really weren't any "remote system administration" tools
on the disk that they don't document being there :-)

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list