[Cryptography] Broken RNG renders gov't-issued smartcards easily hackable.

Wouter Slegers wouter at yourcreativesolutions.nl
Fri Oct 11 14:23:58 EDT 2013 

Dear Ray,

On 2013-10-11, at 19:38 , Ray Dillinger <bear at sonic.net> wrote:
> This is despite meeting (for some inscrutable definition of "meeting")
> FIPS 140-2 Level 2 and Common Criteria standards.  These standards
> require steps that were clearly not done here.  Yet, validation
> certificates were issued.
This is a misunderstanding of the CC certification and FIPS validation processes:
the certificates were issued *under the condition* that the software/system built on it uses/implements the RNG tests mandated. The software didn't, invalidating the results of the certifications.

At best the mandatory guidance is there because it was too difficult to prove that the smart card meets the criteria without it (typical example in the OS world: the administrator is assumed to be trusted, the typical example in smart card hardware: do the RNG tests!).
At worst the mandatory guidance is there because without it, the smart card would not have met the criteria (i.e. without following the guidance there is a vulnerability)
This is an example of the latter case. Most likely the software also hasn't implement the other requirements, leaving it somewhat to very vulnerable to the standard smart card attack such as side channel analysis and perturbation.

If the total (the smart card + software) would have been CC certified, this would have been checked as part of the composite certification.

(I've been in the smart card CC world for more than a decade. This kind of misunderstanding/misapplication is rare for the financial world thanks to EMVco, i.e. the credit card companies. It is also rare for European government organisations, as they know to contact the Dutch/French/German/UK agencies involved in these things. European ePassports for example are generally certified for the whole thing and a mistake in those of this order would be ... surprising and cause for some intense discussion in the smart card certification community. Newer parties into the smart card world tend to have to relearn the lessons again and again it seems.)

With kind regards,
Wouter Slegers

More information about the cryptography mailing list