Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>
22Jun98 USA: CODE BREAKER CRACKS SMART CARDS' DIGITAL SAFE.
By PETER WAYNER.
(ART ADV: Photo showing Paul Kocher is being sent to NYT photo clients.
Graphic is being sent to NYT graphic clients. Non-subscribers can make
individual purchase by calling 212-556-4204 or 1927.)@
To the companies in the smart-card business, Paul Kocher may be too smart
for their own good.
For the last year, Kocher's four-man consulting firm in San Francisco has
kept big credit-card companies and banks on edge by sharing details of his
discovery of a way to break into the newest version of smart cards -
credit-card size devices that contain a tiny computer chip and can be used
for a variety of purposes including storing so-called digital cash.
Although Kocher's intent has been to warn the industry and sell it possible
solutions, his expertise - in the hands of thieves, counterfeiters or
impostors - could compromise the security safeguards of smart cards, which
are coming into widespread use in the United States and Europe.
The cards are at the center of the plans by the banking and credit-card
industries to cut costs and improve customer convenience by replacing
conventional magnetic-stripe cards with ones that not only can act as a
debit or automated-teller-machine card but can also be loaded with digital
cash that would function as legal tender wherever merchants hav power
consumption of the chip.
It is a sophisticated type of analysis, but the rudimentary "laboratory" -
in this case a three-room office suite, some garden-variety PCs and several
thousand dollars of electronics equipment - indicates that it does not
require elaborate tools to crack what is supposed to be a highly secure
digital safe.
As details of the technique circulate, as they invariably do in the hacker
underground, imitators will almost certainly try to duplicate Kocher's
experiment. For his part, Kocher, who at 25 is already a well-known expert
in code breaking, said, "As the expertise becomes more widely available,
the threats will become more than academic."
Peter Neumann, a computer scientist at SRI International, a research group
in Menlo Park, Calif., said the approach had "enormous potential as another
technique for breaking weakly designed and badly implemented devices."
Though already in wide use as bank cards in Europe, smart cards in the
United States have been mainly used so far for controlling access to
buildings and protecting against fraudulent use of new types of cellular
telephones. But U.S. banks have begun experimenting with the cards, as
Chase Manhattan is doing in a test of Mastercard International's Mondex
system on the Upper West Side of New York City.
Banks trust that the computer chips embedded in tamper-resistant packaging
will act like a virtual branch office, dispensing money and crediting
accounts to the right people. But if someone could break through the card's
defense, then that person could conduct fraudulent transactions, load
counterfeit digital cash onto the cards or create various other forms of
mischief.
So even as smart-card executives seek to play down the threat posed by
Kocher's discovery, and they stress that no known break-ins of his sort
have occurred in the real world, the industry knows it must continuously
improve smart-card software and hardware.
"In a sense, this is an arms race; the attackers will always get better,"
said Richard Fletcher, the head of strategy and planning of Mastercard's
Mondex smart-card division. "The only defense and the best defense against
future attacks is to keep moving and keep changing."
Gerald Hubbard is the vice president of marketing in the United States for
Bull Smart Cards, a company that says it has shipped more than 120 million
money-carrying smart cards throughout the world. He said that his company
had known about the Kocher type of attack for more than four years and had
installed safeguards to thwart it. But, Hubbard said, "You can never say a
card is 100 percent immune."
In fact, some other industry executives expect it to take perhaps two years
before there will be smart cards and related hardware that will be
impervious to Kocher's type of attack.
Kocher said he had approached the smart-card industry last year with the
details of his discovery because he knew that criminals might also use the
same tricks. But he said that he did not publicize his findings, so that
the industry would have time to adopt defenses, including techniques for
which he has filed for patents and which he is now licensing to the
companies.
He publicly announced the smart-card security flaw two weeks ago, only
after The Australian Financial Review published an article about his
break-in technique.
Kocher's company, Cryptography Research, analyzes and tests
computer-security hardware and software for many of the leading computer
companies. His discoveries of flaws in supposedly secure technologies have
drawn attention in the past - as in 1995, when he found that he could break
into smart cards by simply timing how long it took them to process data.
In the case of this newly disclosed smart-card problem, Kocher and his
colleagues found that the cards' consumption of electrical power could
disclose vital information about the secret key that protects the money or
other data on the chip.
By watching the monitor of an oscilloscope, a device that measures the
power use on a screen similar to the way a cardiac monitor displays a
patient's heart action, Kocher's team was able in some cases to use the
electrical pattern from a single transaction to decipher the key to the
code. In other cases, they were forced to use more sophisticated
statistical techniques to analyze the results from as many as 1,000
transactions.
Kocher said his team had spent at least as much time looking for solutions
as it had in identifying the security flaw. A possible remedy involves
masking the transaction in digital noise by adding meaningless random
calculations that would consume random amounts of current.
Another possible solution, which according to Mastercard officials is being
incorporated in the latest version of its Mondex smart-card software, is to
vary the order of the operations in the software to make it more difficult
to identify patterns in the consumption of power.
A banking-industry goal with smart cards is to cut costs by eliminating the
need for central approval of a debit or credit transaction. By some
estimates, the marginal costs for clearing a smart-card transaction are
well under a penny. Credit-card transactions, however, typically require a
long-distance computer network and a large central database for examining
each deal, and the transaction eventually means billing a customer and
cashing the payment checks.
These steps add up to 25 cents a transaction, on average, compared with
about a penny for a smart-card transaction, in which all the authorization
information - and even the money itself - can be contained on the card's
chip.
To create an audit trail that might help track fraud, however, Visa
International's smart-card system uses merchant terminals that report
transactions to a central data base at the end of each day. "We don't feel
it is a good idea to have the security depend upon the chip itself," said
Philip Yen, a senior vice president of Visa International. "We think it's
more important to have complete system security."
Fletcher, of Mastercard's Mondex, contends that including any sort of
central control runs counter to the purpose of a smart card - giving
customers the ability to use the money on a card just like cash.
"The critical point of any digital cash system is that you're off line," he
said. "There's no online link at that point. You're critically dependent
upon the card's security."
As the banks debate the security trade-offs, there is one certainty: Paul
Kocher and others like him will continue to look for chinks in the
smart-card armor. And as Kocher likes to remind the industry, "We have not
yet encountered a card that couldn't be broken."
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Jun 23 07:28:22 1998