Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cracking the Smartcards

Posted by michael on from the corporate-warfare dept.

hanuman writes: "So you know you're a true hacker when: 'Breaking the encryption alone would cost up to $5m. The process demanded the use of ultra-expensive electron-scanning microscopes, with the team probing wafer-thin chips no bigger than a thumbnail. Each chip contained up to 50 layers, with each layer in turn carrying up to 1,000 transistors, every one of which had to be pulled apart and analysed.'." This is a follow-up to the Vivendi vs. News Corp. story with more details about what is alleged to have occurred. Update: 03/14 12:28 GMT by M : And yet another story, which alleges that the head of security at NDS funded the website that distributed the hack for their rival's smart cards.

3 of 215 comments (clear)

  1. Low tech and ancient news. Read thise paper first by Anonymous Coward · · Score: 5, Informative

    I know guyz that have done this (SEM in light fast vaccuums)... and won.

    Read this VERY fascinating ggogle cache of the state of the art many years ago... :

    http://www.google.com/search?q=cache:wybhqqCka28 C: www.usenix.org/publications/library/proceedings/sm artcard99/full_papers/kommerling/kommerling_html/

    Its pretty darn good.

    Now the world has progressed to kracking using varrying external clocks, SEM as routine, probe points, etc.

    Everything is crackable.

    The best researchers (with published findings) arent in isreal btw, they are in Britain.

    please read that cached google paper, its really worth it.

    if the cache is dead try :

    http://www.usenix.org/publications/library/proce ed ings/smartcard99/full_papers/kommerling/kommerling _html/

  2. Not so hard by Anonymous Coward · · Score: 5, Informative

    I'm sorry to have to say that the article you
    referred to contains a gross inaccuracy: the
    exstimate of the cost of `cracking a smart card'
    is way overinflated. Smart card technology is,
    by its own very nature, not safe: any smart
    card is vulnerable to power/timing attacks
    and, even if expensive equipement helps, you
    don't need that much in order to recover the
    keys. As a matter of fact, given that amount of
    money the simplest way to force the system is
    an exaustive search on the 3des keyspace (yes,
    3des is the algorithm). I would advise people to
    read a bit more about Differential Power Analysis
    before going to court... I would suggest anybody
    interested
    to try to find the proceedings of any
    {Euro|Asia}crypt or of CHES (Cryptographic
    Hardware and Embedded systems).

    Regards,
    lg

  3. smart card cracking is not so easy... by Anonymous Coward · · Score: 5, Informative

    The question is was the smart card a 0.40 euro or a 10 euro one. There are smartcards that:

    Contain selfdestruct chemicals that immediately destroy chips core when opened (and they are pretty effective).

    Perform logical operations on complementary values at the same time (first order differential power analysis wont work).

    Have several polished layers of transistors( so you cant see the connection layout without carefully removing layers).

    Have encrypted internal bus(so you cant read single bits from the bus, becouse they depend on each other).

    Are designed to resist power failures (can't make that jump to crypto routine to become nop by dropping power or clock)

    Generally are designed by paranoid and smart people. Cracking such cards is not possible in a garage according to public research. However, any smartcard can be hacked with enough determination and the correct solution is to make sure that hacking of one card only compromises that one card and not the entire system. However I don't think that limiting compromise is possible in broadcasting environment.