Slashdot Mirror
Cracking the Smartcards
hanuman writes: "So you know you're a true hacker when: 'Breaking the encryption alone would cost up to $5m. The process demanded the use of ultra-expensive electron-scanning microscopes, with the team probing wafer-thin chips no bigger than a thumbnail. Each chip contained up to 50 layers, with each layer in turn carrying up to 1,000 transistors, every one of which had to be pulled apart and analysed.'." This is a follow-up to the Vivendi vs. News Corp. story with more details about what is alleged to have occurred. Update: 03/14 12:28 GMT by M : And yet another story, which alleges that the head of security at NDS funded the website that distributed the hack for their rival's smart cards.
Whenever anything remotely like hacking occurs, the hacked company dramatically overstates all financial figures as well as the level of expertise required to perform the hack -- makes it seem more malicious. Damages always have at least 6 zeros (preferably 9) and you need to have a team of 15 people working 24/7 for months/years. When the truth is much closer to one person hacking away in a garage for a few weekends and finding a fundamental flaw. And damages? Well, with intellectual property it can often be argued that damages are negative, with the exposure being provided by a new technical option actually increasing the total number of people interested in spending money on a product.
All that we have to go on is what is alleged to have occurred. It's too bad that such amazing feats, relevant as they are to all of our continuing efforts to secure our products and systems, cannot be directly described in more detail. Tell me again the ethical justification behind making code-breaking a legal issue?
And why do only businesses see this protection?
I noticed that the article emphasized the tax evasion angle. Wasn't that the same way they took down Capone?
Find out about my new childrens book: SS Death Camp Criminal Batallion Go To Monte Carlo For The Massacre
is this the best they could come with to justify
their losses ? Jean-Marie Messier (J2M) is just
a stupid fool with hypertrophied ego.
The Universal music division made also a laugh
of themselves by taking 5 years to release
their music encryption scheme, which was cracked
in 2 weeks, and had been overtaken by mp3s three
years before. They did not understand that they
could make money with mp3s (by merchandise,
concerts, and stuff) and keep spending billions
developing stupid encryptions, crashing web sites
and harrassing highschool students trading mp3
CDs.
Canal+ France was once a great channel, with all
major blockbusters maybe 10 months old,
great prOn, soccer, and excellent humor and hosts.
Nowadays they show less than half of the
good movies of the year before, most of them
being actually 18/24 months old (because they
have to go through their lameass pay per view channels first), run old TV movies, have
lost many of their young talents, audience
has plumetted to 1 % marketshare, prices
went up (some say that in the 80s coke was free
for everyone at their parties, now even
the prices of the other kind of coke at the
vending machines have gone up).
And they blame it on Murdoch and the Israelies !
Google passes Turing test : see my journal
I'm so sick of this.
I mean, I can understand why they do it but I'm still sick of it. All the way to the bone.
There was a time when companies could ask for money and then have something delivered to it's customers. Soon, this practise became standard all over the world and lots of people payed for things like TV and Radio. All non-physical in it's form, but yet valued highly enough for the consumers to spend their cash on it.
Then, came Computers and later the Internet. Suddenly, everything that could be put into a digital form and transported over the Internet was free for the taking. Consumers didnt have to pay for content anymore, all the non-physical things they previously payed for didnt cost a dime anymore. Of course, all companies scrambled to try to get old laws and rules to apply to the new world but it was pointless. Everything in a digital form was free, and there was nothing to be done about that.
Long story short;
if it's in a digital form (tv,radio,mp3,movies) it's free, and if it's physical (food,cinema,concerts,cars) it costs. that's how the future's going to be, you cant expect people to pay and then not get to keep it or lay their hands on it anymore - 'cos it's free. we are greedy by nature, and here I see yet another company kicking wildly on it's way down when it's marketing idea of selling nothing to people is starting to rumble, because it got too greedy. better place all that money on trying to embrace the new digital world than locking it out.
babylon is burning.
Anataka suki desu. Itsumo. Itsumademo.
The Guardian is a UK newspaper not owned by News Corp. and with no great love of them..
So keep this in mind when reading this that there will be a 'Lets take the piss out of NewsCorp' slant to this, since Newspapers gently dissing each other is par for the course (certainly in the UK, and I don't see it being different elsewhere).
Having said that, I actually Read the Guardian site almost every day, It's my favorite UK newspaper (because it has a gentle socialist bias), but I take everything I read, everywhere, with a pinch of salt. I always try to remember the source since it always alters the presentation of 'facts' and often which 'facts' get presented in the first place..
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
True - but I'm not so sure their goal was to "make billions off someone else's huge investment". If what Vivendi is claiming is true, the aim was (a) to undermine a rival technology (if Vivendi's smartcard was totally cracked then no other TV operaters would buy it), and (b) to cause pay-per-view rivals that used Vivendi's technology to lose money through widespread cracking - losing subscriber payments and having to spend more on counter-measures.
It must be remembered that the smoking gun could be this: NDS is 80% owned by News International. News International owns BSkyB pay-per-view sat network, which competes against Canal+ and, more directly, ITV Digital in the UK.
Whoa there just a second. Before we all start cheering "You go, geek!", let's analyse what you've just said.
It's OK for you to crack encryption and to disclose it - responsibly, I'm sure you'll claim, but you'll have to pick your own definition for what that actually means - because your intention is to help the creators improve it.
It's 20 years to life for an NDS employee to perform substantially similar actions, simply because their intention is different.
You probably reckon that if you ever screw up a disclosure (information wants to be free, right?), and information gets into the wild that helps commercial pirates to sell cracked cards, then it's a no-foul simply because you're one of the good guys. In that case the damages to rights owners is just an unfortunate accident, it wasn't your fault, it was that 1337_h4x0r guy you'd known for three whole weeks on IRC, who promised he was a white hat and that you could trust him with the disclosure, and so on.
I can understand your stance, but I'd suggest that in practical terms that any disclosures you make will be judged (prosecuted, rather) on the consequences, and that you'll have to rely on your good intentions purely as a last ditch defence, and not as a cloak of invulnerability. I'd be very careful about wishing for long sentences for black hats, because I suspect that a jury might be rather less inclined to believe a plea of "I never meant to hurt anyone" from someone that the prosecution has just described as an evil computer hacker with a track record of hiding behind anonymous pseudonyms ("standards") to cover up his nefarious acts.
In other words: don't be too sure that something as fragile as the truth will protect you. Lawyers get paid a lot of money to lie very convincingly on behalf of their clients. How convincing could you be if you ever have to prove your innocence?
If you were blocking sigs, you wouldn't have to read this.
I think the interesting part is this just shows with enough big dollar corporate investment, even sophisticated security schemes can be cracked.
Yes, they can, but it should also be pointed out that this one wasn't very sophisticated in the ways that count. I design smart card security systems for a living, and these guys broke a cardinal rule: "Never assumer that the cards are invulnerable -- because they aren't!" In fact, no security device is invulnerable. Like a good safe, a security device provides an obstacle that can be overcome with time and effort (although the bar is much higher for the best smart cards than for the best safes). So, any well-designed system should have mechanisms in place to ensure that the break of one card does not compromise the whole system, and to ensure that the cost of breaking one card (around $300K for the best cards, not $5M, and less for older cards). Designers of physical security systems utilize the same principle, although in a different way. Safes are surrounded by alarms, cameras and guards whereas cards are (must be) placed in the hands of potential attackers. The point is, a good design takes into account the strengths and the limitations of the technology and plans accordingly.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
California has most well detailed Penal Code with the most case law history.
California has the least ambiguity in its Penal Code.
But this is a Civil suit probably so who knows.
California is a state that (except for employee IP theft disputes) always sides on the larger corporation usually if it is a gray issue.
In this case it is not exactly a gray issue, but if other hackers cracked it before this compnay did, then the point is moot.
Contain selfdestruct chemicals that immediately destroy chips core when opened (and they are pretty effective).
Very cool. Can you point out any specific chips? I'm not familiar with any that have this feature.
Perform logical operations on complementary values at the same time (first order differential power analysis wont work).
Note that Kocher has described ways of defeating the complementary operations approach. It's based on the fact that because the set of transistors performing the complementary operations are not exactly the same as those performing the "correct" operations, it's possible to distinguish between them. But, yes, there are a variety of ways to defeat DPA and symmetric cryptography modern cards is not vulnerable to DPA (PK operations are still quite vulnerable, AFAIK).
Have several polished layers of transistors( so you cant see the connection layout without carefully removing layers).
Absolutely. And the layering is also structured to try to place more sensitive data near the center of the stack.
Have encrypted internal bus(so you cant read single bits from the bus, becouse they depend on each other).
The Dallas chips did this, but they were broken. Are there others?
Are designed to resist power failures (can't make that jump to crypto routine to become nop by dropping power or clock).
Yep, and you should also mention that they monitor other environmental factors like temperature levels, because attacks have been devised that exploit freezing chips or overheating them.
Generally are designed by paranoid and smart people.
And this is the best point in your post. Smart card chips are designed by smart, paranoid people who also try to break them and study the attacks that do succeed so they can build countermeasures to those attacks in the next round.
Security is a constant cat and mouse game, with better and better attacks leading to better and better defenses. In the smart card world, the defenses have already progressed far beyond the stage where attacks you can perform in your garage are likely to be successful. Then again, there are plenty of smart card systems being designed and fielded by clueless idiots, so we'll be sure to see plenty more "Smart cards hacked!" stories on /.
However, any smartcard can be hacked with enough determination and the correct solution is to make sure that hacking of one card only compromises that one card and not the entire system.
Hear, hear. I've employed many paragraphs to make the same point. But I've never been accused of being overly concise ;-)
However I don't think that limiting compromise is possible in broadcasting environment.
Same signal to all consumers -> same decoding keys for every consumer -> all decoding cards are identical in critical ways. Yeah, seems like an intractable problem.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I was thinking, if these satellite companies implement their smart cards using Java Cards (which are themselves dynamically reprogramable by nature), couldn't they deal better with these issues???
When something like this happens (i.e.: the code is broken), all the satellite operator has to do is send new code to the setup box which will write it on the card, then the code in the card is used to decode the incoming broadcast.
It's like assigning the card a new set of keys in a public-private cryptographic key.
HOWEVER, I think this will never be solved until satellite operators can do two-way communications with the setup boxes themselves. Who knows, maybe in the future satellite operators will require users to connect to the Internet at least once a month to update the software of the smart cards, thus giving them enough time for the new codes to be deployed far and wide. Heck, I'd actually have new codes daily!!!
For those into techno-religious wars, I used Java Cards as an example, as opposed to other types of smart cards, because Java gives a unified API and object-based execution environment for ALL cards regardless of their origin, which is exactly what's needed to help this situation out.