Slashdot Mirror
Smart Cards Vulnerable to Photo-Flash Attacks?
belphegor writes "Researchers at the University of Cambridge have
found a way to use a camera flash and microscope to extract data from smart cards. " Notable because its apparently relatively
simple to do and really throws a monkey wrench into a variety of businesses
that use smart cards to store important data.
It immediatly destroys it's internal data when forced open.
Here's the link.
-... ---
there is very little tamper protection on smartcards due to their flimsy construction. you cant make a rapid zeroization system on something that isn't rigid and tough enough to be driven over repeatedly by a car or take the huge amount of abuse the human carrier provides every day.
except... dallas semiconductor long ago created the ibutton that is more secure and better than any smartcard..
(I know I sound like a broken record, but ibuttons are way better and cooler than any smartcard, and you as a home hacker can use them!)
Do not look at laser with remaining good eye.
Where's Adobe when you need them?
My sig sucks.
Oh my God! You mean the security device that corporations have been hailing as super ultra mega secure and completely impenetrable is easily circumvented?
SHOCK! HORROR! SURPRISE! Yawn...
Your data's on Candid Camera (tm)!
The speed of time is one second per second.
All that needs to happen is for makers of smart cards to send money to Congresscritters to pass laws against smart card "circumvention devices" and have anyone making, selling or posessing a flash-based camera arrested.
Remember, when a security technology is comprimised you don't improve the technology, you outlaw anything that exposes its weakness.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
It's not prostitution if your karma is 50.
"If you create user accounts, by default, they will have an account type of Administrator with no password." KB Q293834
"Beyond such Actions and Surveys as are required in the Construction of said Census, any and all Inquiries by Congress into the Private Matters of the Lives of Citizens is Therefore Banned."
Too bad that doesn't apply to the IRS.
"Alex Giakoumis... said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system."
However, it is speculated that the card contains material that can obscure the flash, literally achieving "security through obscurity."
"How to Do Nothing," kids activities, back in print!
Now I just got to figure out how to add money to my laundry card. That thing has eaten more money than I've used on the machines...
"We used duct tape to fix the photoflash lamp on the video port of a..."
:-)
Is there anything in this world that cannot be fixed with duct tape?
A few years ago I was told about similar technique involving elctron beam (or something like this). Generally, physical access to anything means full access to all contained infomation. Old security principle.
On the one hand it means no equipment may be trusted since it comes to customer's hands. On the second, I see no problem if I can rip the data which belongs to me (I know, it's generally not the case when it comes to SC). Smart Cards always have been security by obscurity for me. This lesson the industry never learns, I'm afraid.
Lemme see if I understand right. Reverse engineer hardware to show its inherit ineffectualness -- that's ok. Reverse engineer software to show its inherit ineffectualness -- that's illegal.
Ok, just making sure.
All they need to do is intertwine single wall carbon based nano tubes throughout the memory. When the camera flash hits the memory, the memory will self destruct.
There is no
Isn't this circumventing a protection system? Its only a matter of time before these guys are arrested.
They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.
With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope.
Could they make the cards so that removing the coating destroyed the chip?
Ok, maybe everyone else on slashdot has a full clean room. I mean, it could be a possibility. But when I hear phrases like "focusing light on a single transistor" and "Wentworth Labs MP-901 manual probing station" I tend not to think of simple or easy to do. I'm not saying you couldn't hack one, I'm just asking what % of criminals are going to have access to a "manual probing station"?
Find out about my new childrens book: SS Death Camp Criminal Batallion Go To Monte Carlo For The Massacre
So much for technology! What is secure exactly? Seems like just as we start to believe that we are living in Ft. Leavenworth we realize that instead we are living in grandpa's shed. The good thing in all of this is that my credit card company is not technology minded so I do not have one of these. So for those of you that have one hope that the guy who steals your credit card is not a prior science nerd with a access to a camera (w/ flash of course).
. . . and the moral of the story is: Just 'cause something says that it is smart doesn't mean it is.
"Entertain the Brutes"
And if I'm not running an enccrypted filesystem on a hard drive, and someone steals the hard drive out of that computer, they can read the data. Now I consider this article's significance to be just another reminder that physical security is important.
(quoting from the linked article)
"The Pentagon (news - web sites) has armed soldiers with smart cards for online identity and physical access...Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed. Typically, after the card holder authenticates the card by supplying a pin number, the private key will then be used to encrypt any sort of transaction using the card."
Since laws only stop people who obey laws. Not people with a large enough incetive to benefit from sevurity circumvention.
It's more fun to use a good sized tightly focused flashgun to melt the plastic underneath dark ink on CD's and plastic bags. You can also try this trick on things like phone books and see a quick puff of smoke from the instantly vaporized ink and paper.
Use a digital angel type technology and stick the chip in your hand.
No flash bulbs or microscopes would be able to penetrate and you wouldn't have to worry about loosing the thing.
rev 14.9
Wouldn't mind being able to do this to a DirecTV access card. Grab that juicy elliptic crypto key...
Seriously though, this works well for unlocking locked out cards, and reading the rom... but for other info that may be in a rom not directly accessible to the 8051 mcu, this isn't very valuable. Also, some of the nicest info, might not even be in a rom, but weaved into a crypto asic.
Still, if you can alter the value of a register with the microscope... could you actually read out by hand the values stored in a masked rom? Or reverse engineer an asic?
This could kick some serious ass.
Remember, when a security technology is compromised you don't improve the technology, you outlaw anything that exposes its weakness.
Well, that's one way to get rid of Windows...
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
...that it's best not to keep all your eggs in one basket. Knowledge of hardware and software security as well as common sense is required for if security is paramount.
You can't have a proper hack job without Duct Tape (capitalised because it is Holy) and this research was no different.
Smartcards are not 100% secure... but can they be made secure enough? And where do you draw the line? 1 in a million fakes, or 1 in a billion?
Differential Power Analysis and even Simple Power Analysis (SPA) can be used on a smart card.
This wasn't mentioned in the article, but apparently young Skorobogatov discovered the smart-card vulnerability during the bright flashes of his dad's exploives tests at the tender age of six.
Have fun: Join D.N.A. (National Dyslexics Association)
This is a neat trick, sure but it's not a big issue.
:)
:).
This could ALREADY be done by anyone with a smart card reader already (which is cheaper than a camera and a microscope I might add!).
Duh!
Sensitive data on cards are stored encrypted using the readers public key. The data on the smartcard can be sent from the reader to a centralised location (over a network, much like the way credit cards are verified in realtime just now) and then decoded and verified by a central point (or a selction of central points for redundancy).
It's a given that the smartcard could always be read - this has been accounted for in design of secure systems that use smart cards (we'll the good ones anyway, addmittedly there are quite few which don't (there are a lot of muppets in this industry)
At a certain level every security measure in computer are from obscurity, you are safe because no one knows your password. But the problem arises when the design of the security measures must be made secret to keep it safe. I don't know if this is the case with the smart cards, or at least with all of them.
[]'s Victor Bogado da Silva Lins
^[:wq
You still need access to a "manual probing station" I hear some online DSS reatailers have them...Not sure about the duct tape tho ;)
There is no spork.
...but not so easy to do without someone noticing. I mean, if you're going to have the Flash card in your possession long enough to perform the attack UNDER A MICROSCOPE, wouldn't it just be easier to yank the data with one of those smart-card reader/portable hard-drive things that ThinkGeek was advertising on here?
The only surefire protection against Microsoft infections is abstinence. - The Onion
...someone would already have slapped an injunction on them under the DMCA. Wheeee!
-EvilMagnus
Well and good, but the Constitution has no such language. I salute you for a troll subtle enough that most people wouldn't pick up on it, however.
Troll rating:
First paragraph sounds reasonable and authoritative: 1 point
Factual statement about privacy invasion: 1 point
Reference to the constitution with the word "decannual": 1 point
A spurious "quote" from the Constitution that only a slashdotter could have written: -1 point
Cliche'd ending sentence about our "forefathers": -1 point
While you should be proud that you have a troll rating in positive territory, that's still not enough to send you over the edge and spark a flame war. Try again, next time.
John Ashcroft could never be wrong...
tcd004
....is to start making smart cards out of nanotubes! That way, when the hackers try to extract the data with their camera flash, the cards will explode! BOOM!
-Ed
Graphic Design, Web Design, Computer Rendering, Role-Playing Games...All the Good stuff
docbrown.net
Ed Wedig
Graphic design services
docbrown.net
I-buttons are being spoken about elsewhere here. They are nice and can fit nicely on a key ring, but the form factor of the smartcard is easier when you have more than one in your pocket.
However, a smartcard is better than a credit/debit card with a magnetic stripe. It is better than a physical key. Both of these can be duplicated in seconds. Someone has to have your smartcard in their possession for several hours before an attack is likely to succeed. Hopefully, you may have noticed by then and have cancelled the thing.
Ya but can he leap from tall building to tall building and stop bullets with the force of will?
/.................../ \\
They can't do this from afar. They have to actually be in physical possession of your smart card, scrape the protective layers off, and put it under a microscope. The problem is that because smart cards are more "secure", they are trusted more, and so actual breaks in such security are harder to prove. So this is like an easy way to find out someone's PIN number once you have their ATM card.
"You have the option of insanity. I do not. And that makes me crazy!" - Brian to Angela, My So-Called Life
a manufacturer who had read the paper said it believed its products were not vulnerable to the attack.
A R.html?todaysheadlines
I love how the smart card manufacturing companies are just denying that this is a problem and saying that they've already looked at that issue. Do you really think they feel that way and have covered this problem already, or off the record they are panicking to find a way to fix the problem? I would guess that this is new to them, but that they don't want to admit their cards are vulnerable.
BTW, The story is taken from the NY Times, so if you have problems getting to the Yahoo! version of the story, try this link:
http://www.nytimes.com/2002/05/13/technology/13SM
Most people would die sooner than think; in fact, they do.
"We used duct tape to fix the photoflash lamp on the video port of a Wentworth Labs MP-901 manual probing station," they wrote in their paper.
No matter how high tech, there's no experiment that can't be improved with duct tape
Watch the Teaser Trailer for "The Lightning Thief" Her
Protection against physical tampering is secondary. It's nice, but even if it didn't exist at all, smart cards would still be very useful. This particular attack seems so tricky that it may not even be worth doing anything about.
Maybe it's just me... but for $260 you can purchase a smart card burner (meant foe dss but has many other wonderful applications) pop it in, hack and enjoy... much easier than scraping and hoping you didn't screw it up. I just wonder when the technology community will finally realize no technology is foolproof... the fools are too damn smart.
Lisa: Dad! The flash must have scrambled their circuits.
Homer: What are you, the narrator?
-- The Simpsons, Itchy and Scratchy Land, 2F01
Let me think,
The US Government,
The UK Government,
The French Government,
THe Canadian Government,
The Japaniese Government
need i continue
oh and of-course Microsoft.
thank God the internet isn't a human right.
Not sure we should go into much detail with this conversation here, but those DSS retailers are thieves, even by my admittedly low moral standards.
It would be like them, to have the tools to throw things wide open (and become modestly rich doing so) but hesitate because they are too short-sighted and want to continue with their status quo. They steal from DirecTV, and steal from the consumers too. My god, with average viewing habits, it costs as much or more to pirate the signal, than it does to just subscribe. And there is no hassle when an ECM strikes, either... how much is that worth?
Hypothetically though, let's say some guy uses this technique to grab that crypto key. That guy buys a $250 FPGA-PCI prototyping card. He loads pitou on the machine, to emulate most of the access card... and a crypto core from opencores.org onto the FPGA to emulate the asic. Boom. instead of driving 1-3 recievers off of a legit 3.5mhz asic, you'd have an FPGA running at 100mhz. No access card even necessary... and FPGA cards have legitimate uses besides pirating DirecTV.
God, I love being a hardware hacker. Even a no-good bum talentless hardware hacker, is better than not being one at all.
Alex Chiu, where are you?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The point is simply that it can be done, without needing to break the encryption on the card, which is HARD (in the mathematical sense).
And an optical microscope and a flash gun are a lot cheaper and more common than a scanning tunneling microscope, which probably remains the tool of choice for reverse-engineering cryptographic hardware.
-Mark
Great. They're criminals in the US under the DMCA.Yet another reason to revoke it.
Dear Mr Troll,
Could you please convert this cute picture of a squirrel into ASCII art suitable for posting on slashdot?
thx
To do this he needs first to get physical access to the card, which is inside the phone (usually under battery). Having access to the phone, usually allow him to make calls anyway without complex card reading procedure.
A team of researchers from I.B.M.'s Thomas J. Watson Laboratory in Yorktown Heights, N.Y., said they would present a report at the conference based on their discovery ...
Dmitri called. He said if you see any guys in cheap suits applauding on stage right, exit stage left.
Mr. Anderson.. I find your lack of cooperation.. disturbing.
--
If you moderate this, then your children will be next.
From what little I know, any criminal who has been to jail has had access to a "manual probing station". IANAC (I Am Not A Criminal), but I think it's located in the showers.
-Sou|cuttr
Neo reads matrix. News at 11.
-CZ
You're right, physical security is important. But the problem here is that physical security becomes more complicated when you are *intentionally* giving your smart card (credit card, ID badge, etc.) to someone (waiter, security personell, etc.).
You need to trust that waiter isn't going to take your card and swipe it with his palm-pilot card reader. Now, I guess you also need to trust that the waiter doesn't have a photo-strobe and microscope handy.
Your hard disk, on the other hand, is not likely to leave your posession normally, unless someone steals it, or you RMA the hard disc with the manufacturer.
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
Mr. Anderson is a well-known computer security researcher whose work in both computer security and cryptography is widely recognized.
My name is Neo!
Actually, the real problem currently is that many of the cryptographic cards presently deployed store the keys plaintext in memory -- and they can be retrieved from the host (as much of the work is done on the host computer when signing/verifying/encrypting/decrypting). The most recent cards (and the ones coming out soon) generally do a better job of this -- and employ a variety of techniques to prevent this sort of attack (encrypting the storage on the card is only one such approach). Wish I could talk about it in greater depth, as I work on just such a product, but NDAs and other contracts prevent it.
I've been able to rip the raw data from smartcards for months using my unLOOPer.
If you don't believe me, ask DAVE.
I haven't read in -1 for a long time, this is a interesting troll. I love how you mutilated the *BSD troll and made it sound origional.
Thanks for the laugh
(logging in so I can watch replies, don't mod down please)
I live in a giant bucket.
I wonder if /. will get busted for pushing circumvention technologies? Lock up the microscopes before the l33t h4X0rs 0wN j00!
Yes, because by interpreting radio signals that Hughes Aerospace is beaming through your head right now as a football game rather than as static, you're somehow taking the property of DirecTV, not to mention other consumers. This is like some sort of piracy Heisenberg theorem, isn't it - a signal that's observed is "pirated", while a signal that's ignored isn't? How is it Hughes out any more money if their signal is absorbed by your head or a rock rather than a "pirate" satellite dish?
And your other argument was that it's cheaper to just buy it in the first place? Heck, if I had the time, I'd intercept and decrypt DirecTV signals just for the fun factor :)
Your right to not believe: Americans United for Separation of Church and
Cool. I've always wanted a power ring of some sort. Now I can have one. Put a sensor on the monitor, and have a voice recognition system, and voila! a system you hold your ring to and say "By the power of Linux" to log in.
"I'm not impatient. I just hate waiting." - My Dad
I thought the DCMA made this sort of research illegal?
'Cause after all, we don't want to know about serious flaws in our security systems, do we?
(Spudley Strikes Again!)
If people had the chip inside their bodies, then epeople would be safe, LOL.
You can't "read" the program data off a smart card... even with a reader. You can only read the output that the smart card povides through its interface. This would be the encrypted data which you can decrypt with the public key.
To get the program and data (private key), you have to be able to read the memory directly. This is not possible with a smart card reader. Hence, the attack with microscopes and whatnot.
You want the private key in order to ENcrypt data to be read by the smart card or the institution that issued it in order to fake the system.
Vortran out
Knowledge is like ignorance.. too much can be just as bad as not enough.
He said his company had built defensive measures into its products that would make them invulnerable to such an attack.
They're invincible!!!! Invincible, I say!
However, he said he was unwilling to be specific about the nature of the security system, because such information would be valuable to someone who was attempting to break the security of the Atmel smart cards.
Well, not THAT invincible...
---"What did I say that sounded like 'Tell me about your day?'"---
How does our 'lion cash' chip work at PSU? anyone konw? I konw the cash amount is kept on the card. This I am sure of. If you loose the card, they say you loose the money. I am positive of that. I would be intrested though in seeing how that chip works.
Oh yes, agree of course, but no I am talking about smart cards (though depending on the use).
:-).
Encrypting the data on the card acts as a second layer, as the data on the card is encrypted by the card (as with, say a Sky TV card), but having that data itself also be encrypted against a public key and verifed by the device reading *as well* (which would be appropriate for something like say a secure door pass networked to a central server) would be appropriately secure (though biometrics would probably be more secure, if only they were reliable [HHOS]
By way of illustration:
*insert smart card in door pass*
Smart card: Hi, gimme some data I can use to authenticate you.
Reader: Here you are.
*Smart card churns over*
Smart card: Okay, here's some authentication data based on the input you gave me.
Reader: Cheers, let me check that data by decrypting it against my private key.
*Reader sends data to server*
*Server decrypts key, compares contents (a passphrase) against a stored hash of the users passphrase.*
Server: Yep, authenticates okay.
*Door opens*
This way, even if someone reverse engineered your card and built a reader, they could not get the data out unless they were also able to decrypt your authentication.
If the card supported writing data to, you could give it a key based on a onetime pad after authenticating them too, which would be really secure (meaing the card would have be used before it was reporting missing or compromised, as you couldn't then simply make one identicle copy and keep using it because it would of course change each time it was used).
I'm seeing a lot of very similar replies, so I guess I didn't explain it very well :-).
:-).
:-) Possibly just for authentication pherhaps....(though to be honest, that level of security would be be relevent in this particular instance :-)
Re posting this as a reply to myself so that more people will see it..
Encrypting the data on the card acts as a second layer, as the data on the card is encrypted by the card (as with, say a Sky TV card), but having that data itself also be encrypted against a public key and verifed by the device reading *as well* (which would be appropriate for something like say a secure door pass networked to a central server) would be appropriately secure (though biometrics would probably be more secure, if only they were reliable [HHOS]
By way of illustration:
*insert smart card in door pass*
Smart card: Hi, gimme some data I can use to authenticate you.
Reader: Here you are.
*Smart card churns over*
Smart card: Okay, here's some authentication data based on the input you gave me.
Reader: Cheers, let me check that data by decrypting it against my private key.
*Reader sends data to server*
*Server decrypts key, compares contents (a passphrase) against a stored hash of the users passphrase say (just as an example).*
Server: Yep, authenticates okay.
*Door opens*
This way, even if someone reverse engineered your card and built a reader, they could not get the data out unless they were also able to decrypt your authentication.
As a stage further, you could give the card a new 'key 'based on a one time pad after authenticating them too, which would be really secure (meaing the card would have be used before it was reporting missing or compromised, as you couldn't then simply make one identicle copy and keep using it because it would of course change each time it was used).
This *could* even work in something like Sky / OnDigitial boxes because they both already have modems which could be used to authenticate the new card (monthly, or yearly when a new card was inserted) but not obviously for realtime decoding of video data.
Of course:
:-)
:-)
Though to be honest, that level of security would be be relevent in this particular instance
Should read:
Though to be honest, that level of security would *not* be relevent in this particular instance
Well, I do this for the fun factor.
Yes, I agree that interpreting signals beamed onto your property is nothing evil or or thieving. Make no mistakes though, the law isn't on your side (not even in Canada anymore). What is even worse, apparently DirecTV has the technology to aim where they send this signal. I'm not sure how finegrained it is (doubtful that it can send to your neighbor subscriber, but not to you), but they no doubt improve it slowly just so the burden isn't placed on them. Much easier to buy laws.
Dealers though? Dealers ARE stealing. If anyone has the right to sell this signal, and I'm not sure anyone does have it, it most certainly is DirecTV's right, and theirs alone. Dealers aren't selling things at a modest price, so that they can make a living, or anything like that, they are profiteering. No excuses or justifications are possible. The very thing they are selling, is watered down, so they can continue to sell it longer, and jack up prices. That's why I would love to see some asic emulation VHDL show up anonymously on the web. Would destroy their access card black market, would make the supply for all practical purposes unlimited and just totally screw everything over.
Well for me it does. I work for a certain company that's trying to use smart cards in a certain product that shouldn't use smart cards but buzzword loving project managers don't want to use anything else... so anyway, I guess this will mean we have to scrap the whole smart card idea and start over on something else...
~ now you know
I read about the waitron pocket-scanner, too. Most of the waitrons I know wouldn't have been coerced, they would have done it for free drugs, which is how this was probably paid for. After the first couple of payments you'll either keep coming back or they'll use the past drug payments against you..
I don't see the big deal... By the time it takes for a criminal to do this flash thingie to your smartcard, hopefully you'd notice its gone and change your stuff accordingly. :)
And hey, as far as door access goes,
my "smart crowbar " Beats the heck out of a smart card anyday!
Agreed on that - decrypting broadcasts should be fun for the whole family, not just a few dealers. Although I'm not sure how they could be stealing the signal; they're just selling hardware, not the signal itself, aren't they? You could say that they're profiteering on the hardware, but not on the signal, I think.
Your right to not believe: Americans United for Separation of Church and
Excerpt from article: ... the private key will then be used to encrypt any sort of transaction using the card.
Apparently its either:
1) I really don't know anything about PK Crypto or
2) oh come on can't you take a joke at the expense of the lack of knowledge the the reporter has on the matter....
Have a nice day hehe!
Here we go again!
From the article:
"We've already looked at this area."
He said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system, because such information would be valuable to someone who was attempting to break the security of the Atmel smart cards.
Great! They've solved the problem by adding a thin layer of obscurity! I feel secure now.
Awww, I thought those blew up too, just like the buckeyball-tubules....
"By sequentially changing the values of the transistors used to store information, they were able to "reverse engineer" the memory address map, allowing them to extract the secret information contained in the smart card."
Forgive me, but shouldnt these guys be in jail, or in court for this?
So what would they do, take a a picture of the card and watch all the 0's and 1's fly out?
Question everything that you've accepted without thinking.
It's Neo.
If it's secure, but only because noone knows how it works, then it's inherently *NOT* secure. When will they learn?
OBSCURITY IS NOT SECURITY
*sigh*
If someone grabs your smartcard, why wouldn't they just *use* it. Or call the credit card company, tell them they're you, pass their rigourous security screening questions like asking for your social security number, and get a new card. Social engineering is a lot easier than tunnelling a flash with a microscope.
... it's a *key*. That's why you keep keys safe. Someone grabs my keys (those little jangly jagged metal things), they can use them, and if they have key duplicating equipment, they can duplicate my keys. Big deal.
Jesus
I've finally had it: until slashdot gets article moderation, I am not coming back.
We don't live in a perfect world. So why would everyone want everything accessible in one place?
I see the future where the rich people create all these smart card gadgets to eventually be beating and out smarted by criminals, bums, and hackers.
Don't lose hope bums and hackers, soon one day we will come to power. The world will be ours again.
Til then I can't wait for my cool ibutton ring that will show my change in mood, unlock all my doors, and bring back the roman days when they had the wax and ring as a symbol of wealth.
As I look into my crystal ball, I see the future with everyone wearing a ring that has all personal records. The ring will also unlock every door I own (car, house...etc). People will want convience and it will have its price.
Here's to the future - www.ibutton.com/ibuttons/images/javaring.jpg
Doesn't this attack require you to have physical posession of the card, and doesn't it destroy the card in the process? Doesn't sound like much of a security hole for GSM phones to me. When was the last time you loaned out your smart card to a criminal, and didn't mind getting it back disassemble? Now it is a serious security hole for the smart cards used for decrypting sattelite television...
Smart Cards
Smart Tags
Smart Devices
Smart Clients
Smart Phone
Smart Thinking
Smart Display
Smart Interface Pointers
Smart Clip Art
Smart Online Business
Smart Downloading
Smart Worker Seminars
At this point, wouldn't it be prudent to just quit using that word for anything to do with computers?
Timeo idiotikOS et dona ferentes
That loud thud you just heard was the collective DirecTV Signal Integrity Unit having a bowel movement.
... are in a 1.3 Mb PDF paper by security guru Ross Anderson here
I have to say, having developed a product with smart cards, this is pretty interesting.
However, we aren't stupid, we encrypted the data... so it won't get them much. I suggest others do the same thing, and pretty much expect that they have.
Here is the article: Optical Fault Induction Attacks.
Abstract:
We describe a new class of attacks on secure microcontrollers and smartcards. Illumination of a target transistor causes it to conduct, thereby inducing a transient fault. Such attacks are practical; they do not even require expensive laser equipment. We have carried them out using a flashgun bought second-hand from a camera store for $30. As an illustration of the power of this attack, we developed techniques to set or reset any individual bit of SRAM in a microcontroller. Unless suitable countermeasures are taken, optical probing may also be used to induce errors in cryptographic computations or protocols, and to disrupt the processor's control flow. It thus provides a powerful extension of existing glitching and fault analysis techniques. This vulnerability may pose a big problem for the industry, similar to those resulting from probing attacks in the mid-1990s and power analysis attacks in the late 1990s.
We have therefore developed a technology to block these attacks. We use self-timed dual-rail circuit design techniques whereby a logical 1 or 0 is not encoded by a high or low voltage on a single line, but by (HL) or (LH) on a pair of lines. The combination (HH) signals an alarm, which will typically reset the processor. Circuits can be designed so that single-transistor failures do not lead to security failure. This technology may also make power analysis attacks very much harder too.
This is really nothing new. Anyone with some knowledge of circuits and a logic analyser has always been able to watch the data flow from the smart card. This will allow you to figure out the passwords, allow you to even snoop data, but still makes the smart card mostly useless outside the device. The reason being is Atmel smart cards use a challenge responce authentication protocol.
Without getting into (unfortunetly I did sign a NDA at one point) I will tell you that it is good enough that just being able to snoop data isn't going to help you authenticate the card. They also have nice features that lock the cards after a certain amount of failed attempts and whatnot.
That along with a little data encryption using whatever your favorite algorithm for security is and I would still feel confident in the security behind smart cards.
Basically, Atmel leaves it up to the developer to decide how secure the cards are, but if you enable all there security features, and use a little common sense you will be fine.
What I don't understand is why they can't just post the authentication system specfics on there web site for everyone to see. Security by obscurity isn't neccesary here as the algorithm itself wouldn't help anyone anyway.