Re: Cracks Are Found In Smartcard Security (fwd)
On 19 Nov 96 at 15:36, Z.B. wrote:
---------- Forwarded message ---------- Date: Tue, 19 Nov 1996 21:17:49 +0000 From: Simon Gardner <simon@access.org.uk> [snip] Subject: Cracks Are Found In Smartcard Security
Cracks Are Found In Smartcard Security [snip] Anderson said his latest research indicated that two of the world's most widely used systems for encoding sensitive financial information - the RSA and DES encryption standards used by most banks - could also be ^^^^^^^ cracked easily." ^^^^^^^^^^^^^^^^^ [The London Telegraph, 19th November 1996]
In what context? (How does that applies to PGP? Did he say that for short keys used to encrypt data directly?) Sorry for my cluelessness. jfa Jean-Francois Avon, Pierrefonds (Montreal) QC Canada DePompadour, Societe d'Importation Ltee Finest Limoges porcelain and crystal JFA Technologies, R&D consultants physicists and engineers, LabView programing PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C
Jean-Francois Avon wrote:
In what context? (How does that applies to PGP? Did he say that for short keys used to encrypt data directly?)
Sorry for my cluelessness.
The smart cards in use by banks to protect transactions seem to use RSA and DES algorithms. Now these algorithms are computationally difficult to hack. Therefore an attack via cryptographical route would not be envisaged by those who specify the system for the bank. With the research into popping smart cards using fuming Nitric Acid, the keys used for these transactions could be extracted from a smart card within a few hours. Thus with the keys extracted, RSA and DES become even more vulnerable because they are such well known algorithms. It would be easy for someone to implement them in a pirate smart card as indeed has been the case in European satellite Pay TV piracy. (France Telecom used DES as the cryptographical basis for their EuroCrypt-M access control overlay for the D2-MAC television standard). The Fiat-Shamir ZKT was also demonstrated to be vulnerable using a similar approach. It was possible to extract the necessary data to allow pirate cards to spoof a valid ZKT response. Of course the original version of this flaw was due to incompetence on the part of the system designers (they never secured the card-decoder interface microcontroller). A later implementation integrated the result of the ZKT with the output of the algorithm thus making it a more secure implemenation. However the smart card was popped (reverse-engineered using the techniques desicribed in the paper) making it all academic. The bottom line is that the security of smart cards is both highly overrated and depends on a high level of bluff. Most people would not attack a smart card because they think it is secure. However in European satellite television piracy, most of the systems have been shown to have flaws either in the technology or the implementation. (Naturally the best reference on this is European Scrambling Systems 5 - The Black Book ISBN: 1-873556-22-5 ;-) ) The relevant paper is at: http://www.cl.cam.ac.uk/users/rja14/tamper.html Regards...jmcc
participants (2)
-
Hack Watch News -
Jean-Francois Avon