On Monday, Cryptography Research Inc. (CRI) opened a three-day workshop in San Francisco on the security of embedded system cryptography. The workshop is intended for developers and architects of secure embedded systems. Participants will be given smart cards and challenged to crack passwords using various demonstrated techniques.
"These are not theoretical attacks," Benjamin Jun, vice president of technology at CRI, noting that his company published the first white paper on monitoring attacks during the 1990s.
The workshop's primary focus will be on attacks to Elliptic Curve Cryptography (ECC), a cryptographic algorithm that is now used to protect electronic passports, mobile communications, and even MP3 players. Jun said there are many ways for an attacker to monitor leakage. In the workshop, he said they will look specifically at Simple Power Analysis (SPA) and Differential Power Analysis (DPA).
"Almost every smart card you buy today is going to have countermeasures to Simple Power Analysis and Differential Power Analysis," said Jun, however some newer implementations of ECC "do in fact leak information." In particular he cited devices such as MP3 players and cell phones. These are devices that have not had 10 years of development, said Jun, and so some exhibit weaknesses found in early smart cards. The purpose of the workshop was to help developers avoid some common flaws.
Under SPA, an attacker can determine the passwords from simple patterns in the power consumption.
(Credit: CRI)To an observer, a power analysis looks something like an EKG. As the device processes the encryption algorithm, peaks and valleys display on the monitor; these ultimately correspond to 1s and 0s in a password. Thus, an attacker could look at the power consumption fluctuations emitted from a device and, based on the specific pattern of peaks and valleys, figure out whether the device used RSA, DES, or ECC for encryption. Knowing what algorithm was used, the attacker could then begin to figure out the password.
Under DPA, the attacker first guesses and then compares the guess against the actual result.
(Credit: CRI)Counter measures, said Jun, include increasing the signal-to-noise ratio. For example, if you want to have a private conversation, you could go to a large football stadium during a game, making it hard for someone trying to listen to separate our conversation from the surrounding noise. That's amplitudinal noise.
The other kind of noise, said Jun, is temporal, which, to a computer, means stuttering the information over longer spaces. For example, if the data value was 8, the code might be expressed as 2 plus 6. More defense can be achieved by randomness, changing the way you express the data value of 8; maybe the next reference you say 12 minus 4, then 5 plus 3, and so on.
The workshop concludes Wednesday. For an overview of the concepts involved in a monitored attack, CRI provides a Flash tutorial on its Web site.
Update on February 22, 2008, at 3:20 p.m PST: This blog has been updated to include a response from American Express.
WASHINGTON D.C.--Adam Laurie, an RFID security expert, used the Black Hat DC 2008 conference here, to demonstrate a new Python script he's working on to read the contents of smart-chip-enabled credit cards.
As part of his presentation Wednesday, Laurie asked for someone from the audience to volunteer a smart card. Without taking the card out of the volunteer's wallet, Laurie both read and displayed its contents on the presentation screen--the person's name, account number, and expiration clearly visible.
Demonstrations like that show the potential misuse of RFID technology in the near future. Without touching someone, a thief could sniff the contents of an RFID-enabled credit card just in passing. The same is true for embedded RFID chips in the human body, work access badges, some public transit cards, and even the new passports in use in more than 45 countries.
As a disclaimer, Laurie said he spoke to American Express, the company that issued the volunteer's card. Laurie said that American Express told him: "We are comfortable with the security of our product." Laurie added that the company told him the number he displayed on the presentation screen was not the account number printed on the card, which Laurie proved by opening the wallet and comparing.
"The alias number on American Express' ExpressPay cannot be used for online transactions," said Molly Faust, American Express' Public Affairs representative, in an e-mail to CNET News.com. "ExpressPay has multiple security mechanisms. As the payment host, American Express would not verify/authorize an online transaction using just the alias account number. There are several other security mechanisms that would be required in order for payment authorization to take place."
The credit card industry has argued that use of the RFID-enabled cards will save customers time when processing payments.
An extreme example can be found in Spain. Laurie said a public beach there encourages visitors to have RFID tags injected into their bodies. The point? Merchants along the beach scan your wrist to obtain a unique ID from which they can debit your account. The advantage? You won't have to go to the beach with your wallet, which might get stolen.
Laurie, who has an injected RFID-tag, showed how easy it was not only to read the tag, but also to re-write the tag. During his demo, he used the coding sequence reserved for animal tagging to have his RFID chip declare him an animal.
On his RFIDiot Web site, Laurie offers the Python scripts free of charge and also sells the hardware necessary to read and write to RFID tags and cards.
- prev
- 1
- next
