Dutch chipmaker NXP Semiconductors has sued a university in The Netherlands to block publication of research that details security flaws in NXP's Mifare Classic wireless smart cards, which are used in transit and building entry systems around the world.
NXP, formerly Philips Semiconductors, sued to prevent Radboud University Nijmegen from publishing a scientific paper on the technology in October. A hearing is scheduled for Thursday in the Dutch court, Rechtbank Arnhem.
"We feel the publication would not be responsible," NXP said in an e-mail statement when asked to comment for this article on Wednesday. "We cannot give further comments at this time, as it is in the hands of the court and the court has given a confidentiality order."
A court decision on the matter is expected next week, according to Karsten Nohl, a University of Virginia graduate student who worked with others to break the crypto algorithm last year and has been closely following the case.
The Dutch university's research builds upon Nohl's work. Nohl said he plans to publish his research in August and that NXP has not sued him to halt publication of his work.
"NXP spent most of this year defending the technology," Nohl told CNET News in a phone interview this week. "Only recently have they started admitting that the security is flawed, but they are still not ready for this to leak into the public domain."
"The only thing NXP would achieve if they win the lawsuit is prevent information from getting to other research groups that might very well be looking for solutions to this problem," Nohl said. Meanwhile, information on how to break the cryptography on the smart cards is already available to criminals who are willing to pay tens of thousands of dollars, he added.
A statement issued by the Dutch University in March says: "Because some cards can be cloned, it is in principle possible to access buildings and facilities with a stolen identity. This has been demonstrated on an actual system."
Dr. Bart Jacobs of Radboud University Nijmegen demonstrated last month how he could ride the London transit system for free. Once he obtained the key used by the London transit system, he then brushed up aside passengers carrying the Oyster transit cards and was able to collect their card information on his laptop and make a clone of it.
This YouTube video shows how it is done:
In addition to the transit system in The Netherlands, the technology is used in the subway systems in London, Hong Kong and Boston, as well as in cards for accessing buildings and facilities. The Mifare technology is used in more than 80 percent of the market, Nohl said.
The university defended its plans to publish the research in a statement released Monday in Dutch, saying it has a duty to research and publish data on security technology flaws so that they can be fixed.
On Monday, Cryptography Research Inc. (CRI) opened a three-day workshop in San Francisco on the security of embedded system cryptography. The workshop is intended for developers and architects of secure embedded systems. Participants will be given smart cards and challenged to crack passwords using various demonstrated techniques.
"These are not theoretical attacks," Benjamin Jun, vice president of technology at CRI, noting that his company published the first white paper on monitoring attacks during the 1990s.
The workshop's primary focus will be on attacks to Elliptic Curve Cryptography (ECC), a cryptographic algorithm that is now used to protect electronic passports, mobile communications, and even MP3 players. Jun said there are many ways for an attacker to monitor leakage. In the workshop, he said they will look specifically at Simple Power Analysis (SPA) and Differential Power Analysis (DPA).
"Almost every smart card you buy today is going to have countermeasures to Simple Power Analysis and Differential Power Analysis," said Jun, however some newer implementations of ECC "do in fact leak information." In particular he cited devices such as MP3 players and cell phones. These are devices that have not had 10 years of development, said Jun, and so some exhibit weaknesses found in early smart cards. The purpose of the workshop was to help developers avoid some common flaws.
Under SPA, an attacker can determine the passwords from simple patterns in the power consumption.
(Credit: CRI)To an observer, a power analysis looks something like an EKG. As the device processes the encryption algorithm, peaks and valleys display on the monitor; these ultimately correspond to 1s and 0s in a password. Thus, an attacker could look at the power consumption fluctuations emitted from a device and, based on the specific pattern of peaks and valleys, figure out whether the device used RSA, DES, or ECC for encryption. Knowing what algorithm was used, the attacker could then begin to figure out the password.
Under DPA, the attacker first guesses and then compares the guess against the actual result.
(Credit: CRI)Counter measures, said Jun, include increasing the signal-to-noise ratio. For example, if you want to have a private conversation, you could go to a large football stadium during a game, making it hard for someone trying to listen to separate our conversation from the surrounding noise. That's amplitudinal noise.
The other kind of noise, said Jun, is temporal, which, to a computer, means stuttering the information over longer spaces. For example, if the data value was 8, the code might be expressed as 2 plus 6. More defense can be achieved by randomness, changing the way you express the data value of 8; maybe the next reference you say 12 minus 4, then 5 plus 3, and so on.
The workshop concludes Wednesday. For an overview of the concepts involved in a monitored attack, CRI provides a Flash tutorial on its Web site.
- prev
- 1
- next
