Mahlzeit

On Sun, Jan 20, 2002 at 08:03:26PM -0800, David Corcoran wrote:
> I've got Ben Laurie (yes, the famous Apache hacker) on another list
> claiming that smart cards are weak storage for keying material.
> e.g. that physical access to the card is all that is needed for a
> motivated hacker to pry the key out of the card.

I have never tried to crack a smart card or have much knowledge about
the technical devices needed, but I have read quite a bit and had to
do with cards, industry, etc..

My estimation of the situation:

Smart card manufacturers try to make these as secure as possible,
but smart cards are a cheap mass product.

I do think, that cracking of smart cards is hard, but not impossible.
And it is getting harder and harder, because there are are improvements
in the smart card area regarding security, e.g. in the Infineon series
44 -> 66S -> 66P. (I'm most familiar with these ICs.) I do believe,
that the 66P series from Infineon for at least some years secure against
reading the content of the EEPROM by students and also more sophisticated
hackers. This is because of the security features they have and because
so many firms and government agencies do trust them. It would be very
bad publicity for them if a card would be cracked. But I do not believe,
that the 66P is secure against the laboratory and knowledge of e.g. Intel.

For the 66S there seams to be not so much trust, e.g. the German
signature cards from Telesec hat originally a 66S chip and were replaced
by cards with a 66P. For the 44 there is, as it appears, even much less
trust, thatn for the 66S.

If you only want to read out a key, some form of power analysis would
be enough. You need here not very expensive equipment. Card and OS
manufacturers try als to be secure against this and they do apparently
also try themself (or pay others to do so) to attack their cards with
power analysis. My opinion is, that it is very difficult to do a power
analysis attack with modern cards, but I am not convinced that it is
impossible. What might make it impossible is to try to design a power
analysis resitant protocol. E.g. with some sort of error counter.

These are not definite answers. Here is probably a similar situation
than in the cryptography area. but surrounded by non-openess.

So my advice is to design a smart card application, that an attacker
can not gain much value, and also to develop some plans what to do,
if a card get's cracked.

If there is interest, I can also write some about evaluation according to
ITSEC/CC.

Mahlzeit
endergone Zwiebeltuete

***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to majordomolinuxnet.com with
unsubscribe sclinux
***************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]