Smartcard Hardware Tampering Paper

Cryptome DVDs. Donate $25 for two DVDs of the Cryptome collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

27 May 1999

To: cryptography@c2.net, ukcrypto@maillist.ox.ac.uk
Subject: Smartcard Hardware Tampering Paper
Date: Thu, 27 May 1999 17:10:01 +0100
From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>

Research Announcement

We recently published the following paper, which should be of great
interest to anyone concerned about smartcard hardware security:

  Oliver Kömmerling, Markus G. Kuhn: Design Principles for
  Tamper-Resistant Smartcard Processors. Proceedings of the
  USENIX Workshop on Smartcard Technology (Smartcard '99),
  Chicago, Illinois, USA, May 10-11, 1999, USENIX Association,
  pp. 9-20, ISBN 1-880446-34-0. 

(This work received the "USENIX Association Best Student Paper Award".)

Various non-invasive cryptanalysis techniques against smartcards, which
have been publicised as "Differential Fault Analysis", "Differential
Power Analysis", etc., have received considerable attention recently.
However, these are not the attack techniques that have been used by
pirates to break practically all types of smartcard processors that are
fielded in millions of conditional-access systems. We show in our paper
how invasive microprobing techniques are a far more powerful and
universally applicable threat to smartcard security, which processor
architecture elements simplify attacks significantly, and what designers
could quite easily do to make it more difficult.

Unlike fault and current analysis techniques, microprobing attacks do
not depend on any prior knowledge or guessing of the implemented
cryptographic algorithms. Microprobing gives the attacker not only
access to cryptographic keys, but also leads to full disassembler
listings of the extracted security software. Availability of the full
smartcard software then often allows the design of fast and simple
non-invasive glitch and current analysis attacks, which -- unlike
DPA-style attacks -- do not require many hundred seconds of protocol
interactions. Such very fast non-invasive attacks can then be performed
inconspicuously in a Trojan card terminal together with a normal
transaction and without giving the card holder a chance to notice them.
They form a serious additional threat over microprobing even for
applications such as digital signature and banking cards, which do not
rely on global keys stored in the card. Microprobing attacks can be
carried out by skilled technicians starting with an investment of little
more than ten thousand euros and they can then be repeated at rather low
cost.

Our paper not only describes the range of attack techniques that have
been used in the past to break numerous commercially fielded security
systems. We also suggest a number of lowest-cost countermeasures that
will help to make many of these attacks considerably more challenging to
perform. Some of these we believe to be new, while others have already
been implemented in products but are either not widely used or the
implementations we found had design flaws that allowed us to circumvent
them more easily than would have been necessary.

Online version of the paper:

http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf

Presentation slides with more photos:

http://www.cl.cam.ac.uk/~mgk25/sc99-tamper-slides.pdf

[Important note to avoid misunderstandings: Our paper does *not* provide
any comparative evaluation of the security mechanisms of specific
products and it should not be quoted to that effect. We present a few
interesting vulnerabilities in the security mechanisms of one commercial
smartcard processor that we named. This processor is of particular
interest primarily, because it features comparatively advanced security
features not found in most other products. The reader should understand
that in spite of the vulnerabilities that we outline, unmentioned
competing products are not necessarily more secure. Indeed, many of them
do not have these advanced security mechanisms implemented and are
easier to break. Much easier.]

Markus Kuhn

-- 
Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK
Email: mkuhn@acm.org,  WWW: <http://www.cl.cam.ac.uk/~mgk25/>