Forwarded From: Nicholas Charles Brawn <ncb05at_private> 22Jun98 USA: CODE BREAKER CRACKS SMART CARDS' DIGITAL SAFE. By PETER WAYNER. (ART ADV: Photo showing Paul Kocher is being sent to NYT photo clients. Graphic is being sent to NYT graphic clients. Non-subscribers can make individual purchase by calling 212-556-4204 or 1927.)@ To the companies in the smart-card business, Paul Kocher may be too smart for their own good. For the last year, Kocher's four-man consulting firm in San Francisco has kept big credit-card companies and banks on edge by sharing details of his discovery of a way to break into the newest version of smart cards - credit-card size devices that contain a tiny computer chip and can be used for a variety of purposes including storing so-called digital cash. Although Kocher's intent has been to warn the industry and sell it possible solutions, his expertise - in the hands of thieves, counterfeiters or impostors - could compromise the security safeguards of smart cards, which are coming into widespread use in the United States and Europe. The cards are at the center of the plans by the banking and credit-card industries to cut costs and improve customer convenience by replacing conventional magnetic-stripe cards with ones that not only can act as a debit or automated-teller-machine card but can also be loaded with digital cash that would function as legal tender wherever merchants hav power consumption of the chip. It is a sophisticated type of analysis, but the rudimentary "laboratory" - in this case a three-room office suite, some garden-variety PCs and several thousand dollars of electronics equipment - indicates that it does not require elaborate tools to crack what is supposed to be a highly secure digital safe. As details of the technique circulate, as they invariably do in the hacker underground, imitators will almost certainly try to duplicate Kocher's experiment. For his part, Kocher, who at 25 is already a well-known expert in code breaking, said, "As the expertise becomes more widely available, the threats will become more than academic." Peter Neumann, a computer scientist at SRI International, a research group in Menlo Park, Calif., said the approach had "enormous potential as another technique for breaking weakly designed and badly implemented devices." Though already in wide use as bank cards in Europe, smart cards in the United States have been mainly used so far for controlling access to buildings and protecting against fraudulent use of new types of cellular telephones. But U.S. banks have begun experimenting with the cards, as Chase Manhattan is doing in a test of Mastercard International's Mondex system on the Upper West Side of New York City. Banks trust that the computer chips embedded in tamper-resistant packaging will act like a virtual branch office, dispensing money and crediting accounts to the right people. But if someone could break through the card's defense, then that person could conduct fraudulent transactions, load counterfeit digital cash onto the cards or create various other forms of mischief. So even as smart-card executives seek to play down the threat posed by Kocher's discovery, and they stress that no known break-ins of his sort have occurred in the real world, the industry knows it must continuously improve smart-card software and hardware. "In a sense, this is an arms race; the attackers will always get better," said Richard Fletcher, the head of strategy and planning of Mastercard's Mondex smart-card division. "The only defense and the best defense against future attacks is to keep moving and keep changing." Gerald Hubbard is the vice president of marketing in the United States for Bull Smart Cards, a company that says it has shipped more than 120 million money-carrying smart cards throughout the world. He said that his company had known about the Kocher type of attack for more than four years and had installed safeguards to thwart it. But, Hubbard said, "You can never say a card is 100 percent immune." In fact, some other industry executives expect it to take perhaps two years before there will be smart cards and related hardware that will be impervious to Kocher's type of attack. Kocher said he had approached the smart-card industry last year with the details of his discovery because he knew that criminals might also use the same tricks. But he said that he did not publicize his findings, so that the industry would have time to adopt defenses, including techniques for which he has filed for patents and which he is now licensing to the companies. He publicly announced the smart-card security flaw two weeks ago, only after The Australian Financial Review published an article about his break-in technique. Kocher's company, Cryptography Research, analyzes and tests computer-security hardware and software for many of the leading computer companies. His discoveries of flaws in supposedly secure technologies have drawn attention in the past - as in 1995, when he found that he could break into smart cards by simply timing how long it took them to process data. In the case of this newly disclosed smart-card problem, Kocher and his colleagues found that the cards' consumption of electrical power could disclose vital information about the secret key that protects the money or other data on the chip. By watching the monitor of an oscilloscope, a device that measures the power use on a screen similar to the way a cardiac monitor displays a patient's heart action, Kocher's team was able in some cases to use the electrical pattern from a single transaction to decipher the key to the code. In other cases, they were forced to use more sophisticated statistical techniques to analyze the results from as many as 1,000 transactions. Kocher said his team had spent at least as much time looking for solutions as it had in identifying the security flaw. A possible remedy involves masking the transaction in digital noise by adding meaningless random calculations that would consume random amounts of current. Another possible solution, which according to Mastercard officials is being incorporated in the latest version of its Mondex smart-card software, is to vary the order of the operations in the software to make it more difficult to identify patterns in the consumption of power. A banking-industry goal with smart cards is to cut costs by eliminating the need for central approval of a debit or credit transaction. By some estimates, the marginal costs for clearing a smart-card transaction are well under a penny. Credit-card transactions, however, typically require a long-distance computer network and a large central database for examining each deal, and the transaction eventually means billing a customer and cashing the payment checks. These steps add up to 25 cents a transaction, on average, compared with about a penny for a smart-card transaction, in which all the authorization information - and even the money itself - can be contained on the card's chip. To create an audit trail that might help track fraud, however, Visa International's smart-card system uses merchant terminals that report transactions to a central data base at the end of each day. "We don't feel it is a good idea to have the security depend upon the chip itself," said Philip Yen, a senior vice president of Visa International. "We think it's more important to have complete system security." Fletcher, of Mastercard's Mondex, contends that including any sort of central control runs counter to the purpose of a smart card - giving customers the ability to use the money on a card just like cash. "The critical point of any digital cash system is that you're off line," he said. "There's no online link at that point. You're critically dependent upon the card's security." As the banks debate the security trade-offs, there is one certainty: Paul Kocher and others like him will continue to look for chinks in the smart-card armor. And as Kocher likes to remind the industry, "We have not yet encountered a card that couldn't be broken." -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:33 PDT