From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 1 Apr 1996 06:59:03 +0800
To: mpd@netcom.com (Mike Duvos)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603310759.XAA09261@netcom13.netcom.com>
Message-ID: <199603311844.NAA20037@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Mike Duvos writes:
> perry@piermont.com ("Perry E. Metzger") writes:
> 
>  > Why not? If the card knows its own key, then someone else
>  > can probably get the key out by some nasty mechanism.
> 
> There is no physical difference between cards.  The key
> information is stored in EEPROM, and the links which permit the
> EEPROM to be written are burned after programming is complete.
> The EEPROM data is then only accessible to intimately associated
> circuitry in its vicinity.

Or to people with access to scanning microscopy techniques like STMs
or AFMs. I suspect that there are lots of techniques that can be
successfully used. It used to be that using them required the sort of
facilities only available at a large semiconductor manufacturer, but
now I suspect that it would be easy for a student at a major
university, and probably less easy, but still perfectly feasible, for
a person working at home with lots of sophisticated but fairly
available equipment like STMs.

> Presumedly the state of the EEPROM cannot be deduced by any
> external examination of the card, and any attempt to
> incrementally abrade the card down to the relevent circuit
> elements should completely obliterate the minute charge
> differences which represent the data.

They aren't immune to the laws of physics. If it can be put together,
it can be taken apart. I can even surmise HOW it can be taken apart.

> At least, that's the theory.  The Europeans trust this technology
> well enough to let it represent real money, so presumedly they do
> not consider hacking a possibility.

The Americans trust their money to the notion that no counterfeiter
can afford to pay a million or so for an intaglio press. Do you think
this is likely?

In any case, I notice that the claim has changed. Before, it was
claimed, speciously, that modern cryptography could solve this
problem. Now it is claimed that the security of the system depends
entirely on keeping the user from breaking in to a piece of equipment
that they have physical possession of. Pretty different story, eh?

> Perhaps our resident VLSI and Alpha Particle expert, Timothy C.
> May, could give us a guess as to whether Perry's "Nasty
> Mechanism" is more or less likely than Maxwell's "Daemon."

I think he'll tell you that he doesn't know how much effort it will
take but that Intel's labs probably could manage it and that they
probably couldn't manage to build Maxwell's Demon.

Perry