1996-10-19 - NYT on DFA

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: ac79102785fe5abe86f11831535ba6023287aadd6123764f440afe8736601fe2
Message ID: <1.5.4.32.19961019113041.006abd10@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1996-10-19 17:34:45 UTC
Raw Date: Sat, 19 Oct 1996 10:34:45 -0700 (PDT)

Raw message

From: John Young <jya@pipeline.com>
Date: Sat, 19 Oct 1996 10:34:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: NYT on DFA
Message-ID: <1.5.4.32.19961019113041.006abd10@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   The New York Times, October 19, 1996, p. 37.


   2 Israelis Outline New Risk To Electronic Data Security

      Hints That 'Smart Cards' Aren't So Smart

   By John Markoff


   San Francisco, Oct. 18 -- Two of Israel's leading computer
   scientists say they have found a way to more easily decode
   and then counterfeit the electronic cash "smart cards" that
   are now widely used in Europe and are being tested in the
   United States.

   The researchers have begun circulating the draft of a paper
   that points out higher security risks than those discovered
   last month by scientists at Bell Communications Research.

   The Bell communications researchers had reported that it
   might be possible to counterfeit many types of the "smart
   cards" that are being tested by banks and credit card
   companies, including Visa and Mastercard.

   The two Israeli scientists, Adi Shamir, a professor at the
   applied mathematics department at the Weizmann Institute,
   and Eli Biham, a member of the faculty of the computer
   science department at the Technion, reported that in
   addition to the so-called public key coding systems that
   were found vulnerable by the Bellcore team, private key
   data coding systems such as the American Data Encryption
   Standard, or DES, can be successfully attacked if a
   computer processor can be made to produce an error.

   The two Israeli's made a draft of their research available
   via the Internet on Thursday. In their paper the two wrote,
   "We can extract the full DES key from a sealed tamperproof
   DES encryptor" by analyzing fewer than 200 encoded
   messages.

   Both public key and private key data scrambling methods are
   based on the difficulty involved in factoring large
   numbers. A public key system permits two parties who have
   never met to exchange secret information. A private key
   system requires that a secret key be exchanged beforehand.

   Data coding experts said that the new Israeli method might
   be a more practical system than the previously announced
   Bellcore method, because unlike public keys, which are
   frequently used only once per message, a private secret key
   may be used repeatedly to scramble electronic transactions.

   "This seems a lot closer to something that might actually
   be used," said Matt Blaze, a computer researcher at AT&T
   Laboratories.

   Smart cards have been promoted as tamper proof, which is
   why computer scientists at Bellcore, one of the nation's
   leading information-technology laboratories, sounded the
   alarm last month, saying that a savvy criminal might be
   able to tweak a smart-card chip to make a counterfeit copy
   of the monetary value on a legitimate card.

   Executives at smart card companies said at the time that
   the attack was theoretical and that it would be impossible
   to make a smart card generate an error without actually
   destroying the card.

   However, Mr. Biham responded that he believed such hardware
   attacks were possible. The cards are generally damaged
   using heat or radiation, which causes the computer chip in
   the card to generate an error, which the Israeli scientists
   used to obtain the code key and copy the card.

   "I have ample evidence that hardware faults can be
   generated without too much difficulty," he said in an
   electronic mail message. "As a consultant to some high-tech
   companies, I had numerous opportunities to witness
   successful attacks by commercial pirates on pay-TV systems
   based on smart cards. I know for a fact that some of these
   attacks were based on intentional clock and power supply
   glitches, which can often cause the execution of incorrect
   instructions by the smart card."

   Other researchers said that the class of attacks
   demonstrated by the Bellcore team and the Israelis had been
   known by some members of the tightly knit community of
   cryptographers for several years, but the results had not
   been published.

   "Some of the smart card manufacturers are well aware of
   this flaw," said Paul Kocher, an independent Silicon Valley
   data security consultant. "But it doesn't mean that they
   have fixed it."

   [End]










Thread