From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: ac79102785fe5abe86f11831535ba6023287aadd6123764f440afe8736601fe2
Message ID: <1.5.4.32.19961019113041.006abd10@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1996-10-19 17:34:45 UTC
Raw Date: Sat, 19 Oct 1996 10:34:45 -0700 (PDT)
From: John Young <jya@pipeline.com>
Date: Sat, 19 Oct 1996 10:34:45 -0700 (PDT)
To: cypherpunks@toad.com
Subject: NYT on DFA
Message-ID: <1.5.4.32.19961019113041.006abd10@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain
The New York Times, October 19, 1996, p. 37.
2 Israelis Outline New Risk To Electronic Data Security
Hints That 'Smart Cards' Aren't So Smart
By John Markoff
San Francisco, Oct. 18 -- Two of Israel's leading computer
scientists say they have found a way to more easily decode
and then counterfeit the electronic cash "smart cards" that
are now widely used in Europe and are being tested in the
United States.
The researchers have begun circulating the draft of a paper
that points out higher security risks than those discovered
last month by scientists at Bell Communications Research.
The Bell communications researchers had reported that it
might be possible to counterfeit many types of the "smart
cards" that are being tested by banks and credit card
companies, including Visa and Mastercard.
The two Israeli scientists, Adi Shamir, a professor at the
applied mathematics department at the Weizmann Institute,
and Eli Biham, a member of the faculty of the computer
science department at the Technion, reported that in
addition to the so-called public key coding systems that
were found vulnerable by the Bellcore team, private key
data coding systems such as the American Data Encryption
Standard, or DES, can be successfully attacked if a
computer processor can be made to produce an error.
The two Israeli's made a draft of their research available
via the Internet on Thursday. In their paper the two wrote,
"We can extract the full DES key from a sealed tamperproof
DES encryptor" by analyzing fewer than 200 encoded
messages.
Both public key and private key data scrambling methods are
based on the difficulty involved in factoring large
numbers. A public key system permits two parties who have
never met to exchange secret information. A private key
system requires that a secret key be exchanged beforehand.
Data coding experts said that the new Israeli method might
be a more practical system than the previously announced
Bellcore method, because unlike public keys, which are
frequently used only once per message, a private secret key
may be used repeatedly to scramble electronic transactions.
"This seems a lot closer to something that might actually
be used," said Matt Blaze, a computer researcher at AT&T
Laboratories.
Smart cards have been promoted as tamper proof, which is
why computer scientists at Bellcore, one of the nation's
leading information-technology laboratories, sounded the
alarm last month, saying that a savvy criminal might be
able to tweak a smart-card chip to make a counterfeit copy
of the monetary value on a legitimate card.
Executives at smart card companies said at the time that
the attack was theoretical and that it would be impossible
to make a smart card generate an error without actually
destroying the card.
However, Mr. Biham responded that he believed such hardware
attacks were possible. The cards are generally damaged
using heat or radiation, which causes the computer chip in
the card to generate an error, which the Israeli scientists
used to obtain the code key and copy the card.
"I have ample evidence that hardware faults can be
generated without too much difficulty," he said in an
electronic mail message. "As a consultant to some high-tech
companies, I had numerous opportunities to witness
successful attacks by commercial pirates on pay-TV systems
based on smart cards. I know for a fact that some of these
attacks were based on intentional clock and power supply
glitches, which can often cause the execution of incorrect
instructions by the smart card."
Other researchers said that the class of attacks
demonstrated by the Bellcore team and the Israelis had been
known by some members of the tightly knit community of
cryptographers for several years, but the results had not
been published.
"Some of the smart card manufacturers are well aware of
this flaw," said Paul Kocher, an independent Silicon Valley
data security consultant. "But it doesn't mean that they
have fixed it."
[End]
Return to October 1996
Return to “John Young <jya@pipeline.com>”
1996-10-19 (Sat, 19 Oct 1996 10:34:45 -0700 (PDT)) - NYT on DFA - John Young <jya@pipeline.com>