Increasingly, companies are turning to smart cards as a way to authenticate network access. Yet the technology does have an Achilles' heel.
Using a technique known as differential power analysis (DPA), the secret keys on smart cards can be extracted. Smart-card users shouldn't throw their cards away in disgust, however. Harvesting keys is a tricky procedure; the attacker must have expertise in hardware, software and cryptography in order to set up the necessary equipment. "Once it's set up, however, a rank amateur can use it," said Paul Kocher, president of San Francisco-based Cryptography Research Inc. Kocher's firm discovered this method of attack three years ago.
Smart cards offer strong network authentication because a user needs a physical element, the smart card, and needs to know a secret code, a PIN, to gain access. Essentially, a smart card is a computer chip with a secret key shielded in plastic. When a user wants to access a system, the system sends the user's card a random number. The card then does a computation using the secret key and sends the answer back to the system. As such, a cardholder can prove he is who he says he is without telling the system the secret key.
Capturing the key from a smart card can take seconds to a few hours depending on the complexity of the key. The length of a key doesn't necessarily make it harder to break. DPA has been used on Triple DES and 2,048-bit RSA encryption. "It doesn't randomly guess the key but actually solves it," Kocher said.
Kocher and his colleagues at Cryptography Research discovered that there was a correlation between the electricity usage of the chips in smart cards and the keys they contain. Essentially, figuring out the key is as easy as monitoring the electricity usage of the smart card. Harvesting the necessary data requires taking millions of measurements per second and then statistically correlating that data.
Luckily, the difficulty of setting up a system to do DPA calculations has kept such attacks at bay. However, test labs for smart cards have also had trouble mimicking the attack, thus many smart cards end up being susceptible to it, Kocher said. His company has recently announced it will sell pre-configured DPA systems that smart-card makers, labs and large smart-card users can use to test their cards.
Kocher is aware that some people might be worried about his company selling systems that would in essence take all the difficulty out of doing DPA attacks. "We are only going to sell to legitimate companies that have been around for a while," he said. "We are not going to sell to someone who wants to pay cash on the spot."
Kocher hopes that by giving the good guys the proper tool to make smart cards more secure, users wouldn't have so much to fear from the bad guys. It's not as though a lot isn't already known about this type of attack. It's been public for three years and hundreds of papers have been written about it, he said.
Obviously, the best defense against these attacks is smart cards that are immune to them. Randomly varying the power to mask computation of the key is not a sure fix because such noise can be filtered out during a DPA attack. The surest way around the attack is using smart cards that randomly generate a new key from the old key every time it's used. In such a case, a captured key isn't that important because it won't do the attacker much good, Kocher said.