Published: 01 Oct 2008
Cracking Smart Cards
Attackers "eavesdrop" on power output to steal crypto keys
Smart cards are designed for security and convenience. The secure, multipurpose authentication they provide makes them an attractive option for controlling logical and physical access to businesses and governments.
The embedded microchip smart grid technology is also an attractive target for hackers and pirates to commit fraud, theft and piracy.
Most of the hacks and countermeasures focus on power analysis attacks, which are performed by attackers using digital oscilloscopes eavesdropping on the power use of transistors as embedded smart card microchips perform cryptographic operations. Simple power analysis (SPA) directly interprets power use to "see" individual bits, and can crack the cryptokeys in seconds. However, basic security practices easily thwart SPA.
Differential power analysis (DPA) is the really serious threat. It applies statistical analysis across multiple power consumption measurements to overcome noise and countermeasures that obscure individual bits. The analysis reveals several bits of the cryptokey at a time and is repeated to eventually produce the entire key. The attacker guesses a few bits of the key and watches the power output; spikes in the pattern indicate correct guesses and provides a piece of the puzzle.
"DPA is a real threat to smart card technology, not just a theory," says Anoop Ubhey, smart card industry analyst for Frost and Sullivan. "DPA is inexpensive and is very powerful, because it circumvents the hardware and software security/encryption that companies have implemented in products. Also, DPA is non-invasive and does not leave a trace, which is why it is so scary."
Smart cards are ubiquitous in Europe, but have been slow to catch on in the U.S. Credit cards, for example, in the U.S. still use convenient, cheap magnetic strip technology. The Department of Defense's Common Access Card (CAC) program is probably the most well-known smart card deployment stateside.
But encryption embedded in smart card microchip technology is used in a variety of areas, including pay TV, where DPA is used to provide pirated access.
DPA was discovered by Cryptography Research Inc. (CRI) about a decade ago, and is a prime focus of security research, presented in forums such as August's Cryptographic Hardware & Embedded Systems (CHES) conference. In the intervening decade, security has become an increasing concern with the growth the crypto-protected microchip market.
CRI develops and licenses cryptography security technology to chip manufacturers, and sells an integrated product called CryptoFirewall, which can be used, for example, in pay TV systems to protect crypto keys. CRI recently extended its market reach significantly, licensing its technology to giant chip maker Infineon, which produces hundreds of millions of chips annually. The deal brings CRI's anti-DPA technology into the vast European smart card market.
"DPA has been a significant issue for a while," says Paul Kocher, CRI president and chief scientist, "but the number of chips and importance of those chips is growing, along with general advancement in technology. Now you've got about 2 billion chips being produced annually. The economic importance and security of those chips is very high."