Take another look at that replacement credit card from your bank.
Notice the square of gold metal positioned at left-center? If you could pry it loose, you would find a small resinous lump on the back. This contains a small silicon chip, connected to the gold contact by copper wiring. It is a mini-computer with a processing power comparable to an early desktop model. It is the brain of your new smartcard.
Suddenly, after a few false starts, smartcards are all round us. You probably use up to five smartcards every day. You travel to the office each day, where you use a smartcard identity token to pass through the barriers in the entrance hall. You have a bank account, with a debit smartcard to draw cash from ATMs and to use in retail stores. You have a credit smartcard, perhaps two. Your mobile phone has an embedded smartcard holding your identity details and encryption keys.
So just how safe are these smartcards in your wallet and mobile phone?
Plastic payment cards began with the Diners Club card in the U.S. in the 1950s. The only data stored by those early cards was the embossed number on the front and a copy of the cardholder's signature on the reverse. Later, in the 1970s, came the magnetic stripe, storing enough data to enable the card to be used in through-the-wall cash dispensing machines.
The magnetic stripe soon attracted the attention of the criminal minded. It was easy to copy and create clone cards. No great skill or expense was needed - a household iron, videotape and cardboard were enough to carry out some embarrassingly effective attacks against banking systems. By the end of the 1980s, the counterfeit card threat was real and growing.
Meanwhile, the concept of the smartcard - an identity card incorporating a computer chip - had been patented by the French engineer Roland Moreno in 1974. Initially, the first smartcards were used as payphone tokens. But, it was not long before the greater potential of this technology was appreciated. Both a data store and a processor, here was a technology that seemed to offer the ideal defense against the looming fraud threat.
Still, criminals were not so easily deterred. The first recorded serious smartcard attacks were against the fledgling pay-TV industry, which issued smartcards to paid-up subscribers. These subscriber cards were, and remain, an attractive target. There was a large and enthusiastic market for pirated cards. Moreover, in the early days, the security systems were seen as a soft target. Some of the early successful attacks didn't need a particularly sophisticated approach: in one system, it was possible to record the decoding signals from a genuine card during a transmission and post these on a web site. Because every card produced the same signals, the signals could be replayed by anyone who had recorded the same encrypted transmission, thereby deciphering the program and enabling it to be viewed. This kind of 'replay' attack exploits poor protocol design.
As the smartcard industry improved its security, so the smartcard hacking industry educated itself in parallel. Protocol weaknesses were eliminated, so the attacking emphasis shifted to invasive probing.
In every invasive smartcard attack, the classic technique is no different to its military counterpart. First, 'map' the target - then attack. To map the smartcard circuitry, the chip must be exposed. This means dissolving the protective resinous seal with fuming nitric acid to expose the metallic and silicon layers. A scanning electron microscope and camera can then be used to create a photographic mosaic of the chip circuitry. The attacker can now identify critical points and use microscopic probes to collect data from bus lines, or may attack some memory areas directly with staining chemicals to reveal the binary bit pattern.
One of the most important tools in the attacker's armory is the focused ion beam (FIB) workstation. This is a microscopic particle gun, which can be used, in effect, to rewire the chip by etching away existing contacts and depositing microscopic amounts of material to create new contacts.
In 1995, an attack technique was published that measured minute differences in the time taken to execute chosen instructions, enabling secret binary key values stored in the smartcard to be deduced. In 1996, this class of attack was developed further. Cryptographic researchers in San Francisco discovered two powerful new non-invasive smartcard attacks which they named simple power analysis (SPA) and differential power analysis (DPA). The SPA attack exploits the fact that the amount of power consumed by a smartcard chip is directly related to the sequence of software instructions it executes. This will reveal cryptographic key values. The attack can be defeated relatively easily by using a combination of software and hardware techniques to create enough random 'noise' to mask the internal instructions being performed.
However, the DPA attack is far more difficult to defeat. DPA relies on collecting a large number of data samples and using statistical techniques to screen out any masking noise. Paul Kocher, the developer of DPA, claims that he has never seen a smartcard that cannot be compromised to some degree using this technique.
Theoretical scaremongering? The evidence suggests not.
In September 1999, software engineer Serge Humpinch successfully cracked the public key crypto-system used to secure the French Cartes Bancaire payment scheme. Humpinch demonstrated his attack by purchasing 10 Paris Metro tickets from an on-line dispenser, then offered to sell details of his technique to the Groupement des Cartes Bancaires for £20 ($28.7) million. He was promptly arrested and charged with blackmail, but the details of the cracked key values still circulate on the Internet to this day.
Three months later, it was reported that hackers had successfully recovered private cryptographic keys from the digital signature card used in the Geldkarte cashless payment system across Germany. Details of the chip, along with text explaining the design, were published on the Internet.
Those who implement smartcards should be under no illusion: Your shiny new smartcard can, and will, be successfully attacked if your opponent has sufficient motivation and resources. There are two lines of defense.
- First, don't make it too easy for the attacker. Keep your technology up to date. Make sure your protocol design is sound - in particular, ensure that replay attacks won't work.
- Second, don't make the target too attractive. At the very least, make sure that if an attacker successfully recovers information from one card, this will not compromise other cards.
Crime is like floodwater - it will find the weakest point in the defenses and surge through it. The smartcard should not be that weakest point.
Allen Chilver is a manager within the IT Security Practice of PricewaterhouseCoopers (www.pwcglobal.com). Based in London, U.K., Allen is a specialist in credit card security and cryptography.