The New York TimesThe New York Times TechnologyMay 13, 2002  

Home
Job Market
Real Estate
Automobiles
News
International
National
Politics
Business
Technology
- E-Business
- Circuits
- Columns
Science
Health
Sports
New York Region
Education
Weather
Obituaries
NYT Front Page
Corrections
Opinion
Editorials/Op-Ed
Readers' Opinions


Features
Arts
Books
Movies
Travel
Dining & Wine
Home & Garden
Fashion & Style
New York Today
Crossword/Games
Cartoons
Magazine
Week in Review
Photos
College
Learning Network
Services
Archive
Classifieds
Theater Tickets
NYT Mobile
NYT Store
E-Cards & More
About NYTDigital
Jobs at NYTDigital
Online Media Kit
Our Advertisers
Member_Center
Your Profile
E-Mail Preferences
News Tracker
Premium Account
Site Help
Privacy Policy
Newspaper
Home Delivery
Customer Service
Electronic Edition
Media Kit
Text Version

Join Ameritrade. Get $50 & commission-free trades!


Scottrade: $7 Trades, Fast Executions, #1 Broker


Go to Advanced Search/Archive Go to Advanced Search/Archive Symbol Lookup
Search Optionsdivide
go to Member Center Log Out
  Welcome, malak

Vulnerability Is Discovered in Security for Smart Cards

By JOHN MARKOFF

SAN FRANCISCO, May 12 — Two University of Cambridge computer security researchers plan to describe on Monday an ingenious and inexpensive attack that employs a $30 camera flashgun and a microscope to extract secret information contained in widely used smart cards.

The newly discovered vulnerability is reason for alarm, the researchers said, because it could make it cost-effective for a criminal to steal information from the cards.

Advertisement


Smart cards are used for dozens of different applications, including electronic identity protection, credit and debit cards and cellular phone payment and identity systems.

The Cambridge researchers said they had discussed their discovery with a number of card manufacturers, and several had acknowledged the vulnerability. One company reported that its security testing teams had already considered types of attacks similar to the one mounted by the Cambridge team and that they believed their products were not vulnerable.

The researchers said they had also proposed a potential design change to the companies that would protect against the attack.

"This vulnerability may pose a big problem for the industry," they wrote in their paper, "Optical Fault Induction Attacks." The researchers argued the industry would need to add countermeasures to the cards to increase their security.

The Cambridge group's discovery is one of two new smart card attacks that will be introduced Monday evening in Oakland, Calif., at an Institute of Electrical and Electronics Engineers symposium on security and privacy.

A team of researchers from I.B.M.'s Thomas J. Watson Laboratory in Yorktown Heights, N.Y., said they would present a report at the conference based on their discovery of a different vulnerability in subscriber identification module, or S.I.M., cards. These are used in the type of digital cellphone known as G.S.M., widely used in Europe and to a lesser extent here.

The vulnerability would make it possible for a criminal to find the secret information stored in the card, steal the user's cellphone identity and make free phone calls.

Smart cards are credit-card-like devices containing a microprocessor chip and a small amount of computer memory for storing bits of electronic data that represent money or other information that can be used to ensure identity, like a code or a digitized retina scan or fingerprint.

More widely used in Europe than in the United States, the cards have long been promoted as the key to a cashless society as well as for identity and authorization applications. Some countries have begun using them for national identity cards, and they have recently been discussed as a way of confirming travelers' identities to speed airport security.

The Pentagon has armed soldiers with smart cards for online identity and physical access, and the cards are in use in the United States in commercial services like the American Express Blue credit card and the Providian Smart Visa Card. Both cards are offered by their providers as a convenient and safe way to make Internet purchases, although their actual use for those purposes so far has been limited.

Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed.

Typically, after the card holder authenticates the card by supplying a pin number, the private key will then be used to encrypt any sort of transaction using the card. For example, the card might be used to authorize a purchase or a transfer of funds, make an e-mail message private, log on to a computer network or enter a building.

The researchers from Britain, Sergei Skorobogatov and Ross Anderson, who are based at the University of Cambridge Computer Laboratory, discovered the flaw after Mr. Skorobogatov found that he could interrupt the operation of the smart card's microprocessor simply by exposing it to an electronic camera flashbulb.

They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.

With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope.

"We used duct tape to fix the photoflash lamp on the video port of a Wentworth Labs MP-901 manual probing station," they wrote in their paper.

By sequentially changing the values of the transistors used to store information, they were able to "reverse engineer" the memory address map, allowing them to extract the secret information contained in the smart card.

Mr. Skorobogatov is a Russian emigrant who was once employed in the former Soviet Union's nuclear weapons program, where his job was to maintain bombs.

Mr. Anderson is a well-known computer security researcher whose work in both computer security and cryptography is widely recognized.

The researchers said they had discussed their findings with a number of companies that had acknowledged the vulnerability. However, at least one manufacturer who had read the paper said it believed its products were not vulnerable to the attack.

"This is a paper for an academic conference," said Alex Giakoumis, director of product lines for the Atmel Corporation, a San Jose, Calif.-based maker of smart cards. "We've already looked at this area."

He said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system, because such information would be valuable to someone who was attempting to break the security of the Atmel smart cards.

The I.B.M. paper, which is titled "Partitioning Attacks: Or How to Rapidly Clone Some G.S.M. Cards," was prepared by Josyula R. Rao, Pankaj Rohatgi, Helmut Scherzer and Stefan Tinguely.

The researchers reported that they had dramatically shortened the time needed to steal secret information from today's G.S.M. cellphones.

Their new approach can seize the information within minutes, they said, making it a much more useful method than either breaking the cryptographic algorithms used by the card or by intrusive attacks such as the Cambridge approach. The I.B.M. researchers' report also offers advice to the smart card industry on how to protect against vulnerabilities.





E-Mail This Article
Printer-Friendly Format
Most E-Mailed Articles
Reprints
Start the day informed with home delivery of The New York Times newspaper.
Click Here for 50% off.


Home | Back to Technology | Search | Corrections | Help | Back to Top
Copyright 2002 The New York Times Company | Permissions | Privacy Policy
E-Mail This Article
Printer-Friendly Format
Most E-Mailed Articles
Reprints


Topics
 Alerts
Computer Chips
International Business Machines Corporation
Computer Security
Privacy
Create Your Own | Manage Alerts
Take a Tour
Sign Up for Newsletters








You can be the first to know about promotions, offers and new products from select NYTimes.com advertisers. Click here to sign up.







Search for Jobs:



Sign up for Job Alerts
Post Your Resume