

3DES protected smartcard cracked with side channel analysis. - ryanmolden
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00350.html.en

======
feralchimp
Super interesting!

Sadly, the 7MB file linked from that article is not a PDF of a published
research paper, but an enormously high-res version of the photo to the right
of the article.

------
jcr
> The required time and effort are quite low: “For our measurements, we needed
> a DESFire MF3ICD40 card, an RFID reader, the probe and an oscilloscope to
> measure the power consumption”, says Oswald. This equipment only costs a few
> thousand euros. Having obtained knowledge on the characteristic properties
> of the smartcard, the attack takes three to seven hours.

So you need a few thousand Euros of equipment, some knowledge, and undetected
access to a card for three to seven hours... --considering the requirements to
be "quite low" is just the typical security world scare-mongering journalism.

~~~
JoachimSchipper
To a cryptographer, that _is_ "quite low". It's not that uncommon to use
algorithms where the best known attack takes something like 10 times the
lifetime of the universe, assuming every single quark and every tiny bit of
energy is used for computation.

(A bit of perspective: this is not really a new result, the same group has
cracked similar systems before. Smart cards are quite hard to protect from
side-channel attacks.)

~~~
demallien
Yup. It's not about being able to get on Melbourne trains for free, it's about
being able to get access to your competitor's research lab, or to their
mergers & acquisitions plans, or whatever. In that context, a few hours and a
few thousand euros is absolute peanuts.

I used to work for a DRM company, and the physical protections designed into
those things (not near-field, just standard smartcards) was ludicrous. self-
destruction on exposure to light. Measured to ensure that you can't detect
good or bad keys by: thermal emissions, electric resistance, electrical
consumption, time to respond, and rf emissions.

All of that on top of the standard cryptographic requirements makes smartcard
design an incredibly challenging proposition, and one that is ultimately
futile in my opinion. For example, the last I heard from friends in the biz
was that the crackers are still just using agregate measurements, but what
happens when they start using high-res thermal imaging? You'll have to make
sure that there is no special hotspot (or coldspot) on the chip when
decryption succeeds. The same applies to RF emissions. Not easy.

~~~
JoachimSchipper
Yeah. And that's just passive attacks. It gets even scarier when people start
creating faults with precisely-timed laser pulses (this equipment is
commercially available). Etcetera.

Theoretical cryptographers have recently begun studying this kind of problem
(in fact, that's what my PhD is about). That may help. Or not. But throwing
the problem "over the wall" to the engineers hasn't worked that well, and I
hope that some theory can be helpful here.

