杏吧原创

Smarter smart cards offer better security

Camouflaging the way smart cards use power could make life much harder for fraudster hoping to hack cellphones, passports and credit cards

Hiding the way smart cards use power could protect cell phones, credit cards and passports from hackers.

So concludes a team of European researchers who have tested the idea against the common techniques that hackers use. The more secure designs could be used in phone SIM cards, bank cards or even passports.

Smart cards contain chips that have memory and microprocessor components so they can store bank details or other information. Access to the chip requires a security key but criminals can work that out by monitoring the cards electrical power usage and response times, leaving them free to use the card how they like.

This technique is known as a 鈥渟ide channel attack鈥, explains Klaus-Michael Koch, coordinator of a European project that has come up with ways to foil the bad guys. 鈥淎n attacker can send a card a security code that鈥檚 wrong and look at the particular power current it draws and the timing of the response to find out what the chip鈥檚 doing,鈥 he explains. 鈥淯sing repeated probes, say around ten thousand, the attacker can work out the correct code,鈥 says Koch. Monitoring a chip鈥檚 temperature or electromagnetic emissions can do the same thing.

The equipment needed to perform side channel attacks used to be very expensive, says Koch, but now that the costs have fallen this kind of attack must be taken more seriously. 鈥淚t鈥檚 now possible to equip a small lab for just 聙1500 ($1900),鈥 he says.

Masked use

Koch worked with researchers from universities in Turkey, Belgium and Italy and two German companies to produce prototype chips more resistant to side channel attacks. Called SCARD (Side Channel Attack Resistant Design), the new chips contain extra circuitry designed to mask a chip鈥檚 timing or power usage.

Power usage can reveal a chip鈥檚 inner workings because different steps in a computation use different amounts of power. The hackers start by feeding a random security key into the chip and monitoring the power usage to see how the computer has processed it. By changing the key and monitoring how this changes the power usage, hackers can work out what the correct code looks like.

鈥淲e鈥檝e made cards that always draw the same current,鈥 explains Koch, the team also altered the way memory cells are connected together so they fool hackers by appearing to contain false information.

Likely deterrent

The improvements do not completely hide the power signals hackers look for, but they are dampened enough to mean an attacker would need to perform many more probes to gain enough information to access a card.

鈥淚t鈥檚 not 100% secure but it is difficult enough to crack that it should deter attackers,鈥 says Koch. Instead of ten thousand probes with cheap equipment, anyone attacking a card containing one of the new chips would need to do so half a million times using much more powerful state-of-the-art equipment that would be much more expensive.

The downside to the new design is its cost because of the extra circuits needed, says Koch, who expects attackers to eventually catch up with the new security features. 鈥淪ecurity is a question of how hard you attack. There are always weaknesses and in the future improved technology can make it possible for them to be exploited,鈥 he says.

鈥淧ower-analysis attacks continue to be a great worry,鈥 computer Security expert Markus Kuhn at the University of Cambridge, UK, told New 杏吧原创, 鈥渢hey can be performed with standard lab equipment sometimes within seconds, perhaps without the card holder even noticing.鈥

The vulnerability of the card doesn鈥檛 even depend entirely on a card鈥檚 design, says Kuhn. 鈥淭he SIM in my mobile phone does not have to be extremely secure, because it remains within my phone and I can quickly disable it remotely by calling my operator when it gets stolen,鈥 he says. Bank cards are much more at risk because users often hand them to strangers in shops and restaurants. 鈥淧ay-TV smartcards are most vulnerable,鈥 says Kuhn, 鈥渂ecause attackers can order lots of them and work on them undisturbed in their lab.鈥