The New York Times
Monday, June 22, 1998

Code Breaker Cracks Smart Cards' Digital Safe

by Peter Wayner, wayner@nytimes.com

To the companies in the smart card business, Paul Kocher may be too smart for their own good.

For the last year, Kocher's four-man consulting firm in San Francisco has kept big credit card companies and banks on edge by sharing details of his discovery of a way to break into the newest version of smart cards -- credit-card size devices that contain a tiny computer chip and can be used for a variety of purposes including storing so-called digital cash.



Credit: Peter DaSilva for The New York Times

Paul Kocher of Cryptography Research holds a modified "smart card" reader he developed to help decipher the digital code of the cards that are used by banks and financial institutions.


Although Kocher's intent has been to warn the industry and sell it possible solutions, his expertise, in the hands of thieves, counterfeiters or impostors, could compromise the security safeguards of smart cards, which are coming into widespread use in this country and in Europe.

The cards are at the center of the plans by the banking and credit card industries to cut costs and improve customer convenience by replacing conventional magnetic-stripe cards with ones that not only can act as a debit or automated-teller-machine card but can also be loaded with digital cash that would function as legal tender wherever merchants have digital-cash decoder terminals.

Public confidence in the technology will be crucial to the industry's plans. And that may help explain why, since word leaked of Kocher's break-in methods two weeks ago, the industries promoting smart cards have tended to play down his technique by calling it a "laboratory attack" that could be replicated by perhaps a handful of people around the world.

"Chip cards are the most secure technology around", said Steve Schapp, the executive vice president of Visa International in charge of developing smart cards. "They are very hard to break."

Kocher and his colleagues were able to crack the digital code designed to make the smart cards tamper proof by drawing mathematical inferences from the fluctuating electrical power consumption of the chip. It is a sophisticated type of analysis, but the rudimentary "laboratory" -- in this case a three-room office suite, some garden-variety PC's and several thousand dollars of electronics equipment -- indicates that it does not require elaborate tools to crack what is supposed to be a highly secure digital safe.

As details of the technique circulate, as they invariably do in the hacker underground, imitators will almost certainly try to duplicate Kocher's experiment. For his part, Kocher, who at 25 is already a well-known expert in code breaking, said, "As the expertise becomes more widely available, the threats will become more than academic."



Related Article
Cryptographers Discuss Finding Of Security Flaw in 'Smart Cards' (10jun98)

Peter Neumann, a computer scientist at SRI International, a research group in Menlo Park, Calif., said the approach had "enormous potential as another technique for breaking weakly designed and badly implemented devices."

Though already in wide use as bank cards in Europe, smart cards in this country have been mainly used so far for controlling access to buildings and protecting against fraudulent use of new types of cellular telephones. But American banks have begun experimenting with the cards, as Chase Manhattan is doing in a test of Mastercard International's Mondex system on the Upper West Side of Manhattan.

Banks trust that the computer chips embedded in tamper-resistant packaging will act like a virtual branch office, dispensing money and crediting accounts to the right people.

But if someone could break through the card's defense, then that person could conduct fraudulent transactions, load counterfeit digital cash onto the cards or create various other forms of mischief.

So even as smart-card executives seek to play down the threat posed by Kocher's discovery, and they stress that no known break-ins of his sort have occurred in the real world, the industry knows it must continuously improve smart-card software and hardware.



Cracking the Code

By monitoring the power consumption of smart cards, an expert in electronic security has discovered a way to crack the code that protects information on the cards -- credit-card size devices that contain a tiny computer chip and can be used for a variety of purposes, including storing so-called digital cash. Here is how the security code can be breached.

Looking for Patterns

When the card is in use, its microchip performs a number of operations, each of which requires different amounts of power. By hooking the card up to an oscilloscope, a machine that records power use, the distinctive patterns from each operation can be recorded. Above are six operations done by a smart card in 1.68 microseconds. As recorded by the oscilloscope, operations A and F are identical, as are C and D. This series of peaks occurs whenever the card performs that series of operations. If one peak is omitted at some point, it would indicate an important change in the computation.

Doing More Analysis

Because looking at the pattern created by a number of computational cycles is not enough to figure out the security codes, other types of analysis are needed, like the example above. Each point on these peaks depicts an average of four cycles like the ones above. The sequence of eight peaks indicates a part of an encryption operation that protects information on the card. The presence or absence of spikes between these peaks gives analysts a piece of the encryption key, of which further, similar analysis may reveal additional pieces.


"In a sense, this is an arms race; the attackers will always get better", said Richard Fletcher, the head of strategy and planning of Mastercard's Mondex smart-card division. "The only defense and the best defense against future attacks is to keep moving and keep changing."

Gerald Hubbard is the vice president of marketing in the United States for Bull Smart Cards, a company that says it has shipped more than 120 million money-carrying smart cards throughout the world. He said that his company had known about the Kocher type of attack for more than four years and had installed safeguards to thwart it. But, Hubbard said, "You can never say a card is 100 percent immune."

In fact, some other industry executives expect it to take perhaps two years before there will be smart cards and related hardware that will be impervious to Kocher's type of attack. Kocher said he had approached the smart-card industry last year with the details of his discovery because he knew that criminals might also use the same tricks. But he said that he did not publicize his findings so that the industry would have time to adopt defenses, including techniques for which he has filed for patents and is now licensing to the companies.

He publicly announced the smart-card security flaw two weeks ago, only after The Australian Financial Review published an article about his break-in technique.

Kocher's company, Cryptography Research, analyzes and tests computer security hardware and software for many of the leading computer companies. His discoveries of flaws in supposedly secure technologies have drawn attention in the past -- as in 1995, when he found that he could break into smart cards by simply timing how long it took them to process data.

In the case of this newly disclosed smart-card problem, Kocher and his colleagues found that the cards' consumption of electrical power could disclose vital information about the secret key that protects the money or other data on the chip.

By watching the monitor of an oscilloscope, a device that measures the power use on a screen similar to the way a cardiac monitor displays a patient's heart action, Kocher's team was able in some cases to use the electrical pattern from a single transaction to decipher the key to the code. In other cases, they were forced to use more sophisticated statistical techniques to analyze the results from as many as 1,000 transactions.

Kocher said his team had spent at least as much time looking for solutions as it had in identifying the security flaw. A possible remedy involves masking the transaction in digital noise by adding meaningless random calculations that would consume random amounts of current.

Another possible solution, which according to Mastercard officials is being incorporated in the latest version of its Mondex smart-card software, is to vary the order of the operations in the software to make it more difficult to identify patterns in the consumption of power.

A banking industry goal with smart cards is to cut costs by eliminating the need for central approval of a debit or credit transaction. By some estimates, the marginal costs for clearing a smart-card transaction are well under a penny.

Credit card transactions, however, typically require a long-distance computer network and a large central data base for examining each deal, and the transaction eventually means billing a customer and cashing the payment checks. These steps add up to 25 cents a transaction, on average, compared with about a penny for a smart-card transaction, in which all the authorization information -- and even the money itself -- can be contained on the card's chip.

To create an audit trail that might help track fraud, however, Visa International's smart-card system uses merchant terminals that report transactions to a central data base at the end of each day.

"We don't feel it is a good idea to have the security depend upon the chip itself", said Philip Yen, a senior vice president of Visa International. "We think it's more important to have complete system security."

Fletcher, of Mastercard's Mondex, contends that including any sort of central control runs counter to the purpose of a smart card -- giving customers the ability to use the money on a card just like cash.

"The critical point of any digital cash system is that you're off line", he said. "There's no online link at that point. You're critically dependent upon the card's security."

As the banks debate the security trade-offs, there is one certainty: Paul Kocher and others like him will continue to look for chinks in the smart-card armor. And as Kocher likes to remind the industry, "We have not yet encountered a card that couldn't be broken."


Related Sites


Copyright © 1998 by The New York Times Company. All Rights Reserved. Reprinted with permission.