AUCKLAND -- Ross Anderson is one of the world's foremost experts on secure banking systems. He works at the University of Cambridge Computer Laboratory, where consultancy clients include Microsoft and Intel. In 1991, he helped design UEPS, which is often regarded as the first real smartcard banking system, and has subsequently been adopted by Visa as the COPAC pre-paid card.
For the past four years, Anderson has concentrated on studying ``why cryptosystems fail in real life''. In that time he has produced numerous papers, including Why Cryptosystems Fail (1993) and last year's Tamper Resistance - a Cautionary Note, which was voted best paper at the Usenix Electronic Commerce Workshop. The paper concluded that electronic money systems were not viable without reconciliation to a shadow account as second line of defence.
Tamper Resistance was written with Markus Kuhn, the German student who rose to prominence by breaking BSkyB Europe's smartcard and writing Season 7, the Sky card emulator for the PC. BSkyB originally claimed its encryption system was unbreakable, but both PC emulators and pirate cards are available for the tenth generation of its card and it is estimated that between 5% and 10% of viewers in Europe use pirated technology. The Sky 11 card is apparently being prepared and is expected to last six months before it, too, is compromised.
In the course of research for `Tamper Resistance ...', Kuhn used techniques developed by Sky hackers to break the Dallas 502, the security chip used by the Bank of England. Since then, he and Anderson have written a further paper, `Low Cost Attacks on Tamper-Resistant Devices'.
In fact, I first mentioned in November 1995 at a Department of Trade and Industry meeting that we could reverse-engineer smartcards. I was referring to the work of Haroun Ahmed that is cited in my paper. People present asked whether we could break Mondex. I challenged Mondex to provide a dozen merchant cards and a letter saying that we would not be prosecuted under the Computer Misuse Act. They refused.
In fact, when they found out that the reverse engineering was done at our physics lab, they approached Haroun and offered him some money to do a ``friendly attacko'' on their chip
Once he had signed their NDA, they came back to me and offered a bottle of champagne if I could extract master keys from a customer card. However, they were not prepared to supply the cards and offered only a few weeks to do the attack. In addition, there usually aren't any master keys in customer cards but just in merchant cards -- with the exception of a key used for the card-to-card protocol. But no doubt that's called something other than a master key in their documentation.
So their response was a tactical one rather than an honest one. Its main effects were firstly to get me irritated at them and secondly to get me to team up with Markus Kuhn, as he had access to an electron beam tester at Erlangen, which I needed now that Mondex had ``sterilised'' our access to the physics lab's electron beam machine. It also led me to encourage Markus to attack the Dallas DS5002 chip, as we had heard that this chip would be used in the next generation of Mondex merchant terminals.
My reading is that it's an attempt to sow uncertainty and doubt. They will be able to claim, sort of truthfully, that Mondex was evaluated at Cambridge, and many people will -- incorrectly -- perceive that as an endorsement from our group. It isn't. But it's unlikely that an evaluation done without any security experts will be of value. Attacks of the kind that Markus and I and pay-TV hackers have been devising on other chips just won't occur to people with no security background.
Knowing what you do about current avenues of attack on smartcards, what would be your estimate of the likely time and budget required to compromise a Hitachi 3101-based Mondex card to the point where value could be added by the attacker? How would the equation change with the supposedly more robust 3109?
Given the resources available at an organisation such as Intel or Sandia, about two days for either. No possibility of a defence.
Given a commercial reverse engineering firm such as Semiconductor Insights, two to four weeks and maybe $100,000 for either. They were alleged to have reverse engineered the Sky10 ASIC in the course of a piracy trial in the UK recently.
They also rely on the tamper-resistance or at least ``tamper-evidentness'' of the audit trail. An attacker who gets complete access to the Mondex card's contents can clearly get at all of the intrusion detection machinery that's embedded in the card, and write any audit trail he likes into his forged cards; they would probably report a completely innocuous transaction record to the ATM whenever they're used in one.
Also, the claims of intrusion detection via audit trails are not consistent with the claims of privacy through a lack of them. This issue has already been raised in the UK through a complaint to the trading standards office and Mondex lost; they no longer advertise their card here as providing untraceable electronic cash.
I have also recently been looking at the physical robustness of smart cards. These devices were originally devised for limited life use in French pay telephones -- maximum 50 calls -- and limited life use as French bank cards -- expected use three times a week for two years, or say 300 insertions. The failure rate for bankcards is about 1%.
I recently got hold of some cards used in a building access control system. They had been used several times a day and accumulated 2000 and more cycles. The failure rate was as high as 15%, especially when cards were used in a variety of climates -- hot and sticky outside, cold and dry inside. The gold is completely worn away and the underlying contacts have become pitted and started to come away at the edges.
Now, as Mondex is not accounted, they have a problem when somebody turns up at a bank counter and complains about a dead card. I understand that at the Swindon trial, their procedure is that the first time you complain, they give you whatever you say was in the card; the second time, they tell you to jump in the river.
Anyway, the dangers of using a non-robust payment technology in a high-volume application where there is no robust recovery mechanism should be obvious. In fact, I expect it will be this rather than chip break-ins which will condemn the Mondex system to the scrapheap.
Further information and full texts of papers can be had from Anderson's home page at http://www.cl.cam.ac.uk/users/rja14/