&
Computerworld News Wire
(New Zealand)
Monday, June 22, 1998

Mondex claims are meritless, says cryptographer

"One company should not be claiming they're necessarily better than another"

by Russell Brown, russb@ihug.co.nz

The head of the company that developed a major new theoretical attack on smartcard security has poured cold water on claims that the attack gives Mastercard's Mondex technology a critical advantage over its rival, Visa.

Paul Kocher, president of the San Francisco firm Cryptography Research, developed the differential power analysis (DPA) attack while working on contracts from Visa and several other companies. He says the same issues face both Visa and Mondex and "it is not a case where one company should be claiming that they're necessarily better than another".

Although Visa, Mondex and other companies have been discussing the problem with Cryptography Research for more than a year, the issue surfaced in an Australian Financial Review story on June 6 the same week as the launch of Visa's Java-based Open Platform, which represents a major obstacle to Master-card's plans to establish its Multos smartcard OS as an industry standard.

Days later, the paper quoted Charles Carbonaro, ANZ Banking Group's global head of cards, as saying he would be "extremely uncomfortable" if his bank had a Visa smartcard out in the market and that his bank was "delighted" to have chosen the competing Multos/Mondex platform, which he said was resistant to the flaw.

ANZ was one of four leading Australian banks that signed up (along with six New Zealand banks) to an equity interest in Mondex two years ago. Plans to have all Mondex banks launch the scheme simultaneously this year were scrapped, and two of the banks, Westpac and Commonwealth, have announced plans to issue Visa smartcards.

Carbonaro was not available for comment last week, but his personal assistant said the story was "not quite how it should have been quoted".

Visa's New Zealand country manager, Daniel Jeffares, claims the controversy is a "sideshow" mounted by Mondex to detract from Visa's new Java technology.

Jeffares says Visa has also been told the quotes from Carbonaro were taken "out of context from a 20-minute conversation".

Mondex does not actually have any Multos-based cards in the market yet, but said in a statement it was in the process of implementing a software fix on cards being used in trials. Visa says it is assessing options for a fix, including the software-based solution supplied to Mondex by Cryptography Research, and other hardware options.

The implementation of Visa Open Platform launched recently by Standard Chartered bank in Singapore does not include a stored-value component, so is not exposed to the most serious risk of a DPA attack, the creation of counterfeit e-cash.

Kocher confirms that Mondex "has licensed a lot of technologies from us, although I can't be too specific about what they have implemented and what they're in the process of implementing", but says: "I don't see this as an issue where there's any difference between Visa and Mondex. It's an industry-wide issue and I don't see it as one company versus another, or a case where one company should be claiming that they're necessarily better than another. I think there have been some misinterpretations about this."

Kocher says his company is in negotiations with Visa, "and I expect there'll be some announcements before too long".

Differential power analysis works by monitoring the power used by the chip on a smartcard as it operates. The integrated circuits on chips are built from individual transistors, which exhibit observable electrical behaviour. Small fluctuations in power use can be recorded and subjected to statistical analysis to reveal and extract binary code, including PIN numbers or encryption keys, to be extracted from the chip.

According to Kocher, DPA is part of a spectrum of power analysis attacks, of which SPA (simple power analysis) is the easiest to prevent. "There are some devices, mostly older ones that haven't been upgraded recently, from a variety of vendors, that are particularly bad with regard to a variety of attacks, including this one", he says. "At this point there are no silicon manufacturers which have products that are immune to this, and I have seen absolutely no indication that any products are immune to it. But there have been some companies claiming that their products are invulnerable to this, and the technical support for that argument isn't there."

Both Visa and Telstra say that the Seimens-manufactured Eurochip used in their current smartcards is a later, and more secure, version of that cracked in a separate phonecard fraud which has reportedly cost Deutsche Telekom more than $65 million.


Copyright © 1998 by All Rights Reserved. Reprinted with permission.