Cryptography Reference
In-Depth Information
for example, send four 20-MHz pulses instead of a 5-MHz clock frequency.
The effect is that though the program counter in the microprocessor jumps
forward, the corresponding command is executed either faultily or not at all.
By selecting a suitable point in time and a suitable interference, the attacker
can select a command to be skipped purposefully. The attack hadn't been used
for cryptanalysis to that date. That's where Anderson's idea came in.
In particular, an attacker can suppress the XOR of a byte in a round's key
in the last or next to the last DES round. He encrypts an arbitrary plaintext
with the properly working card and once more with the suppressed com-
mand. He then compares the two ciphertexts created to find clues on key
bits, similarly to differential cryptanalysis. (However, this analysis is clearly
less costly than the one by Biham and Shamir.) On average, five key bits
result per ciphertext, and 40 key bits result after eight faulty encryptions. The
last 16 bits are resolved by brute force. This means that
ten ciphering opera-
tions are sufficient to reveal the DES key in a chip card, without destroying the
card
.
This attack is not theoretical at all, since Anderson and Kuhn virtually mounted
it on a chip produced in series. It is indeed possible that a modified terminal
would reveal keys by the dozen from cards inserted without the customers
ever finding out. The effect would be as dangerous as breaking the algorithm
itself. The Triple-DES introduced in Section 5.2.1 and a large number of other
methods offer no protection against this sort of sneaky attack. The protection
must come from the hardware.
No details were published out of consideration for the card manufacturer, to
ensure that both the manufacturer and the bank customers can adjust to the
situation. Such ideas are not totally new to card manufacturers, and they do
undertake countermeasures; see [Koch.DFA].
Anderson's 'Parity Attack' Against Chip Cards and Memories
When things are bad they tend to get worse: Anderson [AndDES] found a
much simpler way to recover DES keys in chip cards. Most people have come
to think that the NSA pushed for reducing the DES key length from 128 to
56 bits. This corresponds to 8 bytes of 7 bits each; the 8th bit of each of these
bytes can be used for parity check. (Nobody speaks of byte parity anymore
today. But bear in mind when DES was developed.)
As a cruel irony, it is this very parity, which is often required still today, that
Anderson exploited. It is known where in an EEPROM the internal key is
