Ross Anderson on Beating IBM Phone Clone Hack

9 May 2002
Date: Thu, 9 May 2002 17:27:44 +0000 (GMT)
From: ukcrypto <ukcrypto@ttfn35.freeserve.co.uk>
To: ukcrypto@chiark.greenend.org.uk
Subject: Attack of the [phone] clones (fwd: The Register)

http://www.theregister.co.uk/content/59/25216.html

A technical paper on IBM's work, Partitioning Attacks: Or how to
rapidly clone some GSM cards, by Josyula R Rao, Pankaj Rohatgi, Helmut
Scherzer and Stefan Tinguely will be presented at the IEEE Symposium
on Security and Privacy, in Oakland, California next week.



To: ukcrypto@chiark.greenend.org.uk
Subject: Re: Attack of the [phone] clones (fwd: The Register) 
Date: Thu, 09 May 2002 23:14:20 +0100
From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>

IBM's attack will be presented at the Oakland conference at 10 in the
morning next Monday. At about 5 in the afternoon, I'll be describing a
technology we've developed that stops this sort of attack dead. The
paper already appeared in April at Async 2002, where it won the best
presentation award.

Our basic idea is that many types of attack, that exploit side
channels or utilise fault induction of various kinds, can be blocked
by implementing the smartcard CPU using redundant logic. Instead of a
wire being High or Low to signal 1 or 0, we use HL to signal 1, LH to
signal 0 and HH to signal ALARM. We also make the logic asynchronous
and do one or two other things.

One reason to go for a general and principled solution rather than an
ad-hoc countermeasure is that, over the last few years, the measures
taken in hardware and software to block all the power attacks, glitch
attacks and so on have become an unmanageable mess. They can take up a
third of the CPU real estate and a quarter of the software library.
They are increasingly fragile in that small changes to either hardware
or software can cause apparently unrelated protection mechanisms to
fail. The cost, of space and performance, goes up constantly. It's the
security equivalent of spaghetti COBOL. Eventually you have to step
back, figure out what you're actually trying to do, and redevelop.

The paper's at http://www.cl.cam.ac.uk/ftp/users/rja14/async2002paperV2.ps
and the extra material I'm announcing on Monday consists essentially of
test results, which are good. We've run the same code on a traditional
CPU and on the new secure one, side-by-side on the same test chip; the
correlation between power and data is visible clearly in the traces 
from the first CPU and not at all in those from the second.

Ross

PS: We're also announcing some new attack techniques that are easy to
implement and widely applicable. A paper will appear on my web site
once I get back from the conference, i.e. about 0300 GMT Tuesday