1 October 1997: Link to related news report
24 September 1997: Link to story on new Mondex chip
9 September 1997
Source: Anonymous
As is apparent from the attached memo, TNO broke Mondex. At Eurocrypt this year, TNO's Ernst Bovenlander gave some details of these attacks (though he didn't mention Mondex as the target). He showed an electron micrograph of a fuzed link in a smartcard; while intact, this link activated a test mode in which the card contents were simply dumped to the serial port. The TNO attack was to bridge the link with two microprobes. At the last RSA conference, Tom Rowley of National Semiconductor reported a similar attack on an unnamed chip using an ion beam to rewrite the link (maybe NatSemi was the `North American entity' cited below).
Bovenlander also told the Eurocrypt audience that microprobing attacks get harder when the feature size drops below one micron. However, there is a simple fix - to use a focussed ion beam to plate a nice large contact for the microprobe on each bus line. He showed a micrograph of a 0.8 micron chip treated in this way. He also related that undergraduates at Delft University routinely break smart card chips using microrprobe workstations, and as part of their assessed course work rather than as personal hacking. So it looks like the current version of Mondex (3101) can be broken by undergraduates.
After EFF Canada disclosed this memo, they got a threatening letter from the National Bank of New Zealand:
David G. Jones,
President,
Electronic Frontier Canada, Inc.,
20 Richmond Avenue,
Kitchener, Ontario,
N2G 1Y9
CANADA
RETAIL PRODUCT MANAGEMENT & MARKETING
Level 8
National Bank House
170-186 Featherston Street
PO Box 1791
Wellington
New Zealand
Ph: 0-4-494 4000
Fax: 0-4-494 4402
Dear Sir
Unauthorised Use of Confidential Material
It has come to the Bank's attention that a memorandum prepared by an officer
of the Bank ("Memorandom") is being published by you on the Internet as per
the enclosed materials without the permission or consent from the Bank.
The Memorandum is protected by copyright, and the copyright is owned by the
Bank. The unauthorised publication of the Memorandum by you is a breach of
the Bank's copyright.
In addition, the Memorandum is confidential, and was produced for the purpose
of discussion only amongst authorised personnel. The Bank considers the
disclosure of the Memorandum to you, and your publication of it, to be a
breach of confidentiality. Moreover, the Bank is concerned that it may
suffer serious detriment from this unauthorised use of the Memorandum.
The Bank considers the publication of the Memorandum to be a serious breach
of its proprietary rights in the Memorandum and requires you to immediately
withdraw the Memorandum from any further display, publication, or
reproduction by any means whatsoever. The Bank also requires you to
immediately destroy all materials that you have which contains any of the
Memorandum.
The Bank requests that you immediately confirm in writing that you have
complied with the above requirements. If we do not receive such confirmation
by 14 days from the date of this letter, the Bank will pursue its remedies,
including through formal proceedings if necessary.
Yours faithfully,
(signed)
Simon Dixie
Manager Strategic Advisory
This could become another cause celebre of censorship on the net, like the Fishman affidavit or the JET report. There is an intense public interest: if a defective payment mechanism is rolled out next year, gets attacked by the Mafia, and banks go belly up, then the poor taxpayers will be expected to foot the bill through FDIC or whatever.
So spread this message as widely as possible, write to your congressman; and if you bank with a Mondex franchisee, move your business somewhere else!
Mondex SVC Security
Security Due Diligence, May 1996
The memorandum outlines the main points arising from discussions with Craig
Glendenning (Senior Manager, Technology Strategies, Commonwealth Bank) on
security issues identified during the May 1996 Mondex due diligence visit to
London, by the Australian bank consortium security team.
Extent of security evaluation effort
The Australian effort to understand Mondex security through the due diligence
process has been greater than that of other potential member groups. The Hong
Kong Shanghai Bank franchise was essentially purchased on the strength of a
business case, with only a cursory view of security. Similarly, comments from
Natwest Mondex staff indicate that the US consortiums security due diligence
was not as comprehensive/inquisitive as the Australian effort.
Potential for chip tampering
Weaknesses in 3101 chip (used for the Swindon trial) were identified by TNO
through technical attacks on the chip (e.g., microprobing). These weaknesses
have reputedly been fixed in the 3109 chip, by:
a) reducing the scale of chip technology from 1.3 microns (in the 3101)
to 0.8 microns which substantially increases the difficulty of
conventional physical probing or memory imaging type attacks.
b) changes to the physical architecture of the chip to thwart previously
successful attacks through "test mode memory access links".
However, no third party reports (substantiating the security claims of the 3109
chip) were released to the Australian security team. Mondex provided verbal
representations that an anonymous third party evaluation agency (a North
American entity) had started work on attacking the 3109 (by reverse engineering
it). TNO would not get the chip until this agency had finished their work
sometime later in 1996. Evaluations reports from Cambridge University and TNO
were not expected until Q1 1997.
Conclusions
The risk remains that a significant technical weakness may be found in the 3109
chips. This would require a major change to the chip which could take a
significant amount of time to rectify and retest.
Mondex staff have stated that NATWEST is obligated (as stated in the
Participants agreement) to disclose any material issues that would jeopardise
security of the scheme. Consequently, the reluctance of Mondex to make
available all reports on the security of the 3109 chip should not necessarily
be interpreted as "hiding a known weakness". Conversely, fears about the
security of the 3109 chip will not be resolved until Q1 1997 when the
evaluation agency reports are available for scrutiny.
The "reverse engineering" attacks on the chip indicate that Mondex believes the
security of the scheme relies primarily on the secrecy of the cryptographic
keys rather than chip design.
"Fit for purpose"
Mondex have made a general statement about the security of the card/scheme to
the effect that the card is "fit for purpose". However, this "purpose" is not
explicitly defined in the participation agreement. Statements in the
participation agreement tend to indicate that the purpose is confined to "low
value payments". The Australian banks appear to have a more expansive
view/expectation, that the purpose covers large denomination transactions.
While there does not appear to be an explicit "meeting of minds" over purpose,
it could be argued that as the chip is integral to all security functions (from
Originators purse through the GKC to the customer purse) then it is possible
that the chip is being evaluated against all these roles, in terms of purpose.
KPMG report
The KPMG report for the BoE (Bank of England) did not cover tamper resistance
of the chip. A different agency investigated this for the BoE (presumably the
North American entity). Mondex would not disclose the name of this agency or
contents of their report.
Nine weaknesses in the operation of the Mondex scheme were identified in the
KPMG report. All but one (reliance on key personnel) appear to have been
addressed.
Chip failure
The failure rate of the chip is reputedly now < 1%. This has arisen through:
a) Elimination of manufacturing defects
b) Reduction in the chip technology size (to 0.8 microns) makes the chip more
robust
Embossing the card is still not permitted by Mondex as this reduces chip/card
reliability.
Public key cryptographic systems
Mondex claims support for nine public key cryptographic schemes. Mondex has
reputedly performed public key cryptography using the card in less than 2 secs.
However, this performance claim is somewhat nebulous as they have refused to
disclose the key size (i.e., performance is directly related to key size in
most public key implementations).
Conclusions
The Swindon trial used a private key cryptographic system, primarily because of
private key cryptographic systems currently process faster than public key
systems (in both hardware and software implementations). The performance
related viability of public key cryptographic systems still remains unresolved.
Difference in initial understanding
The following changes or differences in initial understanding between Mondex
and the Australian due diligence team were identified:
* No "hot list" scheme is being developed by Mondex. Their approach to
protecting value in the scheme is based on a "prevention, detection, and
recovery" strategy. This makes the risk management database initiative
crucial for the detection of value being added to the scheme. However, the
due diligence team were unable to obtain any proof of the efficiency of the
risk management database.
* The role of the Global Key Centre in the scheme has changed. Purse
customisation/personalisation can now be undertaken anywhere (even at Issuers
sites). Manufacturers will require a trusted facility from which to inject
keys.
* Loyalty schemes can only be run on the present application by adding the
scheme as a new currency (until MAOS is developed). This has the effect of
reducing the number of real currency purses. Also, how terminals will handle
loyalty schemes is still up in the air.
MAOS (Multiple Application Operating System)
MAOS is a different operating system to the operating system employed for the
Swindon Mondex trial. MAOS allows for simultaneous support and secure
segregation of co-resident applications. Although multiple applications can
exist on the current operating system, they co-process (i.e., share the same
memory space). MAOS is being developed to increase the value of the card to
consumers, merchants, and members through the provision of a range of
complementary business applications on one card. Mondex also sees a larger
potential market for MAOS on non-Mondex cards. The stated goal is to have MAOS
capable of supporting:
* the Mondex purse application
* EMV debit/credit applications
* GSM
* Loyalty applications
The Target date for an initial MAOS application is 1 January 1998.
The security requirements defined for MAOS are:
* Secure load and deletion of applications
* Secure segregation of co-resident applications
* Confidentiality of applications to prevent one application peeking or fishing
in another application
ITSEC E6 evaluation (certification criteria used to guarantee a binding link
between requirements and code) is to be used to enforce a disciplined
development to ensure the security of the object code. This is essential to
prove that the MAOS can be relied upon to prevent a members application
interfering with Mondex application (so that members can write their own
applications without having them evaluated by Mondex and owners of other
co-resident applications).
Risks
* MAOS is an ambitious project with high risk of failing to meet scheduled
delivery.
* Failure to achieve E6 certification for the MAOS could lead to reduction in
security and increase the risk associated with the entire scheme.
* There is a risk that MAOS will not become the industry standard as espoused
by Mondex.
Other Matters
Discussions with Glendenning indicated that Commonwealth Bank views their
Mondex "investment" purely as "having bought an option". Their belief appears
to be that the underlying technology still has a way to go before
implementation issues can be assessed in any detail.
Gavin Weekes
10/06/96
12 August, 1997
[End]