2 Israelis Outline New Risk To Electronic Data Security

The New York Times, October 19, 1996, p. 37.

2 Israelis Outline New Risk To Electronic Data Security

Hints That 'Smart Cards' Aren't So Smart

By John Markoff

San Francisco, Oct. 18 -- Two of Israel's leading computer scientists say they have found a way to more easily decode and then counterfeit the electronic cash "smart cards" that are now widely used in Europe and are being tested in the United States.

The researchers have begun circulating the draft of a paper that points out higher security risks than those discovered last month by scientists at Bell Communications Research.

The Bell communications researchers had reported that it might be possible to counterfeit many types of the "smart cards" that are being tested by banks and credit card companies, including Visa and Mastercard.

The two Israeli scientists, Adi Shamir, a professor at the applied mathematics department at the Weizmann Institute, and Eli Biham, a member of the faculty of the computer science department at the Technion, reported that in addition to the so-called public key coding systems that were found vulnerable by the Bellcore team, private key data coding systems such as the American Data Encryption Standard, or DES, can be successfully attacked if a computer processor can be made to produce an error.

The two Israeli's made a draft of their research available via the Internet on Thursday. In their paper the two wrote, "We can extract the full DES key from a sealed tamperproof DES encryptor" by analyzing fewer than 200 encoded messages.

Both public key and private key data scrambling methods are based on the difficulty involved in factoring large numbers. A public key system permits two parties who have never met to exchange secret information. A private key system requires that a secret key be exchanged beforehand.

Data coding experts said that the new Israeli method might be a more practical system than the previously announced Bellcore method, because unlike public keys, which are frequently used only once per message, a private secret key may be used repeatedly to scramble electronic transactions.

"This seems a lot closer to something that might actually be used," said Matt Blaze, a computer researcher at AT&T Laboratories.

Smart cards have been promoted as tamper proof, which is why computer scientists at Bellcore, one of the nation's leading information-technology laboratories, sounded the alarm last month, saying that a savvy criminal might be able to tweak a smart-card chip to make a counterfeit copy of the monetary value on a legitimate card.

Executives at smart card companies said at the time that the attack was theoretical and that it would be impossible to make a smart card generate an error without actually destroying the card.

However, Mr. Biham responded that he believed such hardware attacks were possible. The cards are generally damaged using heat or radiation, which causes the computer chip in the card to generate an error, which the Israeli scientists used to obtain the code key and copy the card.

"I have ample evidence that hardware faults can be generated without too much difficulty," he said in an electronic mail message. "As a consultant to some high-tech companies, I had numerous opportunities to witness successful attacks by commercial pirates on pay-TV systems based on smart cards. I know for a fact that some of these attacks were based on intentional clock and power supply glitches, which can often cause the execution of incorrect instructions by the smart card."

Other researchers said that the class of attacks demonstrated by the Bellcore team and the Israelis had been known by some members of the tightly knit community of cryptographers for several years, but the results had not been published.

"Some of the smart card manufacturers are well aware of this flaw," said Paul Kocher, an independent Silicon Valley data security consultant. "But it doesn't mean that they have fixed it."