France braces for smart card fraud onslaught
It's out, how much will it cost, how fast can we upgrade?
Fear of consumer having their bank accounts debited via fraudulent smart card transactions has gripped France, but the potential victims of the cracking of the security code would be the French banks, and not individuals. Nevertheless, Gallic pride in the "puce" - or flea, as the French call the chips in their smart card - has been damaged by Serge Humpich's proof that the system was not "inviolate and inviolable", as was being claimed. Last night Roland Moreno, the French smart card inventor, offered a million francs to anyone who could get the code from three cards and a smart card reader. Moreno formulated the conditions of his challenge carefully, in an attempt to keep public confidence in the system, but he has had to admit that it is possible to crack the 320-bit (96-digit) RSI key and to make a fraudulent card that could be accepted by smart-card readers. Humpich says he did not post the key he cracked three years ago, and which appeared anonymously earlier this month in fr.misc.cryptologie - and which is now of course in many other sites. Fraudsters will only need to buy a smart-card reader (less than $400) and acquire a little knowledge, and they are potentially in business producing cards acceptable to any smart-card vending machine not permanently online to a bank computer. Authentication for smaller transactions is carried out by the smart-card reader, with the user keying-in a four digit PIN. Fraudulent cards could only be used for smaller purchases where there is no online or telephone authorisation. It has been suggested that not all ATM machines are directly connected to bank computers, so they could also be vulnerable. Other targets are likely to be petrol and railway ticket purchases, where data is transmitted to a central computer from the vending machine only once a day. It seems only a matter of time before French phone cards (télécartes) are compromised as well: bank cards can be used in telephone boxes in France. Jean-Louis Desvignes, head of the computer security branch of the Défence Nationale confirmed that "the banks must launch a wide-ranging action to improve the security of smart cards, which could imply replacing millions of smart card readers". Desvignes claims that bank card fraud in France is at the 0.02 per cent level, compared with 3-4 per cent in the US for magnetic stripe cards. The next generation of smart cards will be able to use a 2048-bit code, according to a French manufacturer, but its claim that this would give protection for "hundreds of years" is disputed by Paul Zimmermann, a mathematician at the Institut de Recherche en Information et en Automatique, who suggests that by 2023 such keys could be cracked. Robert Harley of INRIA noted that it now only takes a few days of computer time to factor the 320-bit code. The Groupement des Cartes Bancaires is in denial that its security is compromised, but the security claim now leans on the difficulty of faking the hologram, which only has some value in face-to-face transactions. The cards are of course widely used in Europe, with some 200 banks relying on the security integrity. All security experts are scornful at the arrogance of GCB in maintaining that security methods appropriate in 1980 could still be appropriate today. There is a move under way to use longer codes, but it may be too late to prevent fraud on a massive scale. The security problem does not affect the British and US magnetic stripe cards. There can sometimes be difficulties using such cards in France, and wise travellers are geared up to tell the merchant to telephone the authorisation centre to get the card accepted if it could not be read by the smart-card reader. It isn't yet meltdown time for the banks, but it could be later this year. They will presumably wait to see whether the anticipated wave of fraudulent card use becomes serious enough to make it essential to replace the POS machines earlier than planned. It could cost up to $5 billion, it has been estimated, to introduce a new generation of 2048-bit smart cards, but it would take time to manufacture and install the readers and to distribute the 34 million cards in use in France. As long ago as 1983, it was suggested that the 96-digit code used in smart cards was not long enough, and that larger composite integers should be used. Cracking the RSA code (named after MIT researchers Rivest, Shamir & Adleman) is not exactly easy. We reported in The Register last August how an international effort co-ordinated by Herman te Riele at the Centrum voor Wiskunde en Informatica (National Research Institute for Mathematics and Computer Science) in Amsterdam broke the 512-bit RSA using distributed computing power. Humpich apparently used algorithms derived from a polynomial quadratic sieve for his 320-bit crack, and made the mistake of telling GCB. In a flash, his phone was tapped and he was fired from his job. He now acts as a consultant to Sony, designing digital video security devices, pending an appeal against his suspended prison sentence. ® Related stories: French credit card hacker convicted RSA-155 code cracked