Feeds

Research signals safer smart cards

New class of attacks

  • alert
  • submit to reddit

Remote control for virtualized desktops

ComputerWire: IT Industry Intelligence

Cryptography Research Inc, the company behind the design of the SSL v3.0 protocol that is used to secure transactions on the world wide web, claims to have discovered a new class of attacks that could be used by hackers to extract secret keys and information from smart cards and secure cryptographic tokens.

Known as Differential Power Analysis (DPA), the San Francisco, California-based company says it could be a serious issue affecting smart cards and many other supposedly tamper-resistant hardware devices.

DPA is said to exploit characteristic behaviors of transistor logic gates and software running on many of today's smart cards. DPA eavesdrops on the fluctuating electrical power consumption of the microprocessors at the heart of these devices. An attack is performed by monitoring electrical activity and then applying statistical methods to determine secret information, such as secret keys and user PINs that are held on the device. Current generation smart cards are said to be especially vulnerable because of their small size and minimal shielding.

Although DPA attacks require a high level of technical skill in several fields to implement, they can be performed using a few thousand dollars of standard equipment. CRI maintains that once perfected, the technique can be used to break a device in a few hours or less. DPA attacks can then be automated.

Unsurprisingly, the company claims to be one step ahead with a workstation system that will defend against this new class of attacks by testing power-related security vulnerabilities. Cryptography Research provides a variety of design and research services to Visa International, Mondex, Netscape, Microsoft and Intuit.

The market for smart cards surged in the six months ending June 2002, with shipments to the US and Canada exceeding 31 million cards, more than double that for the year-ago period.

© ComputerWire

Intelligent flash storage arrays

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.