Attack of the [phone] clones (fwd: The Register)

martin.hepworth@hushmail.com martin.hepworth at hushmail.com
Mon, 13 May 2002 08:26:26 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Ross

Look like yahoo (and /.) already have this info...

- --
Martin

On Thu, 09 May 2002 23:14:20 +0100, ukcrypto@chiark.greenend.org.uk wrote:
>
>IBM's attack will be presented at the Oakland conference at 10 in the
>morning next Monday. At about 5 in the afternoon, I'll be describing a
>technology we've developed that stops this sort of attack dead. The
>paper already appeared in April at Async 2002, where it won the best
>presentation award.
>
>Our basic idea is that many types of attack, that exploit side
>channels or utilise fault induction of various kinds, can be blocked
>by implementing the smartcard CPU using redundant logic. Instead of a
>wire being High or Low to signal 1 or 0, we use HL to signal 1, LH to
>signal 0 and HH to signal ALARM. We also make the logic asynchronous
>and do one or two other things.
>
>One reason to go for a general and principled solution rather than an
>ad-hoc countermeasure is that, over the last few years, the measures
>taken in hardware and software to block all the power attacks, glitch
>attacks and so on have become an unmanageable mess. They can take up a
>third of the CPU real estate and a quarter of the software library.
>They are increasingly fragile in that small changes to either hardware
>or software can cause apparently unrelated protection mechanisms to
>fail. The cost, of space and performance, goes up constantly. It's the
>security equivalent of spaghetti COBOL. Eventually you have to step
>back, figure out what you're actually trying to do, and redevelop.
>
>The paper's at http://www.cl.cam.ac.uk/ftp/users/rja14/async2002paperV2.ps
>and the extra material I'm announcing on Monday consists essentially of
>test results, which are good. We've run the same code on a traditional
>CPU and on the new secure one, side-by-side on the same test chip; the
>correlation between power and data is visible clearly in the traces
>from the first CPU and not at all in those from the second.
>
>Ross
>
>PS: We're also announcing some new attack techniques that are easy to
>implement and widely applicable. A paper will appear on my web site
>once I get back from the conference, i.e. about 0300 GMT Tuesday
>
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmQEARECACQFAjzf24UdHG1hcnRpbi5oZXB3b3J0aEBodXNobWFpbC5jb20ACgkQ4AVx
B9lKztOheACgk2DMchN3Fhfk7uc+dYuoPsuLWiUAoK2S45rlPiAYA8TR1XNcYh9AMBAe
=vG4i
-----END PGP SIGNATURE-----