Förderverein Informationstechnik und Gesellschaft

Smartcard Hardware Tampering Paper

------- Forwarded Message Follows -------
To:  ,
Subject:       Smartcard Hardware Tampering Paper
Date:          Thu, 27 May 1999 17:10:01 +0100
From:          Markus Kuhn <>

Research Announcement

We recently published the following paper, which should be of great
interest to anyone concerned about smartcard hardware security:

  Oliver Kömmerling, Markus G. Kuhn: Design Principles for
  Tamper-Resistant Smartcard Processors. Proceedings of the
  USENIX Workshop on Smartcard Technology (Smartcard '99),
  Chicago, Illinois, USA, May 10-11, 1999, USENIX Association,
  pp. 9-20, ISBN 1-880446-34-0. 

(This work received the "USENIX Association Best Student Paper

Various non-invasive cryptanalysis techniques against smartcards,
which have been publicised as "Differential Fault Analysis",
"Differential Power Analysis", etc., have received considerable
attention recently. However, these are not the attack techniques that
have been used by pirates to break practically all types of smartcard
processors that are fielded in millions of conditional-access systems.
We show in our paper how invasive microprobing techniques are a far
more powerful and universally applicable threat to smartcard security,
which processor architecture elements simplify attacks significantly,
and what designers could quite easily do to make it more difficult.

Unlike fault and current analysis techniques, microprobing attacks do
not depend on any prior knowledge or guessing of the implemented
cryptographic algorithms. Microprobing gives the attacker not only
access to cryptographic keys, but also leads to full disassembler
listings of the extracted security software. Availability of the full
smartcard software then often allows the design of fast and simple
non-invasive glitch and current analysis attacks, which -- unlike
DPA-style attacks -- do not require many hundred seconds of protocol
interactions. Such very fast non-invasive attacks can then be
performed inconspicuously in a Trojan card terminal together with a
normal transaction and without giving the card holder a chance to
notice them. They form a serious additional threat over microprobing
even for applications such as digital signature and banking cards,
which do not rely on global keys stored in the card. Microprobing
attacks can be carried out by skilled technicians starting with an
investment of little more than ten thousand euros and they can then be
repeated at rather low cost.

Our paper not only describes the range of attack techniques that have
been used in the past to break numerous commercially fielded security
systems. We also suggest a number of lowest-cost countermeasures that
will help to make many of these attacks considerably more challenging
to perform. Some of these we believe to be new, while others have
already been implemented in products but are either not widely used or
the implementations we found had design flaws that allowed us to
circumvent them more easily than would have been necessary.

Online version of the paper:

Presentation slides with more photos:

[Important note to avoid misunderstandings: Our paper does *not*
provide any comparative evaluation of the security mechanisms of
specific products and it should not be quoted to that effect. We
present a few interesting vulnerabilities in the security mechanisms
of one commercial smartcard processor that we named. This processor is
of particular interest primarily, because it features comparatively
advanced security features not found in most other products. The
reader should understand that in spite of the vulnerabilities that we
outline, unmentioned competing products are not necessarily more
secure. Indeed, many of them do not have these advanced security
mechanisms implemented and are easier to break. Much easier.]

Markus Kuhn