Martin Rich writes:


OK - but that's an issue with whether the police have excessive
powers, not specifically an issue with Oyster.

Oyster is the "enabler" -- without its logging, John Bull can
threaten & demand until the cows come home, and the turnstile
will never talk.

It's far sounder to engineer in the security, than legislate it.

Re-legislation takes only a few minutes, and without much notice,
as just happened here [The Feebees no longer need a warrant to get
your financial records, just a demand.]; re-engineering the system
later to add snooping is far more visible.
--
A host is a host from coast to
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

On Fri, 21 Nov 2003 07:21:05 +0000, Boltar wrote:

"Ernst Lippe" wrote in message ...
Even though there are some possible attacks, in general it is very
difficult to extract those keys from the smart card.

No it isn't. You rip the lid off the chip

Hmm, did you ever tried this with a real smart card?
If you do you will certainly notice that they used some particularly
nasty types of glues. Even for old smart cards, it is pretty difficult
to get at the chips without breaking them. Also several modern chips
have some nasty protection mechanisms, so when even when you are able
to remove the coatings, the chip will simple refuse to work.

and put the EEPROM under
a special microscope. I forget the actual technique used but its been done.

You are probably referring to the work of Ross Anderson and his group
(you can find very interesting links from his personal home page
at http://www.cl.cam.ac.uk/~rja14/).
You should notice that they did not attack a real smart card but only
a standard microprocessor. Also this attack is essentially destructive,
probably you will need a lot of smart cards before you can even break
a single one of them.

There are certainly better techniques known, but they require some
expensive apparatus, and even these techniques won't guarantee 100%
success.

Admittedly its way out of the league of your one man operation but don't
think that professional fraud gangs arn't able to do it.

Even though some criminal organizations have a large resources at their
disposal, I don't think that they will use them to attack smart cards.
It is just a simple matter of economics. The initial investments
are pretty big, you need some highly skilled experts and some pretty
expensive equipment just to break a single smart card. In almost all
smart card systems you don't gain much when you are only able to duplicate
a single smart card, because it will be put on the red list and
you won't be able to really use any of the duplicates.
But even when you are able to make new "cards" (actually, these
new devices probably are not smart cards (it is not at all easy to obtain
a large set of "empty" smart cards), but other microprocessor devices
that pretend that they are smart cards) you still have to make major
investments, like producing these new "cards" and more importantly
you will have to set up an expensive distribution channel. Given
the large financial risks in such an operation, I don't think that
is economically very attractive, even for smart cards that have
high financial values.

Companies always expect the software attack but they never think of the
hardware attack. If you can physcally read the transister/capacitor values
then you can get the data out and given that the memory in most of these
cards is only a few kilobytes this wouldn't take too long. Even encrypting
the data is a waste of time since even if you the fraudster doesn't understand
what he's seeing he can still make an exact copies of it onto operationally
identical hardware (ie duplicate the cards).

Of course whether a duplicated card or any data extracted from it is any
use is another question.
Like I said, duplicating one particular card is hardly ever interesting.

greetings,

Ernst Lippe

"Ernst Lippe" writes:
Even though some criminal organizations have a large resources at
their disposal, I don't think that they will use them to attack
smart cards. It is just a simple matter of economics. The initial
investments are pretty big, you need some highly skilled experts and
some pretty expensive equipment just to break a single smart
card. In almost all smart card systems you don't gain much when you
are only able to duplicate a single smart card, because it will be
put on the red list and you won't be able to really use any of the
duplicates. But even when you are able to make new "cards"
(actually, these new devices probably are not smart cards (it is not
at all easy to obtain a large set of "empty" smart cards), but other
microprocessor devices that pretend that they are smart cards) you
still have to make major investments, like producing these new
"cards" and more importantly you will have to set up an expensive
distribution channel. Given the large financial risks in such an
operation, I don't think that is economically very attractive, even
for smart cards that have high financial values.

check out "yes card" references in the following post/trip report
(last paragraph):
http://www.smartcard.co.uk/resources...artes2002.html
The "yes card" label is supposedly started in the UK press(?)

also mentioned/reference in thread on WYTM (whats your threat model)
http://www.garlic.com/~lynn/aadsm15.htm#25 WYTM?

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

On Sun, 23 Nov 2003 22:21:46 +0000, Anne & Lynn Wheeler wrote:


"Ernst Lippe" writes:
Even though some criminal organizations have a large resources at
their disposal, I don't think that they will use them to attack
smart cards. It is just a simple matter of economics. The initial
investments are pretty big, you need some highly skilled experts and
some pretty expensive equipment just to break a single smart
card. In almost all smart card systems you don't gain much when you
are only able to duplicate a single smart card, because it will be
put on the red list and you won't be able to really use any of the
duplicates. But even when you are able to make new "cards"
(actually, these new devices probably are not smart cards (it is not
at all easy to obtain a large set of "empty" smart cards), but other
microprocessor devices that pretend that they are smart cards) you
still have to make major investments, like producing these new
"cards" and more importantly you will have to set up an expensive
distribution channel. Given the large financial risks in such an
operation, I don't think that is economically very attractive, even
for smart cards that have high financial values.

check out "yes card" references in the following post/trip report
(last paragraph):
http://www.smartcard.co.uk/resources...artes2002.html
The "yes card" label is supposedly started in the UK press(?)

This is not an extremely convincing reference. It has been a very long
time since I looked at the EMV specifications, but as far as I can
tell this is only a threat against cards that use SDA (static data
authentication). Now static data authentication is a very limited
method of card authentication, if I understand it correctly it is just
a public key signature over some static parts of the key contents. (If
mag-stripe cards had sufficient capacity they could also use
SDA). Since every terminal has to be able to read the SDA of the card,
it should be fairly easy to copy. It is not an attack against the
keys of the card itself, but only against some of the contents of the
card that should be easily readable anyhow. It is just an example of
how you can build a not so very secure system with smart cards.

greetings,

Ernst Lippe

Phil Carmody writes:
If these cards are what have been introduced in Espoo/Helsinki/Vantaa
over the last year or so, then the above is theoretical nonsense.
As a regular bus user I can honestly say that the new cards make
embarkation massively slower than the old 'punch-card' tickets.

This is OT, but FWIW the Oysters seem to need about a second of
contact for the gates to open. Once you get used to the timing you
don't have to break your stride.
--
__ Paul Crowley
\/ o\
/\__/ http://www.ciphergoth.org/