EmbeddedRelated.com
Forums
   Forums    More Forums    comp.arch.embedded  

Hard to clone Micros.

Started by Guy Macon June 10, 2005
Reply by Rafael Deliano June 29, 20052005-06-29
> ..and, of course, the attacker can buy ten or a hundred of the
> devices and test them in parallel.

If every one has a different key ? 

Anyway: if he has taken one secure module out of an ATM he has 
only one module.

MfG  JRD
Reply by Unbeliever June 29, 20052005-06-29
"Rafael Deliano" <Rafael_Deliano@t-online.de> wrote in message
news:42C2AFFF.D72E036C@t-online.de...

> >> Its not very clear how long ( typical & worst case )
> > Read the paper more carefully. ...  About 7.5 days
> > worst case (say half that on average).
> And on which page of the report is that number ?
>
> MfG  JRD


Sorry, the first number two numbers 2500 attempts and 300 attempts per
second are from the paper, the numbers after "say" and "might" are my
conservative (as the author says the process speeds up, though I can't quite
see how) extrapolations.

Cheers,
Alf.
Reply by Rafael Deliano June 30, 20052005-06-30
> "The details will be presented in a separate publication, ..."


Kuhn "Cipher Instruction Search Attack on the Bus-Encryption
      Security Microcontroller DS5002FP" IEEE Trans. Comp. Oct 1998

http://www3.informatik.uni-erlangen.de/Publications/Articles/kuhn_ToC.pdf

"After only a few hours preparation the author was able to extract 
the protected software from a DS5002FP Rev A based demonstration system 
that Peter Drescher from the German Information Security Agency (BSI) 
built as a challenge in July 1996"

Seems it actually worked. 

MfG  JRD
Reply by Uwe Hercksen June 30, 20052005-06-30

Guy Macon schrieb:

> 
> Thanks!  Alas, I don't speak German; does the paper say whether
> they were able to extract the entire contents, and if so how long
> it took to do so?


Hello,

here are some more publications in English:
http://www.cl.cam.ac.uk/~mgk25/publications.html

May be you will find the information here:

*  Markus G. Kuhn: Cipher Instruction Search Attack on the 
Bus-Encryption Security Microcontroller DS5002FP. IEEE Transactions on 
Computers, Vol. 47, No. 10, October 1998, pp. 1153-1157, ISSN 0018-9340.

# Ross J. Anderson, Markus G. Kuhn: Tamper Resistance -- a Cautionary 
Note, The Second USENIX Workshop on Electronic Commerce Proceedings, 
Oakland, California, November 18-21, 1996, pp. 1-11, ISBN 1-880446-83-9.

# Ross J. Anderson, Markus G. Kuhn: Low Cost Attacks on Tamper Resistant 
Devices, in M. Lomas et al. (ed.): Security Protocols, 5th International 
Workshop, Paris, France, April 7-9, 1997, Proceedings, LNCS 1361, 
Springer-Verlag, pp. 125-136, ISBN 3-540-64040-1.

Bye
Reply by Unbeliever June 30, 20052005-06-30
"Rafael Deliano" <Rafael_Deliano@t-online.de> wrote in message
news:42C302E4.9E2F0F0A@t-online.de...

> > ..and, of course, the attacker can buy ten or a hundred of the
> > devices and test them in parallel.
> If every one has a different key ?

I think you're right, parallel testing is unlikely to work.


>
> Anyway: if he has taken one secure module out of an ATM he has
> only one module.

Or, in the context of my original question, he has the capability to clone
ATMs and sell as many ATMs as he wants in markets that are not as particular
about copyrights as yous and mine.

Cheers,
Alf.
You might also like... (promoted content)
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!