No Kray needed to crack crypto code

Cambridge University researchers claim to have uncovered a serious weakness in the security systems that protect many banking and E-commerce transactions.

Michael Bond and Richard Clayton, two PhD students at the University of Cambridge’s Computer Laboratory, used specially developed hardware and software to access the encryption keys which prevent eavesdroppers from listening in to sensitive information such as credit card numbers or cash machine PINs.

The encryption keys are held on devices called cryptoprocessors. The physical security of these devices is validated by a US government agency but their software is not. Bond and Clayton believe that urgent remedial action is needed to improve security.

‘The computer companies which manufacture cryptoprocessors are going to have to go back to their drawing boards – their software looks plausibly secure but it’s not,’ says Bond.

‘We’ve changed the threat model by several orders of magnitude,’ says Richard Clayton. ‘A crooked bank manager could duplicate our work on a Monday and be off to Bermuda by Wednesday afternoon.’

Cryptoprocessors use the Data Encryption Standard (DES) to encrypt computer data – scrambling it in a complex manner so that only people who know the key can descramble it. The cryptoprocessors are designed to destroy the encryption keys if they are tampered with physically.

The weaknesses uncovered by Bond and Clayton are in the cryptoprocessors’ Application Programming Interface (API), the software toolset for handling encryption keys. Bond has developed a series of ‘API attacks’ which manipulate the software to access keys that are only weakly protected.

Bond’s attacks were mainly theoretical until he teamed up with fellow researcher Richard Clayton. Clayton had been building some specialist hardware to crack encryption keys by targeting the DES encryption system.

Clayton’s device, built with an off-the-shelf kit, worked by the brute force method of trying all possibilities. It checked 33 million keys a second, but would still have taken almost 70 years to be sure of finding a key. However, Bond’s method sped this up by attacking 16,384 keys at the same time, reducing the cracking time to just a single day.

By combining their techniques Bond and Clayton were able to extract ultra-secure ‘Triple DES’ keys from an IBM 4758 cryptoprocessor which had previously been thought to be invulnerable. In process, they became only the second group to announce cracking a DES key by a brute force hardware device, at a fraction of the cost and time of the previous effort.

Full details of the attack, along with copies of the programs used can be found on the web at: http://www.cl.cam.ac.uk/~rnc1/descrack/