Sensitive information stored on a smart card microprocessor can be revealed with a flash of light, say UK researchers.
Sergei Skorobogatov and Ross Anderson of Cambridge University have discovered that firing light from an ordinary camera flash at parts of a smart card microchip can assist an attacker in determining the sensitive information stored on the card. This might include, for example, the cryptographic key used to gain access to a building or to secure internet transactions.
In contrast to previous methods of cracking the cards, the researchers say this type of attack can be performed cheaply using off-the-shelf equipment.
The attack is described as “semi-invasive” as the researchers only removed part of a chip’s protective covering. The light from an ordinary camera flash was then focused using a microscope on particular parts of a smart card’s microprocessor.
Advertisement
Flipping bits
This ionises the silicon and “flips” the individual bits stored on different parts of the card allowing data stored on the card to be probed and altered. An ordinary smart card reader is used to monitor the process. Skorobogatov says the technique could in theory be used to reset a smart card’s password to a known value, so that it gives up the rest of its secure information.
The research will be presented at the 2002 Institute of Electrical and Electronics Engineers (IEEE) Symposium on Security and Privacy in a paper entitled Optical fault induction attacks.
Another group at Cambridge University has developed a microchip design that could protect against the attack and this work will be presented at the same conference.
The team, led by Simon Moore, has designed a more complex “asynchronous” microprocessor that would not respond in the same way to light interference. Moore says: “No single point of failure will result in information being leaked.”
