|
|
SIM Cards Can Be Hacked in Just a Couple of Minutes
IBM Research says that it has discovered a new vulnerability in GSM SIM cards, and has developed technologies to protect them from hacker attacks. The IBM Research team is the first one to illustrate a new class of side-channel attacks, called partitioning attacks, which extract secret key information from SIM cards by monitoring side-channels, such as power consumption and electromagnetic (EM) emanations. The attack can get the key information within minutes. This is much easier than either breaking the cryptographic algorithms used by the card or using intrusive attacks to extract the key from the microchip. The team has also developed a new technique to protect SIM cards from such attacks.
"This is significant development for secure mobile commerce and preventing loss of business revenue or money for companies and individuals," says Charles Palmer, department group manager of Security, Privacy and Cryptography at IBM Research. "Currently GSM phones are being augmented and deployed with SIM application toolkits that enable applications such as phone banking and stock transactions. In all these situations, the personalization information is saved on the SIM card. If these toolkits are not designed carefully to protect against attacks, including partitioning attacks, then it is possible for a hacker to duplicate the information on the card and essentially be you."
Scientists have known for some time that by looking at the side channels such as power consumption and the EM emanations from a computing device, one can derive some information about its internal workings. Many chip cards which perform cryptographic algorithms are designed to resist such information leakage. SIM cards deployed in many GSM networks use the COMP128 cryptographic algorithms or its derivatives for user identification and for achieving communications and transaction security.
The IBM Research team discovered a new way to quickly extract the COMP128 keys in SIM cards using side channels in spite of existing protections. The COMP128 algorithm requires the lookup of large tables, which can only be achieved in a complicated way on simple devices such as SIM cards leaking a lot of sensitive information into the side channels. The attack can be easily accomplished by making the card perform the algorithm just seven times with the unknown key. A hacker, who has possession of a SIM card for a minute, can easily extract the full 128-bit key. The previously best technique to attack GSM SIM cards was to employ a cryptanalytic attack on the COMP128 algorithm with 150,000 invocations, which required access to a SIM card for minimum eight hours.
It is worth emphasizing that the hacker has to be in possession of the SIM card - they cannot (currently) just scan the card remotely. This naturally substantially reduces the risks associated with this problem, as the hacker would probably have to steal the handset to gain access to the SIM card, and the network would probably block the SIM identity anyway once it is reported stolen, thus blocking the cloned SIM as well.
IBM Research has developed a new technique to protect table lookup operations from side channel attacks. Table lookup operations are an integral part of most cryptographic algorithms used in practice. A table lookup operation consults a table in computer memory to retrieve a value stored in a particular location. The researchers designed a technique to replace a single table lookup operation, leaking information on the retrieved value in the side channel, with a sequence of table lookups at completely random locations, which leaks no information. This replacement is achieved by using a small randomly generated ancillary table. The side channel information is substantially degraded and is of no use to a hacker. Since the proposed technique uses little RAM for the ancillary table, it can be easily applied to protect a variety of memory constrained devices, including cell phones, against such side-channel attacks.
The technical paper on this work, "Partitioning Attacks: Or how to rapidly clone some GSM cards" by Josyula R Rao, Pankaj Rohatgi, Helmut Scherzer and Stefan Tinguely will be presented during the IEEE Symposium on Security and Privacy, which will be held in Oakland, California on May 12-15.'"
Posted to the site on 8th May 2002