[NEWS] Extracting a 3DES Key from an IBM 4758

From: support@securiteam.com
Date: 11/13/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [NEWS] Extracting a 3DES Key from an IBM 4758
Message-Id: <20011113195140.D261B138BF@mail.der-keiler.de>
Date: Tue, 13 Nov 2001 20:51:40 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Extracting a 3DES Key from an IBM 4758
------------------------------------------------------------------------

SUMMARY

The <http://www-3.ibm.com/security/cryptocards/> IBM 4758 is an extremely
secure cryptographic co-processor. It is used by banking systems and in
other security conscious applications to hold keying material. It is
designed to make it impossible to extract this keying material unless you
have the correct permissions and can involve others in a conspiracy. An
interesting research now shows how to extract the encryption key from this
co-processor, which is commonly used in ATMs.

DETAILS

It is possible, by a mixture of sleight-of-hand and raw processing power,
to persuade an IBM 4758 running IBM's ATM (cash machine) support software
called the "Common Cryptographic Architecture" (CCA) to export any and all
its DES and 3DES keys to us. All we need is:

 * About 20 minutes uninterrupted access to the device
 * One person's ability to use the Combine_Key_Parts permission
 * A standard off-the-shelf $995 FPGA evaluation board from Altera
 * About two days of "cracking" time

The attack can only be performed by an insider with physical access to the
cryptographic co-processor, but they can act alone. The FPGA evaluation
board is used as a "brute force key cracking" machine. Programming this is
a reasonably straightforward task that does not require specialist
hardware design knowledge. Since the board is pre-built and comes with all
the necessary connectors and tools, it is entirely suitable for amateur
use.

Besides being the first documented attack on the IBM 4758 to be run "in
anger", we believe that this is only the second DES cracking machine in
the open community that has actually been built and then used to find an
unknown key!

Until IBM fixes the CCA software to prevent this attack, banks are
vulnerable to a dishonest branch manager whose teenager has $995 and a few
hours to spend in duplicating the work.

The complete guide can be found at:
 <http://www.cl.cam.ac.uk/~rnc1/descrack/>
http://www.cl.cam.ac.uk/~rnc1/descrack/

ADDITIONAL INFORMATION

The information has been provided by <http://www.cl.cam.ac.uk/~mkb23/>
Mike Bond and <http://www.cl.cam.ac.uk/~rnc1/> Richard Clayton.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages