Extracting a 3DES key from an IBM 4758
We made the contents of this set of web pages public late in the evening of November 8th 2001. This page was added thereafter to document the reactions of industry and academia; and to record the quite extensive coverage our work received in the media.
APACS (the UK Banks trade body) said the IBM 4758 was no longer in use:
"This is a fascinating piece of work, but where it falls down is that the banks have moved on and nowadays PINs are produced randomly and not in relation to an account number".
We're very puzzled by the "no longer in use" remark, since this is usually viewed as the state-of-the-art system. When Newsnight talked to a number of high street banks, several said they were not using this kit and others refused to comment. We do note the remarks about PIN codes; but of course our attack has the potential to steal other keys from the CCA software which might well include keys used to encrypt data transmission.
IBM have now (Nov 16th on the web, but the gist was given to the media on Nov 8th) issued a lengthy statement which comes in several parts. The first part asserts that the attack would not be possible in practice:
"The method of obtaining DES keys is based on an assumption that a trusted insider would be granted access to run programs of his choosing and copy information from the system. Organizations running systems with the sensitive keys assumed in the method are advised by industry standard practices to take steps which would thwart the described method. Further, IBM has indicated in its publications that users must take precautions when using services central to the method. IBM believes that the method would be infeasible in realistic system implementations."
ie: the attack works and the multiple locks on the cryptoprocessor can be circumvented. However, IBM assume that there will be multiple locks on the doors to the room it is kept in.
In the second part of the statement IBM say:
"FIPS 140-1 Level 3 and level 4 certification of the IBM 4758 PCI Cryptographic Coprocessor remains unaffected by the methods described, and the ability to install appropriate software enhancements to the Coprocessor remains secure."
ie: the attack does not compromise the 4758 per se, but the code running on it. We agree.
And in the final part they recommend disabling the Key-Part-Import service and using public-key techniques to introduce clear keys. They also note that users of the CCA software on other platforms (such as the IBM eServer zSeries, iSeries, pSeries and xSeries) should also be disabling this service.
Version 2.41 of the CCA was made available on 5th February 2002 from IBM's website at http://www-3.ibm.com/security/cryptocards/html/release241.shtml . Version 2.41 includes fixes specifically designed to prevent the attack described on this website, and some of the related weaknesses described in Mike Bond's paper "Attacks on Cryptoprocessor Transaction Sets".
The 4758 team
The people who designed and built the 4758 hardware have not been terribly amused by our work, or at least the way in which it has ended up being reported. Of course we didn't crack their part of the system at all, and we remain impressed by the tamper-resistance of the hardware and firmware. What failed was the CCA financial software, which predates the 4758, though it is provided for free along with it. What's also failed, in our view, is the way in which the lack of validation for CCA is hidden by the marketing spin for the FIPS validation of the hardware and firmware. We think you have to be a very knowledgable purchaser to understand what you have and have not bought.
There's various comments in the Slashdot discussion which are relevant to this; and also see Sean Smith's views (his name is on many of the academic papers). We've also tried to fix the factual errors he spotted in our webpages. http://www.cs.dartmouth.edu/~pkilab/4758.shtml
The security community
A good way to track IBM's future progress in tackling this issue will be via Bugtraq "IBM CCA 3DES Exporter Key Generation Weakness"
How our work appears in the media
The extremely helpful people in the Cambridge University Press Office helped us create this press release. They also mentioned the story to BBC2's Newsnight programme and their science editor Susan Watts came to Cambridge to film Mike Bond talking about what we had done. The film was broadcast on Thursday 8th November at about 22:50 (it was to have been the first story, but the Scottish First Minister decided to resign, which was clearly a more important story. Richard Clayton was interviewed from Brussels (where he happened to be working that week). Anyone who watched has now joined the rare group of people who have seen him wearing a tie.
Not to be outdone by Richard, Mike appeared as the lead 6pm news story on local television, was interviewed live on national radio to be heard by five million people (Johnny Walker show, Radio 2), appeared on various local radio stations in the UK and even made it onto Radio CNET which is broadcast to listeners in Silicon Valley and across the world on the Internet.
Many newspapers and magazines carried the story:
There were various radio & TV appearances:
and we also appeared in many web based publications:
and chat areas: