Extracting a 3DES key from an IBM 4758

We made the contents of this set of web pages public late in the evening of November 8th 2001. This page was added thereafter to document the reactions of industry and academia; and to record the quite extensive coverage our work received in the media.

Some reactions

The Banks

APACS (the UK Banks trade body) said the IBM 4758 was no longer in use:

"This is a fascinating piece of work, but where it falls down is that the banks have moved on and nowadays PINs are produced randomly and not in relation to an account number".
We're very puzzled by the "no longer in use" remark, since this is usually viewed as the state-of-the-art system. When Newsnight talked to a number of high street banks, several said they were not using this kit and others refused to comment. We do note the remarks about PIN codes; but of course our attack has the potential to steal other keys from the CCA software which might well include keys used to encrypt data transmission.


IBM have now (Nov 16th on the web, but the gist was given to the media on Nov 8th) issued a lengthy statement which comes in several parts. The first part asserts that the attack would not be possible in practice:

"The method of obtaining DES keys is based on an assumption that a trusted insider would be granted access to run programs of his choosing and copy information from the system. Organizations running systems with the sensitive keys assumed in the method are advised by industry standard practices to take steps which would thwart the described method. Further, IBM has indicated in its publications that users must take precautions when using services central to the method. IBM believes that the method would be infeasible in realistic system implementations."
ie: the attack works and the multiple locks on the cryptoprocessor can be circumvented. However, IBM assume that there will be multiple locks on the doors to the room it is kept in.

In the second part of the statement IBM say:

"FIPS 140-1 Level 3 and level 4 certification of the IBM 4758 PCI Cryptographic Coprocessor remains unaffected by the methods described, and the ability to install appropriate software enhancements to the Coprocessor remains secure."
ie: the attack does not compromise the 4758 per se, but the code running on it. We agree.

And in the final part they recommend disabling the Key-Part-Import service and using public-key techniques to introduce clear keys. They also note that users of the CCA software on other platforms (such as the IBM eServer zSeries, iSeries, pSeries and xSeries) should also be disabling this service.

Version 2.41 of the CCA was made available on 5th February 2002 from IBM's website at http://www-3.ibm.com/security/cryptocards/html/release241.shtml . Version 2.41 includes fixes specifically designed to prevent the attack described on this website, and some of the related weaknesses described in Mike Bond's paper "Attacks on Cryptoprocessor Transaction Sets".

  • The major modification to the transaction set is the separation of duty between confidentiality and integrity assurance for clear loading of symmetric keys. The old modes of operation for Key_Part_Import were FIRST, MIDDLE, and LAST. New modes of operation ADD and COMPLETE have been created. The party responsible for testing the integrity of a key (using Key_Test) can now use the COMPLETE mode, which does not permit modification of the key being tested.
  • Several changes have been made to the semantics of Key_Part_Import, and the symmetric key inport and export commands to prevent type changes between replicate and non-replicate keys during import, and to prevent export of non-replicate keys under replicate keys.
  • Extra access control points have been created which disable the fixes in order to permit upgrade to version 2.41 for reasons other than security.
The CCA is a much safer product now that no single individual can damage the integrity of the key material. The attack described on this website was based purely on specification level faults. Note that some of the security-related fixes in release 2.41 relate to implementation faults; these have no direct connection with the attacks described on this site, but presumably came to light as a consequence of the closer examination of the CCA code that followed the publicity.

The 4758 team

The people who designed and built the 4758 hardware have not been terribly amused by our work, or at least the way in which it has ended up being reported. Of course we didn't crack their part of the system at all, and we remain impressed by the tamper-resistance of the hardware and firmware. What failed was the CCA financial software, which predates the 4758, though it is provided for free along with it. What's also failed, in our view, is the way in which the lack of validation for CCA is hidden by the marketing spin for the FIPS validation of the hardware and firmware. We think you have to be a very knowledgable purchaser to understand what you have and have not bought.

There's various comments in the Slashdot discussion which are relevant to this; and also see Sean Smith's views (his name is on many of the academic papers). We've also tried to fix the factual errors he spotted in our webpages. http://www.cs.dartmouth.edu/~pkilab/4758.shtml

The security community

A good way to track IBM's future progress in tackling this issue will be via Bugtraq "IBM CCA 3DES Exporter Key Generation Weakness"

How our work appears in the media

The extremely helpful people in the Cambridge University Press Office helped us create this press release. They also mentioned the story to BBC2's Newsnight programme and their science editor Susan Watts came to Cambridge to film Mike Bond talking about what we had done. The film was broadcast on Thursday 8th November at about 22:50 (it was to have been the first story, but the Scottish First Minister decided to resign, which was clearly a more important story. Richard Clayton was interviewed from Brussels (where he happened to be working that week). Anyone who watched has now joined the rare group of people who have seen him wearing a tie.

Not to be outdone by Richard, Mike appeared as the lead 6pm news story on local television, was interviewed live on national radio to be heard by five million people (Johnny Walker show, Radio 2), appeared on various local radio stations in the UK and even made it onto Radio CNET which is broadcast to listeners in Silicon Valley and across the world on the Internet.

Many newspapers and magazines carried the story:

There were various radio & TV appearances:

  • Newsnight, BBC2, 8 NOV 2001. Mike Bond on film; Richard Clayton interviewed live.
  • Six o'clock News, Anglia TV (ITV1), 9 NOV 2001, lead story! Mike Bond interview.
  • Star 107.9 Radio, Cambridge local radio, 9 NOV 2001, Mike Bond interview progressively aired 4pm onwards.
  • Drivetime Show, BBC Radio London, 9 NOV 2001, Mike Bond live interview.
  • Johnny Walker Show, BBC Radio 2, 9 NOV 2001, Mike Bond live interview.
  • CNET Radio, Silicon Valley (& the web), 9 NOV 2001, Mike Bond live interview.
  • BBC Radio 1, news programmes, extracts from Newsnight used on the 9th November.

and we also appeared in many web based publications:

and chat areas:

... and we even made it onto: the University's front page and into the local student paper 'Varsity'!

Back to main page

last modified 19 NOV 2001 -- http://www.cl.cam.ac.uk/~rnc1/descrack/reaction.html