Extracting a 3DES key from an IBM 4758
Part 7: Who are we ?
We are two research students in our second year of a PhD course
Security Research Group
PhD thesis will be on cryptoprocessor APIs. He invented this
attack on the IBM 4758. It is related to, but not the same as a number of
attacks that were described in
his CHES 2001 paper.
Readers may also be interested in a more general paper co-written with
Dr Ross Anderson
edition of IEEE Computer magazine.
Richard Clayton's PhD will be on
an unrelated topic, which will draw upon his many years in the ISP industry.
He worked on this particular project just for fun! His contribution was the
FPGA design that was used in the attack. Using hardware is very much
faster then using programs on general purpose computers. It means that
the attack can be mounted for $995 in two days, rather than requiring
a $3000 high speed PC for two months.
Richard's web page that collects together a whole heap of information
on brute force attacks on crypto systems -- and on DES in particular
can be found
At an earlier stage of this project, when we were considering this
attack, but many details were still to be settled, we gave a talk
as part of the
Security Group Seminar Series.
The slides from this talk can be found
We'd like to acknowledge the generosity of
the FPGA board used in this project for free. We'd also like to thank
for their helpful comments and encouragement throughout.
Finally, if anyone has access to an IBM 4758 in a real world
application (the more valuable the data it's transferring the
better) we'd be delighted to have the opportunity to run our attack
"for real" :-)
Next part: Do It Yourself !
Previous part: Some real results
Back to main page
last modified 29 OCT 2001 -- http://www.cl.cam.ac.uk/~rnc1/descrack/whoarewe.html