Cryptographers David Oswald and Christof Parr published a great paper at this week’s CHES 2011 conference, "Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World." In this paper, they used differential power analysis to break the DESFire contactless smartcard. It builds upon previous work published in CHES 2002 on Template Analysis, a machine learning technique.
The paper is important because it uses both known techniques of power-consumption analysis and template analysis as a machine-learning technique to create a real-world break on a smartcard that is actually in use. That DESFire chip is used in railway systems in the Czech Republic, Australia, and San Francisco.
The DESfire chip is almost at the end of its life; its manufacturer, NXP, has said that they are discontinuing the chip at the end of the year and recommend upgrading to a newer chip that doesn’t have this problem.
If you’re an Entrust customer using our contactless smartcards, there’s no need to worry. The smart cards we are using are from NXP, but a completely different chip, the P5CD081, which has Differential Power Analysis (DPA) protections built in. That chip has also been evaluated under Common Criteria to a level of EAL 5+. Its Security Target is also available on the web.
If you are unfamiliar with Differential Power Analysis, it is a mechanism to look into the processing of a computer by examining the power that it draws, and inferring what it is doing through how much power the chip draws. As a simplified example, it takes more power to add a 1 to a number than a 0. By examining what the chip is doing many times and using statistics, the attacker can learn the values of stored secrets.
Contactless smartcards are harder to do this on than others because a magnetic field both powers the card and serves as its communications link. And just as there are ways to learn the smartcard’s secrets, there are ways to protect against these attacks.
However, these cards that protect against the power attacks are more expensive than simpler ones. That’s the real reason why these cheap cards, such as the ones used as fancy subway tokens, lag behind the more sophisticated cards that Entrust uses for authentication.
This new attack is impressive because it brings together a lot of pieces that have been described over the last decade into an effective attack. But it is also happening just as those older cards were reaching the end of their life. The lesson here is to balance cost and security, and upgrade when the new technology gets cheaper.