TUCoPS :: Crypto :: ibm4758c.htm

Cracking the IBM 4758 Crypto Co-Processor
12th Nov 2001 [SBWID-4850]
COMMAND

	IBM 4758

SYSTEMS AFFECTED

	IBM 4758

PROBLEM

	As published  on  SecurityFocus  (http://www.securityfocus.com),  Aleph1
	found following :
	

	The IBM 4758 is an extremely secure  crytographic  co-processor.  It  is
	used by banking systems and in other security conscious applications  to
	hold keying material. It is designed to make it  impossible  to  extract
	this keying material unless you have the  correct  permissions  and  can
	involve others in a conspiracy.
	

	We are able, by a mixture of sleight-of-hand and raw  processing  power,
	to persuade an IBM  4758  running  IBM\'s  ATM  (cash  machine)  support
	software called  the  \"Common  Cryptographic  Architecture\"  (CCA)  to
	export any and all its DES and 3DES keys to us. All we need is:
	

	* about 20 minutes uninterrupted access to the device  *  one  person\'s
	ability  to  use  the  Combine_Key_Parts   permission   *   a   standard
	off-the-shelf $995 FPGA evaluation board from Altera *  about  two  days
	of \"cracking\" time
	

	The attack can only be performed by an insider with physical  access  to
	the cryptographic  co-processor,  but  they  can  act  alone.  The  FPGA
	evaluation board is used as a  \"brute  force  key  cracking\"  machine.
	Programming this is a reasonably  straightforward  task  that  does  not
	require  specialist  hardware  design  knowledge.  Since  the  board  is
	pre-built and comes with all the necessary connectors and tools,  it  is
	entirely suitable for amateur use.
	

	Besides being the first documented attack on the  IBM  4758  to  be  run
	\"in anger\", we believe that this  is  only  the  second  DES  cracking
	machine in the open community that has  actually  been  built  and  then
	used to find an unknown key!
	

	Until IBM fix  the  CCA  software  to  prevent  our  attack,  banks  are
	vulnerable to a dishonest branch manager whose teenager has $995  and  a
	few hours to spend in duplicating our work.
	

	

	http://www.cl.cam.ac.uk/~rnc1/descrack/

	

SOLUTION

	 Update 

	 ======

	

	Todd Arnold added :
	

	the exposure described was fixed by IBM,  to  the  satisfaction  of  the
	Cambridge researchers, as mentioned on their web page at
	

	http://www.cl.cam.ac.uk/~rnc1/descrack/

	

	under the heading \"NEW: 5 FEB 2002\".
	

	Fix is available at :
	

	http://www-3.ibm.com/security/cryptocards/html/release241.shtml

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH