By Dr. Peter Laackmann and Marcus Janke, Infineon Technologies
It is well known that monoculture, used in forestry or crop plantings for greater yields, may lead to a dramatically increased susceptibility for pathogens and diseases. Today, a similar insight is also growing in the security chip industry, where technological monocultures were introduced mainly due to cost reasons.
New significant threats were thereby generated, and efficient countermeasures, as well as prophylactic security concepts for appropriate diversification between applications, are needed. Again, the industry is standing at the crossroads, where radical rethinking is vital.
The new threats
Security microcontrollers in the field are facing more and more threats, growing more dangerous each day. At the same time, new applications like electronic passports and national identification cards demand increased security lifetimes.
Today, it must be noted that many manufacturers tend towards a chip “monoculture”, heavily re-using not only production technology nodes, but also security technology details, for their complete portfolio. At first sight, from the viewpoint of development cost reduction, re-use and logistics, for a chip manufacturer this strategy could appear to be a nice choice. In the mid and long term instead, such strategies often may turn out to be a blocking point for use of such chips in long-living security applications:
The potential reward for an attacker is much higher, if the same chip family, or even the same chip, is used for many different applications. If successful, he could exploit different systems in the field, or sell his knowledge to other parties that are interested in hacking a specific application. The learning curve for an attacker is much more efficient, as also the attacker can re-use his findings and results without having to repeat all steps of reverse engineering/physical, semi-invasive or side channel attacks.
The success factors for an attacker are much higher, if he can utilize distributed capabilities, sometimes called “hackerspaces”. If a chip family or chip type is used for many different applications, naturally there will be more people interested in working on the attack. Almost automatically, a distributed hacking offensive may follow.
A very special threat arises if a customer choses a chip that is already being used, or will be used, in access control (“Pay-TV”). Attacking Pay-TV security chips is in fact an international business, performed in industrial ranges. For earnings in the multi-million bracket, attacks in the range of several hundred thousand dollars are a profitable investment in order to attack a specific chip family.
Once a Pay-TV pirate has been successful, and the attack methodologies against a specific chip family are known to hackers, often the spread of this knowledge cannot be effectively controlled any more. Once an attack has been demonstrated, it usually can be projected against other applications the chip family is used in. The “services” of known Pay-TV hackers could then be of interest for passport/ eID card forgery organizations, too.
A typical Pay-TV attack would include reverse-engineering, chip delayering and microphotography, re-assembly of the information in those photos, and physical attacks prepared by specialists. Some experts compare the Pay-TV “pirate industry” with structures found in international organized crime. Even inter-pirate battles are known, where the hackers try to attack each other by stealing or manipulating each others’ products.
Although the pirates want to keep their attacks unpublished, often the results and detailed hacking scenarios are leaked. Others then can repeat the attacks on other applications.
Many security experts, as well as evaluators and certification bodies are watching this evolution of threats with concern. Moreover, in history even many cases of “scam” are known where the public image of security chips has been severely damaged, although there was no real attack present at that time.
This threat originates from the fact that, in the illegal Pay-TV scene, rumours are constantly being spread about successful attacks. Many cases of scam are found in that scene, typically comprising the statement that a specific system has been hacked and pirate cards, the so-called “emulators”, are available for purchase. Private customers often fall for such tricks – buying useless cards, most probably without having a chance to get their money back.
But this scam is not only affecting users, it also may also directly affect the public image of a chip used in both Pay-TV and government ID sectors. The rumour of a potentially hacked chip family alone can already damage the product reputation and may be significant for a decision for or against a specific chip family.
Detecting the threat is not always simple, as in many cases the use of the same product concept for different application fields is not clearly visible. Application-specific brochures can often be found, but usually those do not give information about other uses for a specific product. Therefore, one could advise a customer to always compare all brochures of a chip manufacturer to identify “re-use” of chips or chip families for other applications. In addition, the following check list could help users find an own opinion about potential dangers of a specific product if to be used in long-lasting applications.
Effective countermeasures and prevention
First of all, effective prevention can be achieved, and should be carried out by the chip manufacturer. A clear application-oriented portfolio with a wise separation of application groups is most vital for success. This separation, of course, must not only include the product naming but instead the very heart of security itself – the concept and design. These must be chosen in a way that the potential rewards, the learning curve and the success factors for an attacker are minimized if the adversary would jump from one product family to the other.
Tailored security, allowing separation of application groups, is vital for achieving long-living security in the government ID sector.
Technically, these requirements can in fact be solved, which has now been demonstrated by Infineon. Different designs, different micro-architecture, different timing, different chip- and individual family parameters, different internal encryption mechanisms, and different machine language codes are only some examples to differentiate one family from the other. Such measures have to be taken from the scratch if a new product family is being designed, so they pose an extra financial effort for realisation – but such efforts soon pay off.
It can be assumed that more and more governments will refrain from utilizing “Pay-TV chips” in their national travel documents or ID cards. There are first indications that such chips or families may often be simply banned from use in applications that are critical concerning national security issues.
Preventive technical countermeasures are known and can be taken, which has been demonstrated by Infineon. Their additional efforts soon paid off in terms of long-term security and customer satisfaction.
Product security not only includes the right way of choosing security features, but also the right choice of portfolio strategy and inter-application overlap or isolation, respectively.
Checklist: Identifying dangers for government ID chips
- For what other applications is the same product family (or even the same chip) advertised?
- If separated, do the families differ in design or just in naming?
- Are there weaknesses in chip distribution and logistics?
- Who else is able to purchase the same chip family?
- Are old technology nodes (structure size) utilized?
- Are old (analog) security mechanisms used?
- Is excessive wording like “100% secure”, “unhackable”, etc. used?
- Are significant restrictions given in the product certification?