Extracting a 3DES key from an IBM 4758 Frequently Asked Questions What does an IBM 4758 look like? The IBM 4758 is a PCI card that sits inside a PC. Most of the card is enclosed within a tamper-resistant enclosure -- the big box in the picture. The only other external circuitry is that for the backup batteries. It is worth around $4000.

Who uses IBM 4758s? Banks, corporations with Public Key Infrastructures, and probably some parts of the military. They are a popular and affordable (circa $4000) cryptoprocessor, with state-of-the-art tamper resistance and quite high throughput. Our attacks focus on their use in banking, which is the mainstay of their sales.





Banks, corporations with Public Key Infrastructures, and probably some parts of the military. They are a popular and affordable (circa $4000) cryptoprocessor, with state-of-the-art tamper resistance and quite high throughput. Our attacks focus on their use in banking, which is the mainstay of their sales. Are all IBM 4758s susceptible to the attack? Only the ones running the CCA.





Only the ones running the CCA. What is the CCA? The CCA is the "Common Cryptographic Architecture", which is a general purpose financial services API which IBM 4758s and many other IBM products implement.





The CCA is the "Common Cryptographic Architecture", which is a general purpose financial services API which IBM 4758s and many other IBM products implement. Are the IBM 4758 and the CCA the same thing? No, but the CCA is provided by default (and for free) with a IBM 4758. Some of the techniques used in our attack only work on the IBM 4758 implementation of the CCA. Others will work on all implementations of the CCA.





No, but the CCA is provided by default (and for free) with a IBM 4758. Some of the techniques used in our attack only work on the IBM 4758 implementation of the CCA. Others will work on all implementations of the CCA. How hard is it to physically attack a IBM 4758? Hard. It's shielded, potted, membrane-protected, and has temperature and X-ray sensors.





Hard. It's shielded, potted, membrane-protected, and has temperature and X-ray sensors. I heard that the IBM 4758 is FIPS Level 4 validated. Have you broken the validation? The IBM 4758 hardware and firmware have been validated to FIPS 140-1 Level 4, the Operating System has been validated to Level 3, but the Common Cryptographic Architecture has not been validated at all. So we haven't broken the FIPS validation. However, these attacks raise the important issue of what value FIPS validation can bring to a product. If it allows the exclusion of the actual API presented by the product, then what assurance can FIPS validation provide to an end user such as a bank that their sensitive data is safe?



IBM and FIPS need to rethink how FIPS validation is used in marketing.





The IBM 4758 hardware and firmware have been validated to FIPS 140-1 Level 4, the Operating System has been validated to Level 3, but the Common Cryptographic Architecture has not been validated at all. So we haven't broken the FIPS validation. However, these attacks raise the important issue of what value FIPS validation can bring to a product. If it allows the exclusion of the actual API presented by the product, then what assurance can FIPS validation provide to an end user such as a bank that their sensitive data is safe? IBM and FIPS need to rethink how FIPS validation is used in marketing. So what does FIPS Level 4 validation mean? FIPS 140-1 Validation is the American standard for tamper resistant hardware. Validation means that people at FIPS have tried quite hard to defeat the tamper resistance, and checked that your software conforms to their design rules. Level 4 also requires you to have used "formal methods" in the design process. Find out more about FIPS validation at their website.





FIPS 140-1 Validation is the American standard for tamper resistant hardware. Validation means that people at FIPS have tried quite hard to defeat the tamper resistance, and checked that your software conforms to their design rules. Level 4 also requires you to have used "formal methods" in the design process. Find out more about FIPS validation at their website. Are other cryptoprocessors susceptible as well as the IBM 4758? We have already used our parallel key search machine to extract the master key from one other cryptoprocessor, and documentation for other cryptoprocessors leads us to believe that many other cryptoprocessors which implement the standard banking network (VISA) transactions will be susceptible.





We have already used our parallel key search machine to extract the master key from one other cryptoprocessor, and documentation for other cryptoprocessors leads us to believe that many other cryptoprocessors which implement the standard banking network (VISA) transactions will be susceptible. What is DES? DES is an encryption algorithm. It processes data 64 bits at a time and scrambles it so that only someone who knows the key that was used can unscramble it again. DES was introduced in the early 1970's as the American standard encryption algorithm. It has been widely adopted in banking software. Given some encrypted data, there are no viable shortcuts to discovering which key was used. The only practical approach is the "brute force" method of trying all possible keys in turn until the one that was used is found. Since there are 2 56 possible keys (~72,000,000,000,000,000) this may take some time. At a million keys a second it would take over two thousand years to try every key.





DES is an encryption algorithm. It processes data 64 bits at a time and scrambles it so that only someone who knows the key that was used can unscramble it again. DES was introduced in the early 1970's as the American standard encryption algorithm. It has been widely adopted in banking software. Given some encrypted data, there are no viable shortcuts to discovering which key was used. The only practical approach is the "brute force" method of trying all possible keys in turn until the one that was used is found. Since there are 2 possible keys (~72,000,000,000,000,000) this may take some time. At a million keys a second it would take over two thousand years to try every key. What is Triple-DES (3DES)? Triple-DES is a much stronger algorithm than DES. It uses a double length key (112 bits) and does three DES operations, one after each other.





Triple-DES is a much stronger algorithm than DES. It uses a double length key (112 bits) and does three DES operations, one after each other. How much stronger is Triple-DES than DES? Triple-DES is 2 56 times stronger than DES. Put another way, if you could crack a DES key by brute force in 1 second, it would still take two billion years to crack a Triple-DES key in the same way.





Triple-DES is 2 times stronger than DES. Put another way, if you could crack a DES key by brute force in 1 second, it would still take two billion years to crack a Triple-DES key in the same way. What privileges do you need to run this attack? The CCA permissions required are : Combine_Key_Parts , Key_Export , Encipher and Generate_Replicate



There are plenty of other flavours of the attack, requiring slightly different combinations.





The CCA permissions required are : , , and There are plenty of other flavours of the attack, requiring slightly different combinations. What information does this attack steal from the bank? This attack can steal all exportable keys from the cryptoprocessor. These might include Communications Keys With these you can intercept the communications lines to ATMs, collect credit card numbers, or instruct the ATM to dispense cash. Pin Derivation Keys Stealing one of these keys will allow you to calculate the correct PIN numbers for thousands of customer accounts, just from the account number. Importer and Exporter Keys These keys will enable you to eavesdrop on long term communications with banks, and maybe compromise entire portions of the network





This attack can steal all exportable keys from the cryptoprocessor. These might include How do PIN numbers work? Most banks use the "IBM Pin Derivation Method". The 16 digit account number on the front of your credit or debit card is taken as a hexadecimal string. This is then converted to a 64 bit block, which is encrypted using a special "PIN Derivation Key". The resulting ciphertext is converted back into hexadecimal, and all but the first four characters are discarded. Any occurrences of the letters A..F are converted to 0..5 using a simple substitution table. The result is your PIN number. Account Number 5641326664532212 Encrypted with PIN derivation key F32C2F453ABD002A Truncated F32C Remapped 5322 Most banks let you change your PIN number. They do this by adding an offset to the original PIN, which marks the difference between old and new. These offsets are not securely stored, as without the root PIN, they are useless.





Most banks use the "IBM Pin Derivation Method". The 16 digit account number on the front of your credit or debit card is taken as a hexadecimal string. This is then converted to a 64 bit block, which is encrypted using a special "PIN Derivation Key". The resulting ciphertext is converted back into hexadecimal, and all but the first four characters are discarded. Any occurrences of the letters A..F are converted to 0..5 using a simple substitution table. The result is your PIN number. Most banks let you change your PIN number. They do this by adding an offset to the original PIN, which marks the difference between old and new. These offsets are not securely stored, as without the root PIN, they are useless. Why is PIN number theft so dangerous? PIN number theft is dangerous because there are so many ATMs that a criminal could use to withdraw money using a stolen account and PIN number. Once the attack has been run on the IBM 4758 and the results spirited away, no evidence will remain that it has been carried out. The bank will not know which accounts have been compromised, and will not be able to distinguish the thefts from valid withdrawals until customers start to complain about phantom withdrawals. By that time, the thieves can be in Bermuda.





PIN number theft is dangerous because there are so many ATMs that a criminal could use to withdraw money using a stolen account and PIN number. Once the attack has been run on the IBM 4758 and the results spirited away, no evidence will remain that it has been carried out. The bank will not know which accounts have been compromised, and will not be able to distinguish the thefts from valid withdrawals until customers start to complain about phantom withdrawals. By that time, the thieves can be in Bermuda. How would a bank respond if someone did this attack? We expect they would wish to prosecute the thieves. However, the bank would have to try and spot a pattern in the account numbers of customers complaining that their money had gone missing. They might then be able to identify what key material was stolen, and could reissue new cards to the customers affected. As one PIN derivation key covers many tens of thousands of accounts, the reissue would be very costly. Simply instructing the customers to change their PIN numbers is not sufficient, as this only changes the offset added to their root PIN (see "How do PIN numbers work?").





We expect they would wish to prosecute the thieves. However, the bank would have to try and spot a pattern in the account numbers of customers complaining that their money had gone missing. They might then be able to identify what key material was stolen, and could reissue new cards to the customers affected. As one PIN derivation key covers many tens of thousands of accounts, the reissue would be very costly. Simply instructing the customers to change their PIN numbers is not sufficient, as this only changes the offset added to their root PIN (see "How do PIN numbers work?"). Is all banking security this bad? Banking security isn't great. Ross Anderson's paper "Why Cryptosystems Fail" is a very accessible study of security problems from the banking industry.





Banking security isn't great. Ross Anderson's paper "Why Cryptosystems Fail" is a very accessible study of security problems from the banking industry. So can anyone who downloads this rip off a bank? Yes and no. You still need to spend some time pulling together all the resources provided here, and most importantly, you need someone on the inside at the bank.





Yes and no. You still need to spend some time pulling together all the resources provided here, and most importantly, you need someone on the inside at the bank. Who could rip off a bank then? First off, you need access to a live IBM 4758 i.e. one that protects real key material, in a real bank. Because of the access permissions required, this sort of attack requires you to be a bank manager or security officer that plays a part in manual key entry into the device. In practice there might be about three or four people in the bank with the relevant access privileges. If your insider is not one of these people, there are plenty of ways you can go about stealing one of their passwords.





First off, you need access to a live IBM 4758 i.e. one that protects real key material, in a real bank. Because of the access permissions required, this sort of attack requires you to be a bank manager or security officer that plays a part in manual key entry into the device. In practice there might be about three or four people in the bank with the relevant access privileges. If your insider is not one of these people, there are plenty of ways you can go about stealing one of their passwords. If this attack is so dangerous, why are you telling everyone? Our main reason for publishing this attack is to demonstrate the power of our parallel key search machine. IBM's CCA team was informed almost a year ago about this type of attack, but the latest release of their CCA Manual (Sep 2001) gives no indication that any relevant flaws have been fixed.





Our main reason for publishing this attack is to demonstrate the power of our parallel key search machine. IBM's CCA team was informed almost a year ago about this type of attack, but the latest release of their CCA Manual (Sep 2001) gives no indication that any relevant flaws have been fixed. Where can I go to book tickets to Bermuda? Go to http://www.bermuda-online.org/airlines.htm



Back to main page last modified 11 NOV 2001 -- http://www.cl.cam.ac.uk/~rnc1/descrack/faq.html