printer friendly version

Reverse-engineering a cipher

The use of chip-based devices stretches across various domains including retail, banking, information-geochronology (IT) businesses and other corporate environments. The security in devices has traditionally been largely dependent on the secrecy of the proprietary cryptographic algorithms embedded into the network solutions.

In the recent years, security experts have often relied on reverse engineering techniques for evaluating and studying the weakness of the cryptographic algorithms used in these systems. While these techniques have offered results, their viability in terms of supporting the design and reconstruction of the hardware framework has always been questioned.

To allay these viability concerns, researchers from US-based University of Virginia have developed an innovative solution to reverse-engineer a cipher from network implementations. The solution mainly aims at weighing the cost associated with measuring the weakness and vulnerability of algorithms embedded in silicon-based wireless systems. The solution integrates advanced template matching techniques and tests the robustness of the cryptographic design employed in the silicon-embedded network systems.

The solution essentially uses a completely automated approach to uncover a cipher from a given RFID tag that is typically not known to have a software or micro-code implementation. The system is designed on the classical Mifare RFID technique, which is the most renowned technology for contactless smart card. It employs a sophisticated suite of image and protocol analysis techniques to evaluate the grade of protection offered by the cryptographic security blanket in network systems. Additionally, the solution also measures the protection levels in the system by weighing the susceptibility quotient of the authentication protocols on the basis of the internal number generation strategies commonly employed by the systems.

The framework of the system considers the weakest link of a security system to be the yardstick for measuring its cryptographic strength. This forms the core logic for implementing the solution. Additionally, the solution also considers other parameters such as structure of the cipher, random number generation mechanism and protocol defects in a system for evaluating the weakness of a given system. This enables the approach to be equipped to evaluate even computed attacks that arise due to weak random numbers and false user identification. This unique ability bears extreme significance in the contactless smartcard networking environment, wherein the average cost of attack contracts from several hours to minutes.

The innovative project has received partial funding from Virginia-based National Science Foundation under the CyberTrust program. The University also shares collaboration with Berlin-based Chaos Computer Club, a setup constituting of expert hackers and security experts. The partnership has enabled the researchers to leverage the organisations’ rich expertise in the domain of cryptography and network security.

The security aspect in embedded devices and network systems has gained increasing importance in the recent years, as the vulnerability of sensitive data is increasingly at risk to malicious agents and threat attacks. While this solution offers an able reverse-engineering platform for evaluating the grade of protection in network systems, Frost & Sullivan believes its functionality needs to be further enhanced to prevent complex relay attacks. This could possibly prevent the communication between authentic pairs of entities from being illegitimately relayed to other unauthorised channels.

Share this article:

Further reading: