Sie sind auf Seite 1von 63

HACKER5 | .

100/-
Inside
03
04
05
N C B
NEWSMAKERS BROADCASTING &
COMMUNICATION PVT LTD
OCT 2010 | HACKER5
08
OCT 2010 | HACKER5
09
OCT 2010 | HACKER5
10
C
y
e
r
H
a
c
k
i
n
g
b

C
y
b
e
r

H
a
c
k
n
g
i
y
C
b
e
r

H
a
c
k
i
n
g
21
OCT 2010 | HACKER5
22
OCT 2010 | HACKER5
24
OCT 2010 | HACKER5
25
OCT 2010 | HACKER5
27
OCT 2010 | HACKER5
28
OCT 2010 |HACKER5
30
OCT 2010 |HACKER5
31
OCT 2010 | HACKER5
33
OCT 2010 | HACKER5
34
OCT 2010 |HACKER5
7
SEP 2010 | CY83R GH057
39
OCT 2010 | HACKER5
NBC
NEWSMAKERS BROADCASTING &
COMMUNICATION PVT LTD
43
OCT 2010 | HACKER5
44
OCT 2010 | HACKER5
48
OCT 2010 | HACKER5
How Safe Is Your Swipe?
Thinking Like Hackers,
Programmers Find Security
Loopholes in Secure' Microchips
sed in a variety of products from
credit cards to satellite televisions,
U secure chips are designed to keep
encoded data safe. But hackers continue
to develop m ethods to crack the chips'
security codes and access the inform ation
w ithin.
Thinking like hackers, Prof. Avishai W ool
and his Ph.D . student Yossi O ren of Tel Aviv
U niversity's School of Electrical Engineer-
ing have developed an innovative w ay of
extracting inform ation from chip technol-
ogy. By com bining m odern cryptology
m ethods w ith constraint program m ing --
an area of com puter science designed to
solve a series of com plex equations -- Prof.
W ool and O ren w ere able to extract m ore
inform ation from secure chips. Their
research, w hich could lead to im portant
new advances in com puter security, w as
recently presented at the 12th W orkshop
on C ryptographic H ardw are and Em bed-
ded System s (C H ES) in Santa Barbara, C A .
Prof. W ool explains that cryptologists
like him self try to stay one step ahead of
attackers by thinking the w ay they do.
"C om panies need to know how secure
their chip is, and how it can be
cracked," he explains. "They need to
know w hat they're up against."
Blocking out the "noise"
A ccording to the researchers, the A chil-
les-heel of contem porary secure chips can
be found in the chip's pow er supply.
W hen a chip is in use, says Prof. W ool, it
em ploys a m iniscule am ount of pow er.
But the am ount of this pow er, and how it
fluctuates, depends on the kind of infor-
m ation the chip contains. By m easuring
the pow er fluctuations w ith an oscillo-
scope, a standard piece of lab equipm ent,
and analyzing the data using appropriate
algorithm s, a potential hacker could deci-
pher the inform ation that the chip con-
tains.
But extracting inform ation in this w ay,
through w hat the researchers call a "side
channel," can be com plex. W hen you do a
pow er trace, says Prof. W ool, there is a lot
of "noise" -- inaccuracies that result from
the different activities the chip is doing at
the tim e. H e and O ren have now identified
a m ethod for blocking out the "noise"
that has proved to be m ore effective than
previous m ethods.
W hen applied to inform ation gathered
from a pow er source, a com puter program
like the one Prof. W ool and O ren have cre-
ated can sort through this "noise" to
deliver a m ore accurate analysis of a chip's
secret contents. Their program is based in
"constraint program m ing" -- the sam e
com puter program m ing approach used
for com plex scheduling program s like
those used in the travel industry.
Know ing your enem y
N o chip can be 100% secure, Prof. W ool
adm its. But he also stresses that it's im por-
tant to explore the boundaries of how
secure inform ation can be extracted from
these chips. A n attacker could have access
to a variety of com puter technologies and
equipm ent -- so researchers need to know
the type of resources required to break a
code, explains Prof. W ool. H e has provided
inform ation to U .S. passport authorities
on how to m ake the chips in passports
m ore secure.
"W e need to think like the attackers,"
he says, "in order to raise the bar against
them .
50
OCT 2010 | HACKER5
51
OCT 2010 | HACKER5
53
OCT 2010 | HACKER5
54
OCT 2010 | HACKER5
S
e
r
a
L
e
n
e
i
r
o
,
s
f
e
t

o
n
r
y
t
o
a
s
c
u
t

s
r
i
n
t
e
n
t
u
f

r
e
58
OCT 2010 | HACKER5
Is
the 'best'
malware
ever?
Stuxnet
60
OCT 2010 | HACKER5
m
a

'S
r
t
W
o
r
k
w
h
a
rd

o
rk

'
S
a
r
t
W
o
r
k
m

d
o
h
a
r

w
r
k

61
OCT 2010 | HACKER5
62
OCT 2010 | HACKER5
63
OCT 2010 | HACKER5
65
OCT 2010 | HACKER5
66
OCT 2010 | HACKER5
What's a hacker's biggest fear?
68
OCT 2010 | HACKER5
70
OCT 2010 | HACKER5
71
OCT 2010 | HACKER5
72
OCT 2010 | HACKER5
73
OCT 2010 | HACKER5
77
OCT 2010 | HACKER5