Recently two researchers from the University of Cambridge alleged that they had broken the IBM 4758 PCI Cryptographic Coprocessor, enabling them to potentially clone bank cards. While IBM takes any threats to the security of these networks very seriously, IBM does not agree that the method is practical under conditions representative of standard industry practice. The security of the banking networks is of paramount importance to IBM and its customers.

The method of obtaining DES keys is based on an assumption that a trusted insider would be granted access to run programs of his choosing and copy information from the system. Organizations running systems with the sensitive keys assumed in the method are advised by industry standard practices to take steps which would thwart the described method. Further, IBM has indicated in its publications that users must take precautions when using services central to the method. IBM believes that the method would be infeasible in realistic system implementations.

FIPS 140-1 Level 3 and level 4 certification of the IBM 4758 PCI Cryptographic Coprocessor remains unaffected by the methods described, and the ability to install appropriate software enhancements to the Coprocessor remains secure.

Users of the IBM PCI Cryptographic Coprocessor with the IBM Common Cryptographic Architecture (CCA) should review the following information to better understand their situation.

The IBM CCA implementation includes services to accomplish a wide variety of DES key management approaches that are required to inter-operate with legacy crypto-systems and to implement some standards. As is generally true of security systems, any services not expressly required in a given situation should be disabled. Sensitive services should only be enabled under controlled and audited circumstances.

Central to the researchers' method of obtaining keys is the use of the CCA Key-Part-Import and Key-Export services. As described in the IBM CCA Support Program Installation Manual, these are sensitive capabilities which should only be enabled under special, controlled circumstances. The CCA hardware-enforced access control system is used to disable, or limit the use of services.

Users of CCA on the IBM eServer zSeries are encouraged to use the Trusted Key Entry feature for loading of clear key parts. With use of Trusted Key Entry, the Key-Part-Import service can and should be disabled in the CCA access control system.

Users of CCA on the IBM eServer iSeries should disable use of the Key-Part_Import service, and use the OS/400 access control system to enforce use of trusted key-entry programs by designated security officers.

As indicated in the CCA Installation Manual for CCA on IBM eServer pSeries with AIX, and on xSeries with either Windows NT or Windows 2000, use of the Key-Part-Import service should be avoided. IBM provides this service to accommodate its customers, but recommends that the service be disabled. IBM recommends clear key introduction through public-key based techniques.

Customers with questions about this subject should contact their IBM Representative, or submit an inquiry to the Crypto Support Team.