Advertisement

Smart Card Security

  • Michael TunstallEmail author
Chapter
  • 2.7k Downloads

Abstract

In this chapter, a description of the various attacks and countermeasures that apply to secure smart card applications is described. This chapter focuses on the attacks that could affect cryptographic algorithms, since the security of many applications is dependent on the security of these algorithms. Nevertheless, how these attacks can be applied to other security mechanisms is also described. The aim of this chapter is to demonstrate that a careful evaluation of embedded software is required to produce a secure smart card application.

Keywords

Embedded software Fault analysis Side channel analysis  Smart card security 

References

  1. 1.
    Akkar, M.-L. and Giraud, C. (2001). An implementation of DES and AES secure against some attacks. In Koç, C. K., Naccache, D., and Paar, C., editors, Cryptogaphic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 309–318. Springer-Verlag.Google Scholar
  2. 2.
    American National Standards Institute (1985). Financial Institution Key Management (Wholesale). American National Standards Institute.Google Scholar
  3. 3.
    Anderson, R. and Kuhn, M. (1996). Tamper resistance – a cautionary note. In Proceedings of the Second USENIX Workshop of Electronic Commerce, pages 1–11.Google Scholar
  4. 4.
    Anderson, R. and Kuhn, M. (1997). Low cost attacks on tamper resistant devices. In Christianson, B., Crispo, B., Lomas, T. M. A., and Roe, M., editors, Security Protocols, volume 1361 of Lecture Notes in Computer Science, pages 125–136. Springer-Verlag.Google Scholar
  5. 5.
    Aumüller, C., Bier, P., Hofreiter, P., Fischer, W., and Seifert, J.-P. (2002). Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In Kaliski, B. S., Koç, C. K., and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 260–275. Springer-Verlag.Google Scholar
  6. 6.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., and Whelan, C. (2006). The sorcerer’s apprentice guide to fault attacks. Proceedings of the IEEE, 94(2):370–382.Google Scholar
  7. 7.
    Biham, E. and Shamir, A. (1991). Differential cryptanalysis of DES-like cryptosystems. In Menezes, A. and Vanstone, S., editors, Advances in Cryptology – CRYPTO ’90, volume 537 of Lecture Notes in Computer Science, pages 2?-21. Springer-Verlag.Google Scholar
  8. 8.
    Biham, E. and Shamir, A. (1997). Differential fault analysis of secret key cryptosystems. In Kaliski, B. S., editor, Advances in Cryptology – CRYPTO ’97, volume 1294 of Lecture Notes in Computer Science, pages 513–525. Springer-Verlag.Google Scholar
  9. 9.
    Blömer, J. and Seifert, J.-P. (2003). Fault based cryptanalysis of the advanced encryption standard (AES). In Wright, R. N., editor, Financial Cryptography – FC 2003, volume 2742 of Lecture Notes in Computer Science, pages 162–181. Springer-Verlag.Google Scholar
  10. 10.
    Boneh, D., DeMillo, R. A., and Lipton, R. J. (1997). On the importance of checking computations. In Fumy, W., editor, Advances in Cryptology – EUROCRYPT ’97, volume 1233 of Lecture Notes in Computer Science, pages 37–51. Springer-Verlag.Google Scholar
  11. 11.
    Brier, E., Clavier, C., and Olivier, F. (2004). Correlation power analysis with a leakage model. In Joye, M. and Quisquater, J.-J., editors, Cryptographic Hardware and Embedded Systems – CHES 2004, volume 3156 of Lecture Notes in Computer Science, pages 16–29. Springer-Verlag.Google Scholar
  12. 12.
    Chari, S., Jutla, C. S., Rao, J. R., and Rohatgi, P. (1999). Towards approaches to counteract power-analysis attacks. In Wiener, M., editor, Advances in Cryptology – CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pages 398–412. Springer-Verlag.Google Scholar
  13. 13.
    Chevallier-Mames, B., Ciet, M., and Joye, M. (2004). Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers, 53(6):760–768.Google Scholar
  14. 14.
    Clavier, C., Coron, J.-S., and Dabbous, N. (2000). Differential power analysis in the presence of hardware countermeasures. In Koç, C. K. and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2000, volume 1965 of Lecture Notes in Computer Science, pages 252–263. Springer-Verlag.Google Scholar
  15. 15.
    Fouillat, P. (1990). Contribution a l’etude de l’interaction entre un faisceau laser et un milieu semiconducteur, Applications a l’etude du Latchup et al l’analyse d’etats logiques dans les circuits integres en technologie CMOS. PhD thesis, University of Bordeaux.Google Scholar
  16. 16.
    Gandolfi, K., Mourtel, C., and Olivier, F. (2001). Electromagnetic analysis: Concrete results. In Koç, C. K., Naccache, D., and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 251–261. Springer-Verlag.Google Scholar
  17. 17.
    Giraud, C. and Thiebeauld, H. (2004). A survey on fault attacks. In Deswarte, Y. and Kalam, A. A. El, editors, Smart Card Research and Advanced Applications VI – 18th IFIP World Computer Congress, pages 159–176. Kluwer Academic.Google Scholar
  18. 18.
    Govindavajhala, S. and Appel, A. W. (2003). Using memory errors to attack a virtual machine. In IEEE Symposium on Security and Privacy 2003, pages 154–165.Google Scholar
  19. 19.
    Gutmann, P. (2004). Security Architecture. Springer-Verlag.Google Scholar
  20. 20.
    Habing, D. H. (1992). The use of lasers to simulate radiation-induced transients in semiconductor devices and circuits. IEEE Transactions On Nuclear Science, 39:1647–1653.Google Scholar
  21. 21.
    International Organization for Standardization (1997). ISO/IEC 7816–3 Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols. International Organization for Standardization.Google Scholar
  22. 22.
    International Organization for Standardization (1999). ISO/IEC 7816–2 Identification cards - Integrated circuit cards - Part 2: Cards with contacts - Dimensions and location of the contacts. International Organization for Standardization.Google Scholar
  23. 23.
    Joye, M. and Olivier, F. (2005). Side-channel attacks. In van Tilborg, H., editor, Encyclopedia of Cryptography and Security, pages 571–576. Kluwer Academic Publishers.Google Scholar
  24. 24.
    Kahn, D. (1997). The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Simon & Schuster Inc., second edition.Google Scholar
  25. 25.
    Knuth, D. (2001). The Art of Computer Programming, volume 2, Seminumerical Algorithms. Addison-Wesley, third edition.Google Scholar
  26. 26.
    Kocher, P. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Koblitz, N., editor, Advances in Cryptology – CRYPTO ’96, volume 1109 of Lecture Notes in Computer Science, pages 104–113. Springer-Verlag.Google Scholar
  27. 27.
    Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In Wiener, M. J., editor, Advances in Cryptology – CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer-Verlag.Google Scholar
  28. 28.
    Kommerling, O. and Kuhn, M. (1999). Design principles for tamper resistant smartcard processors. In USENIX Workshop on Smartcard Technology, pages 9–20.Google Scholar
  29. 29.
    Mangard, S., Oswald, E., and Popp, T. (2007). Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer-Verlag.Google Scholar
  30. 30.
    May, T. and Woods, M. (1978). A new physical mechanism for soft erros in dynamic memories. In 16\({th}\) International Reliability Physics Symposium.Google Scholar
  31. 31.
    Menezes, A., van Oorschot, P., and Vanstone, S. (1997). Handbook of Applied Cryptography. CRC Press.Google Scholar
  32. 32.
    Messerges, T. S. (2000). Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois, Chicago.Google Scholar
  33. 33.
    Meyer, C. (2000). Private communication. Carl Meyer was one of the designers of the DES algorithm.Google Scholar
  34. 34.
    MIPS-Technologies (2001). MIPS™architecture for programmers volume I: Introduction to the MIPS32™architecture. Technical Report MD00082, Revision 0.95.Google Scholar
  35. 35.
    Murdocca, M. and Heuring, V. P. (2000). Principles of Computer Architecture. Addison-Wesley.Google Scholar
  36. 36.
    Naccache, D., Nguyen, P. Q., Tunstall, M., and Whelan, C. (2005). Experimenting with faults, lattices and the DSA. In Vaudenay, S., editor, Public Key Cryptography – PKC 2005, volume 3386 of Lecture Notes in Computer Science, pages 16–28. Springer-Verlag.Google Scholar
  37. 37.
    NIST (1999). Data Encryption Standard (DES) (FIPS-46-3). National Institute of Standards and Technology.Google Scholar
  38. 38.
    NIST (2001). Advanced Encryption Standard (AES) (FIPS-197). National Institute of Standards and Technology.Google Scholar
  39. 39.
    Pouget, V. (2000). Simulation experimentale par impulsions laser ultra-courtes des effets des radiations ionisantes sur les circuits integres. PhD thesis, University of Bordeaux.Google Scholar
  40. 40.
    Quisquater, J.-J. and Samyde, D. (2001). Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In Attali, I. and Jensen, T. P., editors, Smart Card Programming and Security, International Conference on Research in Smart Cards – E-smart 2001, volume 2140 of Lecture Notes in Computer Science, pages 200–210. Springer-Verlag.Google Scholar
  41. 41.
    Rivest, R., Shamir, A., and Adleman, L. M. (1978). Method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126.Google Scholar
  42. 42.
    Samyde, D., Skorobogatov, S. P., Anderson, R. J., and Quisquater, J.-J. (2002). On a new way to read data from memory. In Proceedings of the First International IEEE Security in Storage, Workshop, pp. 65–69.Google Scholar
  43. 43.
    Skorobogatov, S. and Anderson, R. (2002). Optical fault induction attacks. In Kaliski, B. S., Ç. K. Koç, and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 2–12. Springer-Verlag.Google Scholar
  44. 44.
    Skorobogatov, S. P. (2005). Semi-Invasive Attacks – A New Approach to Hardware Security Analysis. PhD thesis, University of Cambridge. available at http://www.cl.cam.ac.uk/TechReports/
  45. 45.
    Wright, P. (1987). Spycatcher. Heineman.Google Scholar
  46. 46.
    Ziegler, J. (1979). Effect of cosmic rays on computer memories. Science, 206:776–788.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom

Personalised recommendations