Smart Card Security

2000

Every practical implementation of a cryptographic algorithm represents a physical device possessing potential side channels not covered by the security models of theoretical cryptography. Hence, even provable secure cryptographic algorithms may be attacked due to leakage of information. Smart cards and security ICs are often used as tamper-proof security devices. To prevent an attacker from exploiting easily accessible information like power consumption, running time, input-output behavior under malfunctions caused, i. e., by irregular clocking, radiation, power peaks, special precautions have to be taken. Commonly used countermeasures against information leakage are the reduction of the signal-to-noise ratio using special implementation techniques for hardware and software and the decorrelation of secret internal data from the channels observable by an attacker. In this contribution we survey the basic concepts of known attacks based on information leakage, i. e., timing attack, di...

2012

Smart cards are widely used in different areas of modern life including identification, banking, and transportation cards. Some types of cards are able to store data and process information as well. A number of them can run cryptographic algorithms to enhance the security of their transactions and it is usually believed that the information and values stored in them are completely safe. However, this is generally not the case due to the threat of the side channel. Side channel analysis is the process of obtaining additional information from the internal activity of a physical device beyond that allowed by its specifications. There exist different techniques to attempt to obtain

Smart card is not tamper proof but it is temper resistant and temper evident to a degree. Smart card is widely used for business transactions and multiple services in a wide range of industries worldwide to support access, identity, payments and other applications. This paper presents an overview of attacks against smart card implementations and possible countermeasures for attacks that can give background for the assessment of the tools to improve security system of cards.

2008

The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.

2000

The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.

The International Conference on Electrical Engineering

Smart card is a miniature computer with very limited hardware and software resources. Like any computer, an operating system is needed to manage the card hardware and software resources. Several smart card operating systems of different types were developed for this purpose. The basic functions of these operating systems are: handling the card input/out process, managing the file system, managing communication with card users/ application programs and data exchange with the cryptographic algorithms embedded in the card, if any. The user/application is allowed to interact with cryptographic algorithms with their default parameters and with no possibility of cryptographic parameters customization. This paper aims to make the smart card smarter by presenting a new type of smart card operating system that covers a new area of commands. The new set of cryptographic commands enables the applications/developer to deeply access the cryptographic primitives and customize their building blocks at run time. In order to test the new command set and demonstrate its features, the new operating system has been developed in embedded C language and implemented on an open platform card. Smart Card, Operating System, Cryptographic Primitives. Today, smart cards are widely used in our daily life. Their technology is being used in many fields like: credit cards, passports, health cards, ID cards, driving licenses, SIM cards for mobile phones, etc. Smart cards are originally known as integrated circuit cards (IC cards). The reason for naming IC cards with smart cards is that the card functions are not limited to those functions defined only at build time. The set of card functions could be extended in run time according to the system they work in and also according to user requirements. Smart cards with processor chip need an operating system known as Card Operating System (COS). The basic functions of COS are: managing the card resources, and enabling instructions execution and communication with the outer world. A variety of card operating systems have been developed. * Egyptian Armed Forces.

2007

ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Due to the contactless interface, they can be activated and read out from a distance. Thus, relay and other attacks are feasible, even without the owner noticing it. Tools being able to perform these attacks and carry out security analyses need to be developed. In this contribution, an implementation of a cost-effective, freely programmable ISO 14443 compliant multi function RFID reader and fake transponder is presented that can be employed for several promising purposes.

International Journal of Networks and Systems, 2024

Smart card technology has emerged as a powerful tool in the field of secure identification, authentication, and transaction processing. This abstract provides a comprehensive overview of smart card technology, highlighting its key features, applications, and benefits. Smart cards, also known as integrated circuit cards, are portable devices that incorporate a microprocessor and memory to securely store and process information. These cards have revolutionized various industries by enabling secure access control, secure payment transactions, and secure storage of sensitive data. The abstract begins by exploring the fundamental components and architecture of smart cards. It delves into the different types of smart cards, such as contact-based and contactless cards, and explains the communication protocols employed in their operation. Furthermore, the abstract discusses the extensive range of applications where smart cards have found widespread adoption. These applications include identification cards, payment cards, healthcare cards, transportation cards, and more. The abstract highlights the advantages of using smart cards in each of these domains, such as enhanced security, convenience, and interoperability.

Proceedings of the 2nd International Conference on Information Systems Security and Privacy, 2016

Smart cards are tamper resistant devices but vulnerabilities are sometimes discovered. We address in this paper the security and the functional testing of embedded applications in smart cards. We propose an original methodology for the evaluation of applications and we show its benefit by comparing it to a classical certification process. The proposed method is based on the observation of the APDU (Application Protocol Data unit) communication with the smart card. Some specific properties are verified as a complementary method in the evaluation process and allows the on-the-fly detection of an anomaly and the reasons that triggered this anomaly during the test. Here are presented two uses of this method: a simple use to illustrate the use of properties to verify an implementation of an application and a more complex illustration by applying the fuzzing method to show what we can obtain with the proposed approach, i.e. an analysis of an anomaly.