Skip to main content
SpringerLink
Log in

Smart Card Security

  • Chapter
  • First Online:
Secure Smart Embedded Devices, Platforms and Applications

  • 3114 Accesses

Abstract

In this chapter, a description of the various attacks and countermeasures that apply to secure smart card applications is described. This chapter focuses on the attacks that could affect cryptographic algorithms, since the security of many applications is dependent on the security of these algorithms. Nevertheless, how these attacks can be applied to other security mechanisms is also described. The aim of this chapter is to demonstrate that a careful evaluation of embedded software is required to produce a secure smart card application.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 249.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This is possibly overly strong, as it typically recommend that the bit lengths of \(p\) and \(q\) are approximately equal. However, it will provide the most security for a modulus of a given bit length assuming that \(p - q\) is sufficiently large to prevent an attacker from guessing their values by calculating \(\sqrt{N}\).

References

  1. Akkar, M.-L. and Giraud, C. (2001). An implementation of DES and AES secure against some attacks. In Koç, C. K., Naccache, D., and Paar, C., editors, Cryptogaphic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 309–318. Springer-Verlag.

    Google Scholar 

  2. American National Standards Institute (1985). Financial Institution Key Management (Wholesale). American National Standards Institute.

    Google Scholar 

  3. Anderson, R. and Kuhn, M. (1996). Tamper resistance – a cautionary note. In Proceedings of the Second USENIX Workshop of Electronic Commerce, pages 1–11.

    Google Scholar 

  4. Anderson, R. and Kuhn, M. (1997). Low cost attacks on tamper resistant devices. In Christianson, B., Crispo, B., Lomas, T. M. A., and Roe, M., editors, Security Protocols, volume 1361 of Lecture Notes in Computer Science, pages 125–136. Springer-Verlag.

    Google Scholar 

  5. Aumüller, C., Bier, P., Hofreiter, P., Fischer, W., and Seifert, J.-P. (2002). Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In Kaliski, B. S., Koç, C. K., and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 260–275. Springer-Verlag.

    Google Scholar 

  6. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., and Whelan, C. (2006). The sorcerer’s apprentice guide to fault attacks. Proceedings of the IEEE, 94(2):370–382.

    Google Scholar 

  7. Biham, E. and Shamir, A. (1991). Differential cryptanalysis of DES-like cryptosystems. In Menezes, A. and Vanstone, S., editors, Advances in Cryptology – CRYPTO ’90, volume 537 of Lecture Notes in Computer Science, pages 2?-21. Springer-Verlag.

    Google Scholar 

  8. Biham, E. and Shamir, A. (1997). Differential fault analysis of secret key cryptosystems. In Kaliski, B. S., editor, Advances in Cryptology – CRYPTO ’97, volume 1294 of Lecture Notes in Computer Science, pages 513–525. Springer-Verlag.

    Google Scholar 

  9. Blömer, J. and Seifert, J.-P. (2003). Fault based cryptanalysis of the advanced encryption standard (AES). In Wright, R. N., editor, Financial Cryptography – FC 2003, volume 2742 of Lecture Notes in Computer Science, pages 162–181. Springer-Verlag.

    Google Scholar 

  10. Boneh, D., DeMillo, R. A., and Lipton, R. J. (1997). On the importance of checking computations. In Fumy, W., editor, Advances in Cryptology – EUROCRYPT ’97, volume 1233 of Lecture Notes in Computer Science, pages 37–51. Springer-Verlag.

    Google Scholar 

  11. Brier, E., Clavier, C., and Olivier, F. (2004). Correlation power analysis with a leakage model. In Joye, M. and Quisquater, J.-J., editors, Cryptographic Hardware and Embedded Systems – CHES 2004, volume 3156 of Lecture Notes in Computer Science, pages 16–29. Springer-Verlag.

    Google Scholar 

  12. Chari, S., Jutla, C. S., Rao, J. R., and Rohatgi, P. (1999). Towards approaches to counteract power-analysis attacks. In Wiener, M., editor, Advances in Cryptology – CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pages 398–412. Springer-Verlag.

    Google Scholar 

  13. Chevallier-Mames, B., Ciet, M., and Joye, M. (2004). Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers, 53(6):760–768.

    Google Scholar 

  14. Clavier, C., Coron, J.-S., and Dabbous, N. (2000). Differential power analysis in the presence of hardware countermeasures. In Koç, C. K. and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2000, volume 1965 of Lecture Notes in Computer Science, pages 252–263. Springer-Verlag.

    Google Scholar 

  15. Fouillat, P. (1990). Contribution a l’etude de l’interaction entre un faisceau laser et un milieu semiconducteur, Applications a l’etude du Latchup et al l’analyse d’etats logiques dans les circuits integres en technologie CMOS. PhD thesis, University of Bordeaux.

    Google Scholar 

  16. Gandolfi, K., Mourtel, C., and Olivier, F. (2001). Electromagnetic analysis: Concrete results. In Koç, C. K., Naccache, D., and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 251–261. Springer-Verlag.

    Google Scholar 

  17. Giraud, C. and Thiebeauld, H. (2004). A survey on fault attacks. In Deswarte, Y. and Kalam, A. A. El, editors, Smart Card Research and Advanced Applications VI – 18th IFIP World Computer Congress, pages 159–176. Kluwer Academic.

    Google Scholar 

  18. Govindavajhala, S. and Appel, A. W. (2003). Using memory errors to attack a virtual machine. In IEEE Symposium on Security and Privacy 2003, pages 154–165.

    Google Scholar 

  19. Gutmann, P. (2004). Security Architecture. Springer-Verlag.

    Google Scholar 

  20. Habing, D. H. (1992). The use of lasers to simulate radiation-induced transients in semiconductor devices and circuits. IEEE Transactions On Nuclear Science, 39:1647–1653.

    Google Scholar 

  21. International Organization for Standardization (1997). ISO/IEC 7816–3 Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols. International Organization for Standardization.

    Google Scholar 

  22. International Organization for Standardization (1999). ISO/IEC 7816–2 Identification cards - Integrated circuit cards - Part 2: Cards with contacts - Dimensions and location of the contacts. International Organization for Standardization.

    Google Scholar 

  23. Joye, M. and Olivier, F. (2005). Side-channel attacks. In van Tilborg, H., editor, Encyclopedia of Cryptography and Security, pages 571–576. Kluwer Academic Publishers.

    Google Scholar 

  24. Kahn, D. (1997). The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Simon & Schuster Inc., second edition.

    Google Scholar 

  25. Knuth, D. (2001). The Art of Computer Programming, volume 2, Seminumerical Algorithms. Addison-Wesley, third edition.

    Google Scholar 

  26. Kocher, P. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Koblitz, N., editor, Advances in Cryptology – CRYPTO ’96, volume 1109 of Lecture Notes in Computer Science, pages 104–113. Springer-Verlag.

    Google Scholar 

  27. Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In Wiener, M. J., editor, Advances in Cryptology – CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer-Verlag.

    Google Scholar 

  28. Kommerling, O. and Kuhn, M. (1999). Design principles for tamper resistant smartcard processors. In USENIX Workshop on Smartcard Technology, pages 9–20.

    Google Scholar 

  29. Mangard, S., Oswald, E., and Popp, T. (2007). Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer-Verlag.

    Google Scholar 

  30. May, T. and Woods, M. (1978). A new physical mechanism for soft erros in dynamic memories. In 16\({th}\) International Reliability Physics Symposium.

    Google Scholar 

  31. Menezes, A., van Oorschot, P., and Vanstone, S. (1997). Handbook of Applied Cryptography. CRC Press.

    Google Scholar 

  32. Messerges, T. S. (2000). Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois, Chicago.

    Google Scholar 

  33. Meyer, C. (2000). Private communication. Carl Meyer was one of the designers of the DES algorithm.

    Google Scholar 

  34. MIPS-Technologies (2001). MIPSâ„¢architecture for programmers volume I: Introduction to the MIPS32â„¢architecture. Technical Report MD00082, Revision 0.95.

    Google Scholar 

  35. Murdocca, M. and Heuring, V. P. (2000). Principles of Computer Architecture. Addison-Wesley.

    Google Scholar 

  36. Naccache, D., Nguyen, P. Q., Tunstall, M., and Whelan, C. (2005). Experimenting with faults, lattices and the DSA. In Vaudenay, S., editor, Public Key Cryptography – PKC 2005, volume 3386 of Lecture Notes in Computer Science, pages 16–28. Springer-Verlag.

    Google Scholar 

  37. NIST (1999). Data Encryption Standard (DES) (FIPS-46-3). National Institute of Standards and Technology.

    Google Scholar 

  38. NIST (2001). Advanced Encryption Standard (AES) (FIPS-197). National Institute of Standards and Technology.

    Google Scholar 

  39. Pouget, V. (2000). Simulation experimentale par impulsions laser ultra-courtes des effets des radiations ionisantes sur les circuits integres. PhD thesis, University of Bordeaux.

    Google Scholar 

  40. Quisquater, J.-J. and Samyde, D. (2001). Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In Attali, I. and Jensen, T. P., editors, Smart Card Programming and Security, International Conference on Research in Smart Cards – E-smart 2001, volume 2140 of Lecture Notes in Computer Science, pages 200–210. Springer-Verlag.

    Google Scholar 

  41. Rivest, R., Shamir, A., and Adleman, L. M. (1978). Method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126.

    Google Scholar 

  42. Samyde, D., Skorobogatov, S. P., Anderson, R. J., and Quisquater, J.-J. (2002). On a new way to read data from memory. In Proceedings of the First International IEEE Security in Storage, Workshop, pp. 65–69.

    Google Scholar 

  43. Skorobogatov, S. and Anderson, R. (2002). Optical fault induction attacks. In Kaliski, B. S., Ç. K. Koç, and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 2–12. Springer-Verlag.

    Google Scholar 

  44. Skorobogatov, S. P. (2005). Semi-Invasive Attacks – A New Approach to Hardware Security Analysis. PhD thesis, University of Cambridge. available at http://www.cl.cam.ac.uk/TechReports/

  45. Wright, P. (1987). Spycatcher. Heineman.

    Google Scholar 

  46. Ziegler, J. (1979). Effect of cosmic rays on computer memories. Science, 206:776–788.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Bristol, Bristol, United Kingdom

    Michael Tunstall

Authors
  1. Michael Tunstall
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Tunstall .

Editor information

Editors and Affiliations

  1. Information Security Group Smart Card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Konstantinos Markantonakis

  2. Information Security Group Smart Card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Keith Mayes

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Tunstall, M. (2014). Smart Card Security. In: Markantonakis, K., Mayes, K. (eds) Secure Smart Embedded Devices, Platforms and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7915-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-7915-4_7

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-7914-7

  • Online ISBN: 978-1-4614-7915-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation