Abstract
In this chapter, a description of the various attacks and countermeasures that apply to secure smart card applications is described. This chapter focuses on the attacks that could affect cryptographic algorithms, since the security of many applications is dependent on the security of these algorithms. Nevertheless, how these attacks can be applied to other security mechanisms is also described. The aim of this chapter is to demonstrate that a careful evaluation of embedded software is required to produce a secure smart card application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This is possibly overly strong, as it typically recommend that the bit lengths of \(p\) and \(q\) are approximately equal. However, it will provide the most security for a modulus of a given bit length assuming that \(p - q\) is sufficiently large to prevent an attacker from guessing their values by calculating \(\sqrt{N}\).
References
Akkar, M.-L. and Giraud, C. (2001). An implementation of DES and AES secure against some attacks. In Koç, C. K., Naccache, D., and Paar, C., editors, Cryptogaphic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 309–318. Springer-Verlag.
American National Standards Institute (1985). Financial Institution Key Management (Wholesale). American National Standards Institute.
Anderson, R. and Kuhn, M. (1996). Tamper resistance – a cautionary note. In Proceedings of the Second USENIX Workshop of Electronic Commerce, pages 1–11.
Anderson, R. and Kuhn, M. (1997). Low cost attacks on tamper resistant devices. In Christianson, B., Crispo, B., Lomas, T. M. A., and Roe, M., editors, Security Protocols, volume 1361 of Lecture Notes in Computer Science, pages 125–136. Springer-Verlag.
Aumüller, C., Bier, P., Hofreiter, P., Fischer, W., and Seifert, J.-P. (2002). Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In Kaliski, B. S., Koç, C. K., and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 260–275. Springer-Verlag.
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., and Whelan, C. (2006). The sorcerer’s apprentice guide to fault attacks. Proceedings of the IEEE, 94(2):370–382.
Biham, E. and Shamir, A. (1991). Differential cryptanalysis of DES-like cryptosystems. In Menezes, A. and Vanstone, S., editors, Advances in Cryptology – CRYPTO ’90, volume 537 of Lecture Notes in Computer Science, pages 2?-21. Springer-Verlag.
Biham, E. and Shamir, A. (1997). Differential fault analysis of secret key cryptosystems. In Kaliski, B. S., editor, Advances in Cryptology – CRYPTO ’97, volume 1294 of Lecture Notes in Computer Science, pages 513–525. Springer-Verlag.
Blömer, J. and Seifert, J.-P. (2003). Fault based cryptanalysis of the advanced encryption standard (AES). In Wright, R. N., editor, Financial Cryptography – FC 2003, volume 2742 of Lecture Notes in Computer Science, pages 162–181. Springer-Verlag.
Boneh, D., DeMillo, R. A., and Lipton, R. J. (1997). On the importance of checking computations. In Fumy, W., editor, Advances in Cryptology – EUROCRYPT ’97, volume 1233 of Lecture Notes in Computer Science, pages 37–51. Springer-Verlag.
Brier, E., Clavier, C., and Olivier, F. (2004). Correlation power analysis with a leakage model. In Joye, M. and Quisquater, J.-J., editors, Cryptographic Hardware and Embedded Systems – CHES 2004, volume 3156 of Lecture Notes in Computer Science, pages 16–29. Springer-Verlag.
Chari, S., Jutla, C. S., Rao, J. R., and Rohatgi, P. (1999). Towards approaches to counteract power-analysis attacks. In Wiener, M., editor, Advances in Cryptology – CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pages 398–412. Springer-Verlag.
Chevallier-Mames, B., Ciet, M., and Joye, M. (2004). Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers, 53(6):760–768.
Clavier, C., Coron, J.-S., and Dabbous, N. (2000). Differential power analysis in the presence of hardware countermeasures. In Koç, C. K. and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2000, volume 1965 of Lecture Notes in Computer Science, pages 252–263. Springer-Verlag.
Fouillat, P. (1990). Contribution a l’etude de l’interaction entre un faisceau laser et un milieu semiconducteur, Applications a l’etude du Latchup et al l’analyse d’etats logiques dans les circuits integres en technologie CMOS. PhD thesis, University of Bordeaux.
Gandolfi, K., Mourtel, C., and Olivier, F. (2001). Electromagnetic analysis: Concrete results. In Koç, C. K., Naccache, D., and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 251–261. Springer-Verlag.
Giraud, C. and Thiebeauld, H. (2004). A survey on fault attacks. In Deswarte, Y. and Kalam, A. A. El, editors, Smart Card Research and Advanced Applications VI – 18th IFIP World Computer Congress, pages 159–176. Kluwer Academic.
Govindavajhala, S. and Appel, A. W. (2003). Using memory errors to attack a virtual machine. In IEEE Symposium on Security and Privacy 2003, pages 154–165.
Gutmann, P. (2004). Security Architecture. Springer-Verlag.
Habing, D. H. (1992). The use of lasers to simulate radiation-induced transients in semiconductor devices and circuits. IEEE Transactions On Nuclear Science, 39:1647–1653.
International Organization for Standardization (1997). ISO/IEC 7816–3 Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols. International Organization for Standardization.
International Organization for Standardization (1999). ISO/IEC 7816–2 Identification cards - Integrated circuit cards - Part 2: Cards with contacts - Dimensions and location of the contacts. International Organization for Standardization.
Joye, M. and Olivier, F. (2005). Side-channel attacks. In van Tilborg, H., editor, Encyclopedia of Cryptography and Security, pages 571–576. Kluwer Academic Publishers.
Kahn, D. (1997). The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Simon & Schuster Inc., second edition.
Knuth, D. (2001). The Art of Computer Programming, volume 2, Seminumerical Algorithms. Addison-Wesley, third edition.
Kocher, P. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Koblitz, N., editor, Advances in Cryptology – CRYPTO ’96, volume 1109 of Lecture Notes in Computer Science, pages 104–113. Springer-Verlag.
Kocher, P., Jaffe, J., and Jun, B. (1999). Differential power analysis. In Wiener, M. J., editor, Advances in Cryptology – CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer-Verlag.
Kommerling, O. and Kuhn, M. (1999). Design principles for tamper resistant smartcard processors. In USENIX Workshop on Smartcard Technology, pages 9–20.
Mangard, S., Oswald, E., and Popp, T. (2007). Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer-Verlag.
May, T. and Woods, M. (1978). A new physical mechanism for soft erros in dynamic memories. In 16\({th}\) International Reliability Physics Symposium.
Menezes, A., van Oorschot, P., and Vanstone, S. (1997). Handbook of Applied Cryptography. CRC Press.
Messerges, T. S. (2000). Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois, Chicago.
Meyer, C. (2000). Private communication. Carl Meyer was one of the designers of the DES algorithm.
MIPS-Technologies (2001). MIPSâ„¢architecture for programmers volume I: Introduction to the MIPS32â„¢architecture. Technical Report MD00082, Revision 0.95.
Murdocca, M. and Heuring, V. P. (2000). Principles of Computer Architecture. Addison-Wesley.
Naccache, D., Nguyen, P. Q., Tunstall, M., and Whelan, C. (2005). Experimenting with faults, lattices and the DSA. In Vaudenay, S., editor, Public Key Cryptography – PKC 2005, volume 3386 of Lecture Notes in Computer Science, pages 16–28. Springer-Verlag.
NIST (1999). Data Encryption Standard (DES) (FIPS-46-3). National Institute of Standards and Technology.
NIST (2001). Advanced Encryption Standard (AES) (FIPS-197). National Institute of Standards and Technology.
Pouget, V. (2000). Simulation experimentale par impulsions laser ultra-courtes des effets des radiations ionisantes sur les circuits integres. PhD thesis, University of Bordeaux.
Quisquater, J.-J. and Samyde, D. (2001). Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In Attali, I. and Jensen, T. P., editors, Smart Card Programming and Security, International Conference on Research in Smart Cards – E-smart 2001, volume 2140 of Lecture Notes in Computer Science, pages 200–210. Springer-Verlag.
Rivest, R., Shamir, A., and Adleman, L. M. (1978). Method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126.
Samyde, D., Skorobogatov, S. P., Anderson, R. J., and Quisquater, J.-J. (2002). On a new way to read data from memory. In Proceedings of the First International IEEE Security in Storage, Workshop, pp. 65–69.
Skorobogatov, S. and Anderson, R. (2002). Optical fault induction attacks. In Kaliski, B. S., Ç. K. Koç, and Paar, C., editors, Cryptographic Hardware and Embedded Systems – CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 2–12. Springer-Verlag.
Skorobogatov, S. P. (2005). Semi-Invasive Attacks – A New Approach to Hardware Security Analysis. PhD thesis, University of Cambridge. available at http://www.cl.cam.ac.uk/TechReports/
Wright, P. (1987). Spycatcher. Heineman.
Ziegler, J. (1979). Effect of cosmic rays on computer memories. Science, 206:776–788.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Tunstall, M. (2014). Smart Card Security. In: Markantonakis, K., Mayes, K. (eds) Secure Smart Embedded Devices, Platforms and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7915-4_7
Download citation
DOI: https://doi.org/10.1007/978-1-4614-7915-4_7
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-7914-7
Online ISBN: 978-1-4614-7915-4
eBook Packages: Computer ScienceComputer Science (R0)