Abstract
Information leakage is a major issue for homeland security. When entering and leaving certain countries which are particularly concerned by their national security, electronic devices such as mobile phones and laptops are examined, as well as data storage devices such as USB sticks and mobile hard drives. Technical investigations can be more or less thorough, and might lead up to confiscation of the material in case of doubt. At the same time, the use of smart cards is spreading over the world, mainly as a mode of payment, in public transportation or as SIM cards in mobile phones. These usages are widely adopted, in particular due to the security benefits delivered by these systems. But smart card technologies can also be used in an unconventional way to efficiently hide information crossing national borders. Smart cards have been designed as objects which ensure security in an untrustworthy environment. Their main function is to protect from the outside world and to hide their ways of working. A smart card is a programmable device, close to a very small computer, in which it is possible to hide functionalities impossible to detect. Today, it becomes possible to use a smart card in an unconventional manner, by using its storage and cryptographic capacities to carry information in an undetectable way, under the cover of a harmless common object. The following action could take place in any international airport: a sensitive list of identities and codes which should not been intercepted has to leave the country, the carrier even does not know he brings such of list within his SIM card. In the same way, one could use a smart card as a vector of infection in a closed environment, as modern operating systems now include the protocol layers necessary for their usage.
Similar content being viewed by others
References
Hitachi, Tohoku Univ Announce Multi-level Cell SPRAM, (2010). http://www.ptb.de/en/aktuelles/archiv/presseinfos/pi2011/pitext/pi110308.html
Extremely fast MRAM data storage within reach, (2011). http://www.ptb.de/en/aktuelles/archiv/presseinfos/pi2011/pitext/pi110308.html
Moreno R.: Procédé et dispositif de commande électronique (patent 2.266.222). INPI, France (1974)
Moreno R.: Data-transfer system (patent 4.007.355). USPTO, USA (1975)
Rankl W., Effing W.: Smart Card Handbook 4th Edition. Wiley, Chichester (2010)
Oracle. JSR268: Java Smart Card I/O, (2006). http://docs.oracle.com/javase/6/docs/jre/api/security/smartcardio/spec/
CardContact. OpenCard Framework 1.2 enhanced version, (2008). http://www.openscdp.org/ocf/
PCSCWorkgroup. PC/SC Framework Specifications 2.01.10, (2010). http://www.pcscworkgroup.com/
MUSCLE. PCSC-Lite version 1.8.2, (2012). http://www.musclecard.com/middle.html
Oracle. Java Card Platform Specifications 3.0.1, (2009). http://www.oracle.com/technetwork/java/javacard/specs-jsp-136430.html
Oracle. Java Platform, Standard Edition 7 API Specification, (2011). http://docs.oracle.com/javase/7/docs/api/index.html
Igor Pavlov. 7-Zip version 9.20, (2011). http://www.7-zip.org/7z.html
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Guyot, V. Smart card, the stealth leaker. J Comput Virol 8, 29–36 (2012). https://doi.org/10.1007/s11416-012-0159-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-012-0159-y