ATTACKS ON SMART CARDS

By sirisha.p 3vc07cs061
Under the guidance of Nagaveni biradar Asst. professor Dept. of cs&e

overview
Definition of smart card Applications of smart card

What is an attack on smart card

Known attacks on smart cards conclusion

WHAT?
Is a smart card

The standard definition of a smart card or integrated circuit card (ICC), is any pocket sized card with embedded integrated circuits.
Smart card : consist of the cards themselves and the back-end databases containing their data. The cards contain chips that can carry a range of information from just authentication credentials by themselves to customer information, account information and even sums of money.

HOW?
Does it look like

Smart Cards devices

VCC Reset Clock

Reserved

Whats in a Card?

Applications of smart cards

Mobile telephony

Banking
Transport

Identity cards/pass ports

Health cards

IT access control
Satellite TV

Why Attacks on smart cards

Attacks on smart cards are made to retrieve or manipulate confidential information stored in the chip by intruders . The silicon integrated chip is attacked using different methods . Methods may be Invasive : which cause physical damage Non - invasive

Known Attacks on Smart Cards

Retrieving Keys with DFA Physical Attacks EMA Attacks Perturbation Attacks Man-in-the-middle Attacks Invasive Tampering Attacks EEPROM Alteration Timing Analysis Attacks Power Consumption Attacks

Physical Attacks
Microelectronic tools enable to either access or modify an IC by removing or adding material. Depending on the tool and on its use the interesting effect or the attacker is to extract internal signals or manipulate connections inside the IC by adding or to cutting wires inside the silicon.

Perturbation Attacks
Perturbation attacks change the normal behavior of an IC in order to create an exploitable error. The behavior is typically changed either by applying an external source of energy during the operation of the IC, or by operating the IC outside its intended operating environment.

The attack will typically aim to make cryptographic operations weaker by creating faults that can be used to recover keys or plaintext, or to avoid or change the results of checks such as authentication or lifecycle state checks or else change the program flow.

EMA Attacks
When an IC is operating, each individual element will emit electromagnetic radiation in the same way as any other conductor with a current flowing through it. Due to the change of the data processed, small changes in the current flow will be the result. These current flow changes lead to an electromagnetic emission depending on the processed data.

Electromagnetic Analysis (EMA) attacks measure these electromagnetic emissions from an IC during its operation and inferences to the data processed.

The attack will typically aim to recover keys or plaintext, but may also be applied to recover other secret data such as PINs, or random numbers generated for use as secrets.

EEPROM ALTERATION
As all the key material of a smart card is stored in the electrically erasable, programmable, read only, memory (EEPROM), and due to the fact that EEPROM write operations can be affected by unusual voltages and temperatures, information can be trapped by raising or dropping the supplied voltage to the micro-controller. In general, the big problem of EEPROM is that unusual voltage and temperatures can affect its write operations .

Timing Analysis Attacks

Timing attacks are based on measuring the time it takes for a unit to perform operations. This information can lead to information about the secret keys. For example: By carefully measuring the amount of time required to perform private key operations, an attacker might find factor RSA keys, and break other cryptosystems. If a unit is vulnerable, the attack is computationally simple and often requires only known cipher text.

conclusion
Smart cards are playing a prominent role in every sector, so smart cards need to be secure since they contain confidential Information. Smart cards are made to be quite secure but still there are methods to attack them. Analyzing and measuring the attack methods will give scope to find methods which can make the smart cards more secure

references
A document by common criteria

A paper by hagai bar-e I on attacks on smart cards

Improving Smartcard Security Using Self-timed Circuit Technology, By Simon Moore, Ross Anderson, and Markus Kuhn

Java Smart Cards, By Y. L. Chan and H. Y. Chan

New Attacks to Public Key Cryptosystems on Tamperproof Devices, By Robert Deng, Albert Jeng, Desai Narasimhalu and Teow Hin Nagir

Smart Card Technology and Security, Author unknown Smart Cards and Private Currencies, By J. Orlin Grabbe

THANK YOU