Transcript Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards

 Introduction
 Architecture
 Hardware
 Software
 Application
 Security
 Logical Attack
 Physical Attack
 Side channel Attack
Introduction
 Smart card is any pocket-sized card with embedded
integrated circuits which can process data.
 The first mass use of the cards was for payment in
French pay phones.
 Smart card itself is a small computer.
 Examples
 ATM
 Highway Toll cards
 Student Id cards
Architecture.(Hardware)
 CPU
 ROM
 RAM
 EEPROM
 Test Logic
 Security Logic
 I/O Interface
Architecture(Software)
 Modular software design
 Application separation
 Popular smartcard operating system is called Java Card
and uses proven security concepts from the Java
language
 The EEPROM is used similarly to a hard disk and can
contain files and directories with user and application
data.
Architecture(Software)
 Command Structure
 CLA: Class
 INS: Instruction
 P1, P2: Parameter
 P3 : Length
Smart card Vs RFID
 Strong security.
 Minimal security.
 Many security features
 Single function use.
can be safely stored.
 512 byte capacity.
 Short distance data
exchange.
 92 byte capacity. Most
of time read only.
 Large distance data
exchange.
Application
 Computer Security
 Financial
 Health care
 Identification
 Other
Security
Logical Attacks
 Hidden Commands
 Parameter poisoning
 File Access
 Malicious Applets
 Communication Protocol
Counter Measures
 Structured Design
 Formal verification
 Testing
 Standardization of Interfaces and Application
 Convergence of Java card OS
 Popularity of evaluation lab
Physical Attacks
 Chemical Solvents
 Microscopes
 Probe station
 Focused Ion beam
Counter Measures
 Feature size
 Multi layering
 Protective layering
 Sensors
 Bus scrambling
 Glue logic
Side Channel Attacks
 Power Consumption
 Electromagnetic radiation
 Time
 Voltage
 Temperature
 Lights and X rays
 Frequency
References
 ‘Advances in Smart card security’ by Marc Witteman.
 ‘Breaking Up Is Hard To Do: Modeling Security Threats
for Smart Cards’ By Bruce Schneier and Adam
Shostack
Thank You