Smart card security

The security of a smart card system consists of the front-end enforcement, front-end and back-end verification, back-end audit and system fraud damage control. Security is addressed at the system level. Technically Mifare cards can be emulated. However, if the system security design is correct, fraud is only possible with a collaborating cardholder or merchant. It is improbable that a merchant would accept a payment with the cardholder carrying a big emulator to pay for the transaction.

Differential power analysis

Differential power analysis[1] involves measuring the precise time and electric current required for certain encryption or decryption operations. From these measurements, an attacker can deduce the on-chip private key used by public key algorithms such as RSA. Some implementations of symmetric ciphers can be vulnerable to timing or power attacks as well.

Physical disassembly

Smart cards can be physically disassembled by using acid, abrasives, or some other technique to obtain unrestricted access to the on-board microprocessor. Although such techniques involve a fairly high risk of permanent damage to the chip, and irrecoverable loss of the secret keys therein, they permit much more detailed information (e.g. photomicrographs of encryption hardware) to be extracted.

References

  1. Power Analysis Attacks. Springer.

External links

This article is issued from Wikipedia - version of the Wednesday, December 23, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.