Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart card security Nora Dabbous Security Technologies Department.

Published byJocelin Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "Smart card security Nora Dabbous Security Technologies Department."— Presentation transcript:

1 Smart card security Nora Dabbous Security Technologies Department

2 2 The Smart Card... The smart card stores electronic data and programs in a protected file system  Protection by advanced security features  Tamper resistance Several types of smart cards  Contact Memory Microprocessor  Contactless Memory Microprocessor Smart card often means Microprocessor card

3 3 Close-up view...

4 4 Memory Characteristics EEPROM (non volatile memory, write 100.000 times)  Up to 256K Bytes  Application data storage ROM (write once)  Up to 512 K Bytes  Software (Operating System) storage RAM (temporary)  Up to 5 K Bytes  Working memory Flash (non volatile memory)  Software patches or static application code & data

5 5 Contact Smart Cards Communication through electrical contacts

6 6 Contactless Smart Cards Communication over the air

7 The Chip Operating System File and directory management :  Create  Read Only  Add Information Only  Erase and Update Access protected by secret codes :  Data files  Secret Code files  Cryptographic key files

8 8 HOSTREADERSCARDS Application Players

9 9 Role of the Reader Application Software Reader Card The reader is the interface between the card and the application  It serves as a translator  It accepts the messages from the card and from the application software

10 10 Hardware Security

11 11 Smart card attack : Physical Security Smart card attacks : state of the art

12 12 Probing Data Used to know the data present on a bus micro-probing  probe the bus with a needle e-beam probing  probe the bus with an e-beam Si DATA BUS SI DATA BUS e-beam e - detector e -

13 13 Circuit modification Connect or disconnect security mechanism  disconnect security sensors  RNG stuck at a fixed value Cut or Paste tracks Add probe pads  make micro-probing of the buried layers possible Equipment Laser FIB Cut Metal strap

14 14 Fault Generation Vcc Clock Temperature UV Light X-Rays... Apply combinations of environmental conditions and bypass or infer secrets input key error

15 15 Hardware Security Measures Security Sensors (VCC, Temp. Light, UV, Clock) Data scrambling Address scrambling Current scrambling Several Independent Metal Layers Submicron scale Deeply buried buses Glue Logic

16 16 Embedded Software Security

17 17 Timing Attacks: Principles  TrueFalse Everything performed unconditionally before the test A test based on secret data is performed that leads to a boolean decision Depending on the boolean condition, the process may be long (t1) or short (t2) Everything performed unconditionally after the test

18 18 Power Attacks ICC's Power Consumption leaks information about data processing  Power Consumption = f(secret key, data) Deduce information about secret data and processing  empirical methods  statistical treatment Monitor ICC's Power Consumption  resistor  oscilloscope  post processing computer  chip

19 19 Power Analysis Tools for contact cards 5V 

20 20 Power Analysis Profiles Raw data, zoomed in Time Power 1m s Time

21 21 SPA attack on RSA Test key value : 0F 00 F0 00 FF 00 1 1 0F 0 0 0 0 00 1 1 1 1 0 0 F0 0 0 0 0 00 0 0 0 0 00 1 1 1 1 FF

22 22 Key value : 2E C6 91 5B F9 4A SPA attack on RSA 2 0010 E 1 1 10 C 1 100 6 0 1 10 9 100 1 1 000 1 5 0 10 1 B 10 1 1 F 1 1 9 100 1 4 0 100 A 10 10

23 23 description :  choose a subset (subK i ) of n bits of K  perform a statistical test for each possible value of a subK i  Choose the best guess  Iterate on all possible subK i 's Differential Power Analysis 2 n -1 012 2 1n K subK i

24 24 Differential Power Analysis data processing for a value x of a subK i : Average D x n lklkjlsdq fdgcxv 1 0 dfdsffb M0M0 MnMn M1M1 -

25 25 Differential Power Analysis Choosing the right guess 012 n -1

26 26 Differential Power Analysis  wrong subK i  right subK i

27 27 Add noise Scramble power consumption or stabilize it Randomize all sensitive data variables with a fresh mask for every execution of an algorithm Randomize, randomize, randomize … Secret keys Messages Private exponents Bases Moduli Countermeasures

28 28 Electromagnetic Analysis on RSA Tests require a de-capsulation of chip with semi invasive method. A scanning of surface is needed to find the « good » area where electromagnetic analysis is possible. The chip is powered by contact reader

29 29 Electromagnetic Analysis One byte processed Power Em1 Em2 One bit processed SqMult 0 0110000 10111111 d=..30... d=..bf...

30 30 Radio Frequency Analysis (Contactless Cards) Tests are non-invasive. A simple magnetic loop made with copper wire is needed. An image of the magnetic field, modified by the card’s consumption, is collected. The chip is powered by a contactless reader.

31 31 Equipment (1/2)

32 32 There are many potential ways to attack a smart card But there are also many ways to counteract and efficiently protect your secrets Smart Cards are among the most secure embedded devices in the field today We try to keep it that way Conclusion

33 33 Read-on W. Rankl, W. Effing, Smart Card Handbook, 2nd edition, John Wiley & Sons, 2000. K. Vedder, Smart Cards - Requirements, Properties, and Applications, in State of the Art in Applied Cryptography, pages 307-331, LNCS 1528, Springer-Verlag,1997.

34 34 Any more questions? nora.dabbous@gemplus.com

Download ppt "Smart card security Nora Dabbous Security Technologies Department."

Similar presentations

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Everything you always wanted to know about Smart Cards... Marc Witteman November 2001.

Everything you always wanted to know about Smart Cards... Marc Witteman November 2001.
Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.

Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
+ CS 325: CS Hardware and Software Organization and Architecture Internal Memory.

+ CS 325: CS Hardware and Software Organization and Architecture Internal Memory.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Lesson 1 Computers and Computer Systems

Lesson 1 Computers and Computer Systems
FIRST COURSE Essential Computer Concepts. New Perspectives on Microsoft Office 2007: Windows XP Edition 2 Objectives Compare the types of computers Describe.

FIRST COURSE Essential Computer Concepts. New Perspectives on Microsoft Office 2007: Windows XP Edition 2 Objectives Compare the types of computers Describe.
Lesson 1 Computers and Computer Systems

Lesson 1 Computers and Computer Systems
© 2014 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.

© 2014 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.
Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?

Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?
Main Memory Lecture 2 CSCI 1405, CSCI 1301 Introduction to Computer Science Fall 2009.

Main Memory Lecture 2 CSCI 1405, CSCI 1301 Introduction to Computer Science Fall 2009.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
System Unit By Sam Gibbs. System Unit The main part of a personal computer Includes a chassis, microprocessor, main memory, bus, and ports Does not include.

System Unit By Sam Gibbs. System Unit The main part of a personal computer Includes a chassis, microprocessor, main memory, bus, and ports Does not include.
Basic Computer Organization CH-4 Richard Gomez 6/14/01 Computer Science Quote: John Von Neumann If people do not believe that mathematics is simple, it.

Basic Computer Organization CH-4 Richard Gomez 6/14/01 Computer Science Quote: John Von Neumann If people do not believe that mathematics is simple, it.
IC3 GS3 Standard Computing Fundamentals Module

IC3 GS3 Standard Computing Fundamentals Module
Logic Device and Memory. Tri-state Devices Tri-state logic devices have three states: logic 1, logic 0, and high impedance. A tri-state device has three.

Logic Device and Memory. Tri-state Devices Tri-state logic devices have three states: logic 1, logic 0, and high impedance. A tri-state device has three.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
F1020/F1031 COMPUTER HARDWARE MEMORY. Read-only Memory (ROM) Basic instructions for booting the computer and loading the operating system are stored in.

F1020/F1031 COMPUTER HARDWARE MEMORY. Read-only Memory (ROM) Basic instructions for booting the computer and loading the operating system are stored in.

Similar presentations

Ads by Google