| Abstract |
Smart cards are an ideal medium for representing natural entities in electro- nic transaction systems. Small size and easy of use facilitate their carry and usage everywhere by everyone. They also provide a high level of security, as they can store in a safe manner secret keys and also execute cryptographic algorithms. Side-channel cryptanalysis is an innovative method for deriving secret keys stored in smart cards. This method is rather popular, since it can derive the secrets keys with minimum efforts. We study the applicability oftwo variations of side channel cryptanaly- sis, namely passive and active hardware attacks, on the three smart card generations. The key feature of first generation smart cards is hardware simpleness and processor absence. For this, they are referred as "memory cards". For security reasons, enough hardware logic has been incorporated to them, as to be capable for executing simple cryptographic algorithms. We develo- ped a communication library for memory cards, using Gemplus GCR-410 smart card reader. Thus, we provide a common platform for realizing passive attacks on memory and smart cards. Furtherly, we propose a power consum- ption model adapted to memory cards. This model allows reconstruction of the secret cryptographic algorithms used in memory cards. Smart cards are equipped with a processor and they are programmed for executing only one application. A common use of smart cards is the authentication of natural entities, utilizing proper cryptographic schemes, like the Fiat-Shamir identification scheme. We prove that there are systems configurations, where Bellcore's theoretical active attack model is not sound. We extend this model to make it sound in all-but-one cases. We propose a new active attack model, namely S-TAM. S-TAM claims stronger assum- ptions than Bellcore's attack. In return, it is provably sound in all system configurations. Third generation smart cards can be programmed for executing multiple applications. They also support execution of download-able code. Presented techniques of cryptanalysis apply to them as well. We identify new and simpler security threats for third generation smart cards, when used in open and inter-operable systems. We propose an architecture, which defeats these threats.
|
Ανάλυση Ασφαλείας Συστημάτων Έξυπνων Καρτών
