Next: Protocol Issues
Up: Security Analysis
Previous: Memory Protection
In an increasing networked environment many applications with intermittent conncetivity must maintain much of their security state locally [And01b]. Smart Cards are a very viable option for this use. Hence we must explore the robustness of these secure stoarge processors.
A complex attack on smart cards includes [And01c].
- Invasive attack on Hardware: As described in [And01c] all sorts of tampering techniques can be used by capable and determined opponents with proper financial support to get hold of sensitive data from the card. Moreover discoveries like scanning capacitance microscope can fuel low-cost attacks.
- Non-invasive hardware attack: like analysis of power consumption will fade away due to counter attacks like randomised clocking.
API Level Attacks: Are an interesting genre of attackes on smartcards.A set of valid processing commands are chained in such a way to get access to the cards key [And01a].The attacks typically of timing, in-middle and data repeat types (using X-OR like vulnerabilites) but on processing level. This seems a low-strength dangerous attack, as the other attacks on the smart-cards involve fairly complex tampering stategies.
Vaibhav Bhandari
2001-11-29