When Smart Cards Make Sense…

…And when they don’t. The pros and cons of using smart cards, and what can go wrong.

popularity

Smart cards, also referred to as hardware tokens, offer one of the highest levels of security within the framework of securable objects. This is for one obvious reason – it is disconnected from the interconnected world.

Unlike wireless or hard-wired objects that require online connectivity for functionality, smart cards must be in physical, or near physical contact (contactless that require only to be within few mm in most cases) with the object they are designed to interface with. There is no way to hack them without being in direct, physical contact, either via electronic hacking devices or a physical attack on the hardware. Typical cyber-attacks in the form of phishing, code or data modification, spoofing, denial-of-service, etc., are impossible with smart cards.

However, where there are strengths, there are also weaknesses. On the strength side, smart cards are generally the best choice for applications that require a high security level that can only be achieved via physical (vs. virtual) connection. Such applications include financial services (bank/retail cards, for example), affinity programs (airline rewards, and similar), secure network and building access, subscription services such as set-top boxes, health care, transit, etc.

The weakness is, in essence, the strength. If the physical connection cannot be made, there is no alternative. So if the card disappears, the application for which it is intended is unavailable until the card is replaced.

The Good
The technology behind smart cards varies some, but they all have similar physical and functional characteristics. One of the strongest advantages is that they contain the logon credentials, and they reside with the user. This limits the attach risk substantially. As long as the card is in the user’s possession, no chance exists that it can be hacked.

In addition, key security is enhanced. Because the key is kept on the card, vs. a smart phone, tablet, or computer, the key is unavailable to virtual compromise. This offers a higher level of security for user authentication and non-repudiation.

And, with smart cards, cryptographic operations are isolated from the operating system. This translates into smart cards not being susceptible to attacks on the operating system (such as buffer overflow attacks and memory dump attacks, which could compromise private keys or other cryptographic secrets).

The Bad
Because smart cards can be used to secure very high-value assets (vaults, sensitive records, entire premises), when they are hacked, the results can be disastrous. While there are limited methods that can be used to hack them, they can be compromised via various physical methods.

The actual processes are varied. Some are extremely precise and methodical, while others are crude. This topic will be covered, in depth, in an upcoming full-length article, so the discussion here will simply be intended as a cursory flyover.

There a number of methods that hackers use to compromise the chip. Most of these methods attempt to alter the design or functionality of the chip via bypassing of disabling the security blocks and gaining access to keys or data. Among them:

  • Extreme temperatures
  • Input voltage variations
  • Clock rate manipulation
  • Irradiation
  • Physical impact
  • Etching
  • Focused Ion Beam (F.I.B) probing
  • Chip rewiring
  • Track addition or cutting
  • Analyzing chip behavior by infrared probing
  • Reverse engineering chip logic

“Many physical attacks translate into injecting faults into the design, to change its functionality at the hardware level,” said Victor Markus Purri, senior field applications engineer at Jasper Design Automation. “These attacks open the chip allow a hacker to gain control of the device, have access to data, etc.”

Some of these methods are crude and rarely do much other than destroy the chip. The more sophisticated methods, such as reverse engineering, are much more successful but require sophisticated equipment. Others require a high-level knowledge, or simply take a long time. Nevertheless, they do provide results and are still used.

However, in 1998, researchers at Cryptography Research discovered the piece de resistance of smart card attacking methods. It is called power analysis.

There are two flavors; Differential Power Analysis (DPA) and simple power analysis (SAS). Both use the same technique, but DPA just does it differentially, which is much more successful and quicker than SPA. DPA can be successfully used against most smart cards currently in production.

Basically, DPA analyzes peaks in a power consumption pattern, allowing the hacker to discover information about secret keys used during cryptographic computations. How this is done will be dissected in another story because the process uses some rather complex algorithms and analysis techniques.

There is ongoing development to stay one step ahead of the hardware hackers, even against sophisticated methods such as DPA.

One edge-of-the-envelope chip design method that offers a very high level of security is to have “ultra-secure islands,” according to Purri. These islands perform most of the security operations, while having minimal interaction with the software. The software never sees private keys, and never executes instructions for cryptography operations. Having such islands makes it much harder for hackers to have an entry point into the system, and also makes it harder for something to be hacked from the software side of things.

In the end, and at best, chip designers can impose costs and delays on attackers, via designs such isolation islands. No design will be bulletproof forever. Security only can be implemented to the best level of the current technology. Hackers will, eventually, gain the ability to hack whatever is there to thwart them. And the race begins all over again.



  • INV

    Smart Cards is a technology. System spec/design defines how well security is implemented. There are a lot of such technologies and their combination an applications developer or service provider can use to implement security.