A Modern View on Smart Cards Security
This is the talk I gave at the ANSES RahRah 8 seminar, organized by the Ministry of Home Affairs (Singapore). The event was held at Singapore Police Cantonment Complex Auditorium, 393 New Bridge Road.
- Download the slides (pdf, 1.5Mb)
Talk Synopsis
It is a common assumption that smart cards are something reliably secure. Whenever people hear about attacks on smart cards they usually think of sophisticated stuff such as oscilloscopes, lasers, tunnel microscopes, differential power analysis, etc. So people generally believe that smart cards are hard to attack.
Traditional threats assessment treats a smart card as a standalone attack target. In reality, a smart card is a part of a system and it can be attacked through that system.
Instead of guessing a valid user PIN to access a smart card, an attacker can obtain it from a compromised user system. He can attack and compromise a smart card issuer system to obtain administrative keys and PINs.
Also, an attacker may exploit unfortunate features of a smart card such as design mistakes, firmware implementation errors, errors in middleware and applications. There are actual real life examples of these.
JavaCards and alike introduce new risk aspects such as potential issues in VM and quality of a custom-written code that executes onboard.
The recent smart cards trend to go contactless and act as a NFC secure element introduce another previously nonexistent class of remote attacks.
All these new issues and practical attacks are understudied. There are chances that determined malicious attackers are ahead of industry. We need to catch up.
