Side - Channel Monitoring of Contactless Java Cards
نویسنده
چکیده
Smart cards are small, portable, tamper-resistant computers used in securitysensitive applications ranging from identi_cation and access control to payment systems. Side-channel attacks, which use clues from timing, power consumption, or even electromagnetic (EM) signals, can compromise the security of these devices and have been an active research area since 1996. Newer contactless” cards communicate using radio frequency (RF), without physical contact. These contactless smart cards are sometimes grouped with radio frequency identi_cation (RFID) devices in popular usage of the term. This thesis investigates devices that use the ISO 14443 (proximity card) protocol, a large class of contactless/RFID devices. Although contactless smart cards are increasingly common, very few reproducible practical attacks have been published. Presently, there are no known documented side-channel attacks against contactless Java Cards (open standard multi-application cards) using generic unmodi_ed hardware. This thesis develops a research-friendly platform for investigating side-channel attacks on ISO 14443 contactless smart cards. New techniques for measurement and analysis, as well as the _rst fully documented EM side-channel monitoring procedure, are presented for a contactless Java Card. These techniques use unmodi_ed, commercial o_-the-shelf hardware and are both practical and broadly applicable to a wide range of ISO 14443 devices, including many payment cards and electronic passports.
منابع مشابه
"On-Card" User Authentication for Contactless Smart Cards based on Gesture Recognition
Smart cards are widely used for security purposes. To protect smart cards against misuse an authentication process (e.g. entering a pin or password) is necessary. Due to missing input interfaces “on-card”, an external terminal is required to input the password. Unfortunately the required external hardware (e.g. keypads, etc.) opens up new security issues by being vulnerable against attacks like...
متن کاملFlexible Visual Display Units as Security Enforcing Component for Contactless Smart Card Systems
Today, one existing class of RFID systems are based on ISO 14443 (Proximity Coupling). This is the standard for RF-interfaces of contactless smart card systems. Contactless RF interfaces of smart cards are very often regarded as less secure than contact based smart cards. This tenor may be changed based on our new approach. Therefore we suggest to establish secure password authenticated wireles...
متن کاملPassword Authenticated Key Agreement for Contactless Smart Cards
This paper describes and compares the usage of passwordbased authenticated key agreement protocols to establish a secure communication channel between terminal and contactless card. In particular, protocols of this kind are discussed for use in contactless ID cards. The aim of this paper is to discuss, for the first time, two cryptographic password-based protocols with respect to security, impl...
متن کاملSmart Cards , Tokens , Security and Applications ”
This book provides an overview of secure chips and their applications. It mainly focuses on two types of tokens: contact and contactless. Except a brief introduction to Trusted Platform Modules (TPM), the book does not detail embedded IC or Hardware Secure Modules (HSM). The book depicts the major operating systems and environments (Java Card, Global Platform, MultOS, ...) and describes in deta...
متن کامل