1 Introduction to smart cards
A smart card, also known as an IC card, a smart card, or a smart card, is composed of one or more integrated circuit chips and is packaged into a card that is convenient for people to carry, and has a microcomputer CPU and a memory in the integrated circuit. With the development of VLSI technology, computer technology and information security technology, smart card technology is more mature, and has been widely used in banking, telecommunications, transportation, social insurance, e-commerce and other fields.
2 Smart card security mechanism
Compared with magnetic stripe cards, the advantages of smart cards are not only the substantial increase in storage capacity, the enhancement and expansion of application functions, but more importantly the security mechanisms provided by the CPU. The security mechanism can be summarized as: authentication operation, access control and data encryption.
2. 1 Certification operation. The authentication operation includes three aspects: cardholder authentication, card authentication, and terminal authentication. The cardholder's authentication generally adopts the method of submitting a password, that is, the cardholder inputs a special character string that only the person knows through the input device, and then checks it by the operating system. Card authentication and terminal authentication use a certain encryption algorithm. The authenticated party encrypts the random number with a pre-agreed password, and the authentication party decrypts it and checks it.
2. 2 access control. Access control is mainly to restrict the operation of the protected storage area, including reviewing and restricting user qualifications and permissions, preventing unauthorized users from accessing data or unauthorized users accessing data. Each protected storage area is provided with read, write, and erase operation access permission values. When the user operates the storage area, the operating system checks the legality of the operation.
2. 3 data encryption technology. Encryption technology is a technical means to improve the security and confidentiality of information systems and communication data, and to prevent secret data from being externally analyzed. Data encryption technology can be divided into two types: symmetric encryption algorithm and asymmetric encryption algorithm according to whether the key is publicized or not.
3 smart card attack method
Attacks on smart cards can be divided into three basic types: physical attacks, logical attacks, and edge-frequency attacks. The following is an analysis of the specific implementation of these three attack techniques.
3. 1 Physical attack. Physical attacks primarily analyze or change smart card hardware. Means and tools for achieving physical attacks include chemical solvents, etching and coloring materials, microscopes, submicron probe stations, and particle beam F IB. The main methods used to implement physical attacks include:
1 micro-probe technology: the attacker usually removes the chip package and restores the electrical connection between the chip function pad and the outside world. Finally, the micro-probe can be used to obtain the signal of interest, thereby analyzing the design information and storage structure of the smart card. Even directly read out the memory information for analysis.
2 Layout reconstruction: Using high-power optics and radio microscopy to study the connection mode of the circuit, you can quickly identify some basic structures on the chip, such as data lines and address lines.
3. 2 logical attacks. A logical attack is the insertion of an eavesdropping program during the execution of the software. There are many potential logical defects in smart cards and their COS, such as hidden commands, bad parameters and buffer overflows, file access, malicious processes, communication protocols, encryption protocols, and so on. Logical attackers use these flaws to trick card owners into revealing confidential data or allowing undesired data modifications.
3. 3 edge frequency attack. Edge-frequency attack is to analyze the encrypted data of a smart card by observing some physical quantities in the circuit, such as energy consumption, electromagnetic radiation, time, etc.; or by interfering with certain physical quantities in the circuit, such as voltage, electromagnetic radiation, temperature , light and X-ray, frequency, etc., to manipulate the behavior of smart cards.
4 Smart card prevention strategy
For the above various attack methods of smart cards, let us analyze the defense strategies against various attacks.
4. 1 Prevention Strategy for Physical Attacks
1 Reduce the size of the body: the attacker can not use the optical microscope to analyze the circuit structure of the chip, but still can not resist the high power microscope.
2 Multi-layer circuit design: hiding the layer containing sensitive data under the less sensitive layer makes the use of micro-probe technology limited.
3 Top-level sensor protection network: Add a layer of active activation network with protection signal on the surface of the chip. When the intrusion occurs, the signal is interrupted, and the content of the memory is cleared.
4 Latch circuit: Set the latch bit in the processor of the smart card. When an abnormal condition occurs, it will issue a latch signal to immediately remove sensitive data from the chip.
4. 2 Prevention Strategies for Logical Attacks
1Structural design: build software with small functional modules, make the program easy to understand and verify 2 formal verification: use mathematical model for functional verification 3 test: test the operation of the software
4. 3 DPA attack prevention strategy
The security strategy for dealing with DPA attacks is basically divided into three levels: hardware, software, and application:
(1) Precautions at the hardware level:
1 Use a balanced circuit to reduce signal energy and set metal protection to suppress electromagnetic emissions.
2 Perform parallel random processing to add a large value noise level.
3 Handle the time noise introduced by the interrupt and the different clock frequencies at any time. The basis for computer processing of differential trajectories is that the trajectories are alignable. The working steps of the processor should be synchronized before joining the track. Time noise prevents or at least prevents the trajectories from aligning well.
(2) Software level prevention measures:
1 Use a random processing sequence to reduce the associated signal. For example, parallel permutations in an algorithm (such as S-boxes in DES) can be done in a random order, and the number of permutations is reordered to decompose the signal produced by one permutation.
2 Use random delay and change path to increase timing noise. Timing noise can hinder the alignment of the tracks and reduce the quality of the differential tracks.
(3) Application-level preventive measures:
1 Set the counter to limit the number of attempts by an attacker. Self-locking after three consecutive P IN verification failures is an effective method to prevent differential energy analysis.
2 Limit the control and visibility of input and output in the encryption algorithm. If only part of the input can be selected, or only the results of some algorithms are returned, the attacker cannot complete the differential energy analysis.
5 Conclusion
The security environment of the smart card application system is very complicated. The effectiveness of the smart card attack method is based on the effectiveness of the attacker being higher than the time, effort, and cost of the attacker. The techniques of the preventive measures are mostly to increase the difficulty and cost of the attack success. However, these precautions will increase the complexity and cost of the design. Therefore, in the specific application, it is necessary to explore the security design strategy to find the best balance between reducing security threats and increasing security costs according to the security level required by the system.
White Nightstand,Mirrored Nightstand,Floating Nightstand,Black Nightstand
Bosa Furniture Co.,Ltd. , https://www.bosafurniture.com