Defeating the smartcard code-crackers

Smart as they are, the protective codes of smart cards can be cracked using off-the-shelf technology. But the latest secure chips developed by one European team may soon frustrate hackers and thieves. Produced using a new and much faster design process, these chips can withstand more attacks than before.

Some two million new smartcards are rolled out every month, so the encrypted personal data that people store on these cards must be safe. And to date it has been. Yet the security threat is growing, as the electronic devices capable of breaking the card codes become cheaper and more powerful.

"It takes little more than an oscilloscope and a standard PC to mount a digital attack on an unprotected smartcard," says Klaus-Michael Koch. He is coordinator of the IST project SCARD, which aims to increase the security of chips on smart cards.

With equipment like this and some know-how, attackers can expose the content that a smart card is supposed to protect. Using techniques such as side-channel analysis (SCA), they can reveal part of a secret key, notably by examining a chip's power leakage as it performs computations or by scrutinising its thermal or electromagnetic radiation. If the card's owner is the attacker, he or she could upload money to an electronic purse, access a satellite TV system for free or claim to be someone else.

Improved design flow
Under SCARD, the partners wanted to put together a 'design flow' that allows semi-automatic implementation of countermeasures. The design flow is the digital design of a chip – the specifications, modelling of performance, algorithms and functionality up until the stage when the chip developer can start the synthesizer and compiler. Typically, this design process is costly and may take several years.

In-chip countermeasures must be included during the design period. They cannot be simulated, so developers must experiment with the shielding of a card's chip to limit temperature and voltage variations, or they must laboriously place transistors on it by hand.

For the hardware security issue, the partners developed prototypes of a design flow and carried out chip testing. They also paved the way for an automatic chip design process which would allow other companies to develop new and more secure chips.

"We succeeded in making the hardware more secure against side-channel analysis (SCA)," says Koch. "The chip we built was used to deduce the measurability limits, enabling us to assess the sort of countermeasures necessary against differential power attacks."

Countermeasures mask chip contents
To tackle leaky circuits, the SCARD partners developed two main countermeasures. The first introduces circuits with constant power consumption, irrespective of the tasks being performed. Says Koch, "Each clock cycle has the same energy. But these circuits must be perfectly executed, since even a three or four percent difference in energy can be seen." The second involves adding random values to the chip, masking the circuit's real values. Noise could also be added, though this is not currently feasible in smartcards due to energy-loss restrictions.

They have also developed an eight-bit test chip, featuring both unprotected and (seven) protected versions of the same circuit. The chip includes a microcontroller, is fully programmable and has reduced leakage. It is also capable of resisting over 500,000 attempted measurements, as opposed to the 15,000-measurement threshold for an ordinary (unprotected) chip. As a result, researchers can for the first time directly compare the effect of certain countermeasures on unprotected or protected versions of the same circuit on the same chip.

"Our new chip is not one hundred percent secure," acknowledges Koch. "However, it is far more difficult to crack than existing unprotected versions and represents a quantum leap forward in security." Though the project is now over, further research will be conducted on the remaining 25 test chips.

The new chip was produced using the project's own design flow, taking just one year from specification to production. "We demonstrated that our chip design flow – our set of tools and methods – really works," he notes.

Patents applied for
Two partners, Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (IAIK, Austria) and Infineon, have applied for international patents stemming from their project work. These include countermeasures with new secure logic styles that cover innovative transistor circuits. Some of the countermeasure technology developed is also being used in IAIK's security crypto-modules.

The project results are now being disseminated through teaching – since some of the project partners are universities or technical small and medium-sized enterprises. A recent workshop in Louvain-la-Neuve, Belgium, to present SCARD's results attracted some 100 security-industry experts.

Contact:
Klaus-Michael Koch
Director of Research and Development
Technikon Forschungs- und Planungsgesellschaft mbH
Richard-Wagner-Str. 7
A-9500 Villach
Austria
Tel: +43 424 223355
Fax: +43 424 223355-77
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Source: IST Results Portal

Most Popular Now

Digital Health Webinar

14 September 2021, Webinar. The digital healthcare ecosystem is evolving with rapid speed. Technologies such as AI, robotics, telemedicine, and precision medicine are a mix of challenges and opportunities...

Using AI for Early Detection and Treatme…

Artificial intelligence (AI) will fundamentally change medicine and healthcare: Diagnostic patient data, e.g. from ECG, EEG or X-ray images, can be analyzed with the help of machine learning, so that...

Waiting Times for Medical Admissions Red…

Clinicians at Bolton NHS Foundation Trust have dramatically reduced patient waiting times, decreased hospital length of stay and improved patient safety after developing an electronic acute medical list solution to manage patient referrals.  The configuration was initially set-up to track referrals and admissions...

AI Algorithm Solves Structural Biology C…

Determining the 3D shapes of biological molecules is one of the hardest problems in modern biology and medical discovery. Companies and research institutions often spend millions of dollars to determine...

Novel AI Blood Testing Technology can ID…

A novel artificial intelligence blood testing technology developed by researchers at the Johns Hopkins Kimmel Cancer Center was found to detect over 90% of lung cancers in samples from nearly...

Accenture HealthTech Innovation Challeng…

Accenture (NYSE: ACN) has named eight companies as finalists in the Accenture HealthTech Innovation Challenge, which brings together leading-edge startups with prominent health companies to tackle some of North America's...

Clinerion Patent for Technology Underpin…

The new Clinerion patent underpins any medical EHR database infrastructure that incorporates a hybrid model of cloud-and-local server node installations at individual hospitals, as well as any method for search...

Data MATRIX Introduces an AI-Operated Pa…

Data MATRIX, a sole Real-World Evidence solutions provider in Russia, has presented a predictive analytics tool for estimating patient survival based on Real-World Data. An important feature of the presented tool for...

Researchers Use AI to Predict which COVI…

Researchers at Case Western Reserve University have developed an online tool to help medical staff quickly determine which COVID-19 patients will need help breathing with a ventilator. The tool, developed through...

A Game Changer: Virtual Reality Reduces …

It isn’t a matter of one needle puncture. Many children coming through the doors of Children's Hospital Los Angeles are seen for chronic conditions and often require frequent visits. Painful...

Bittium Expands Its Minority Holdings in…

Bittium Biosignals Ltd, a subsidiary of Bittium Corporation, and British ECG service provider, Technomed Limited, have today signed an agreement under which Bittium will purchase a 25 percent stake in...

Scientists Develop AI to Predict the Suc…

A study in which machine-learning models were trained to assess over 1 million companies has shown that artificial intelligence (AI) can accurately determine whether a startup firm will fail or...