Security Engineering by Ross J. Anderson

Author:Ross J. Anderson
Language: eng
Format: epub
Publisher: John Wiley & Sons
Published: 2010-09-14T04:00:00+00:00

16.6.3.1.2 How to hack a smartcard [2]

As smartcards use an external power supply, and store security state such as crypto keys and value counters in EEPROM, an attacker could freeze the EEPROM contents by removing the programming voltage, VPP. Early smartcards received VPP on a dedicated connection from the host interface. This led to very simple attacks: by covering the VPP contact with sticky tape, cardholders could prevent cancellation signals from affecting their card. The same trick could be used with some payphone chipcards; a card with tape over the appropriate contact had ‘infinite units’.

The fix was to generate VPP internally from the supply voltage VCC using a voltage multiplier circuit. However, this isn't entirely foolproof as the circuit can be destroyed by an attacker. So a prudent programmer, having (for example) decremented the retry counter after a user enters an incorrect PIN, will read it back and check it. She will also check that memory writing actually works each time the card is reset, as otherwise the bad guy who has shot away the voltage multiplier can just repeatedly reset the card and try every possible PIN, one after another.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.