Cryptography Reference
In-Depth Information
To thwart skimmingattacks, do not use ATMs where somethingappears to
be out of place. Keep all PINS safe and never give them to anyone. Do not let
strangers “assist” you at an ATM machine. If your card is not returned after
usage in an ATM, immediately contact the institution that issued the card.
Treat your cards as if they were cash and do not let them out of your sight.
Returningto IC cards, there are tampering attacks , which may be broken
down into four subsets: (1) microprobing , where the chip itself is accessed, ma-
nipulated, and there is direct tamperingwith the IC; (2) software attacks , the
exploitation of weaknesses in cryptographic protocols or their implementation
via the I/O interface; (3) eavesdropping , the monitoringof any electronic radia-
tion produced by the microprocessor's executions; (4) fault generation , creating
malfunctions in a microprocessor for the purpose of establishingaccess.
Attacks (2)-(4) are noninvasive attacks. On the other hand, microprob-
ingis an invasive attack that requires a significant amount of laboratory time,
expensive equipment, and expertise. In order to extract the chip, the plastic
card is destroyed. Once the chip is removed, it may be mapped, analyzed, and
information obtained. One countermeasure for such attacks (already available
with some microprocessors), is the embeddingof a sensor mesh above the actual
chip, so that any tampering would trigger an erasure of nonvolatile memory.
With noninvasive attacks, smart cards are especially vulnerable since their
microprocessors are exposed without the safeguards built into larger devices,
such as electromagnetic shielding. A microprocessor is basically a collection of
a relatively small number of flipflops (registers, latches, and SRAM cells), 9.30
which establish its current state, together with a logic design that calculates
that state based on a clock cycle and other states. A register is a specialized,
high-speed storage region of the CPU. No data is capable of being processed
before beingput into registers. A CPU's power is defined in terms of the number
and capacity of registers it possesses. For example, an 8-bit CPU has registers
that maintain 8-bit words each, so each command sent to such a CPU is capable
of handling8 bits of information. A latch is a digital logic circuit for storing
bits. The components of a latch are the data input to it, a clock input, and
its output. The term “latch” comes from the function of the clock activity, for
example when active, the clock input triggers the data input to be “latched”
(stored) and transferred to output when the clock input becomes inactive. The
value of the clock output is then set and maintained until the clock input is
again activated. This analog effect is one of the vulnerabilities that can be
exploited via fault-generation attacks in smart cards, namely, by causing one or
more flipflops to take on the incorrect state (see [34]).
Countermeasures to thwart noninvasive attacks include insertinga random-
number generator at the clock-cycle level; and embedding a tamper-sensor that
will disable the entire microprocessor upon detection of unauthorized activity.
9.30 SRAM is static RAM as opposed to the more common dynamic RAM or DRAM . The
term “static” is employed to differentiate it from the conventional form of RAM in that it does
not need to be refreshed as does DRAM. Therefore, SRAM is faster and more reliable than
DRAM. However, it is more expensive in terms of financial cost, storage space, and power
consumption. Thus, DRAM is necessarily volatile memory.
Search WWH ::




Custom Search