Attacking smart card systems: Theory and practice

Information Security Technical Report

Volumn 14, Issue 2, 2009, Pages 46-56

  Markantonakis, Konstantinos ^a   Tunstall, Michael ^b   Hancke, Gerhard ^a   Askoxylakis, Ioannis ^c   Mayes, Keith ^a  

^a UNIVERSITY OF LONDON   (United Kingdom)

^b UNIVERSITY OF BRISTOL   (United Kingdom)

^c INSTITUTE OF COMPUTER SCIENCE   (Greece)

Author keywords

Contactless; EMV; Relay attacks; Satellite TV; Security; Smart card; Smart card attacks

Indexed keywords

CONTACTLESS; EMV; RELAY ATTACKS; SATELLITE TV; SECURITY;

COMPUTER CRIME; COMPUTER OPERATING SYSTEMS; PERSONAL COMPUTING; SATELLITES;

TELEVISION BROADCASTING;

EID: 68349130174     PISSN: 13634127     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.istr.2009.06.001     Document Type: Article

References (53)

1. Anderson R, Kuhn M. Tamper resistance - a cautionary note. In: Proceedings of the second USENIX workshop of electronic commerce; 1996, pp. 1-11.
2. APACS. Card fraud the facts (2002). http://www.apacs.org.uk/
3. APACS. 22 million UK consumers use cards to buy online in 2004; 08/09/05. http://www.apacs.org.uk/media_centre/press/05_09_08.html.
4. Bar-El H., Choukri H., Naccache D., Tunstall M., and Whelan C. The sorcerer's apprentice guide to fault attacks. Proc IEEE 94 2 (2006) 370-382
5. BBC Two "Newsnight", Segment on vulnerabilities in Chip and PIN "PIN entry devices" (PEDs), http://video.google.com/videoplay?docid=7109740591622124830, 2/2008.
6. Boneh D., DeMillo R.A., and Lipton R.J. On the importance of checking computations. Proceedings of advances in cryptology. LNCS vol. 1233 (1997), Springer-Verlag 37-51
7. Brier E., Clavier C., and Olivier F. Correlation power analysis with a leakage model. Proceedings of cryptographic hardware and embedded systems. LNCS vol. 3156 (2004), Springer-Verlag 16-29
8. Clavier C., Coron J.S., and Dabbous N. Differential power analysis in the presence of hardware countermeasures. Proceedings of cryptographic hardware and embedded system. LNCS vol. 1965 (2000), Springer-Verlag 252-263
9. Chari S., Jutla C.S., Rao J.R., and Rohatgi P. Towards approaches to counteract power-analysis attacks. Proceedings of advances in cryptology. LNCS vol. 1666 (1999), Springer-Verlag 398-412
10. Card fraud facts and figures. http://www.apacs.org.uk/resources_publications/card_fraud_facts_and_figures.html.
11. Chip and SPIN !. http://www.chipandspin.co.uk/.
12. Drimer S, Murdoch SJ, Anderson R. Optimised to fail: card readers for online banking. http://www.cl.cam.ac.uk/∼sjm217/papers/fc09optimised.pdf.
13. Drimer S, Murdoch S. Keep your enemies close: distance bounding against smartcard relay attacks. In: Proceedings of 16th USENIX security symposium, August 2007.
14. Dorsey N, Hurst S. ECE4112 smart card security. http://users.ece.gatech.edu/∼owen/Academic/ECE4112/Spring2005/Projects_Spring2005/ECE4112%20Smart%20Card%20Security.ppt.
15. DSS Programming. http://www.geocities.com/dssprogg/Guides/hunewbie.html.
16. DreamBox Multimedia Worldwide. http://www.dreammultimedia-tv.de/Bereiche/Produkte/DM7000.php.
17. ETSI. Digital Video Broadcasting (DVB); support for use of scrambling and conditional access (CA) within digital broadcasting systems. ETSI Technical Report ETR 289, European Telecommunications Standards Institute (ETSI), Sophia Antipolis, France; Oct. 1996.
18. ECM attacks, many dish network cards are now DEAD!. http://www.freetvblog.com/archives/2006/12/14/many-bell-express-vu-and-dish-network-cards-are-now-dead/.
19. Europay-MasterCard-Visa. EMV'96 integrated circuit card specification for payment systems, Version 3.0, from: http://www.europay.com/Pdf/EMV_card.pdf.
20. Gandolfi K., Mourtel C., and Olivier F. Electromagnetic analysis: concrete results. Proceedings of cryptographic hardware and embedded systems. LNCS vol. 2162 (2001), Springer-Verlag 251-261
21. Hancke GP. Security of proximity identification systems. PhD dissertation, University of Cambridge, February 2008.
22. International Organization for Standardization. ISO/IEC 15693 Identification cards - contactless integrated circuit(s) cards - vicinity cards; 2000a.
23. International Organization for Standardization. ISO/IEC 14443 Identification cards - contactless integrated circuit(s) cards - proximity cards; 2000b.
24. Irdeto. http://www.irdetoaccess.com.
25. ISO/IEC. Information technology - generic coding of moving pictures and associated audio: audio. In: International Standard ISO/IEC 13818-3, International Organization for Standardization (ISO), Geneva, Switzerland; 1994.
26. ISO/IEC. Information technology - generic coding of moving pictures and associated audio: video. In: International Standard ISO/IEC 13818-2, International Organization for Standardization (ISO), Geneva, Switzerland, 1995.
27. ISO/IEC 18092. Information technology - telecommunications and information exchange between systems - near field communication - interface and protocol (NFCIP-1).
28. Kasper T. Embedded security analysis of RFID devices. Diploma thesis, Ruhr-University Bochum, July 2006.
29. Kfir Z, Wool A. Picking virtual pockets using relay attacks on contactless smartcard systems. In: Proceedings of IEEE/CreateNet SecureComm; 2005, pp. 47-58.
30. Kommerling O, Kuhn M. Design principles for tamper resistant smartcard processors. In: Proceedings of USENIX workshop on smartcard technology; 1999, pp. 9-20.
31. Kocher P. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. Proceedings of advances in cryptology. LNCS vol. 1109 (1996), Springer-Verlag 104-113
32. Kocher P., Jaffe J., and Jun B. Differential power analysis. Proceedings of advances in cryptology. LNCS vol. 1666 (1999), Springer-Verlag 388-397
33. Kuhn MG. Attacks on pay-TV access control systems. University of Cambridge, Computer Laboratory, Security Seminar talk, 1997-12-09.
34. Mayes K., and Markantonakis K. Smart cards, tokens, security and applications (2007), Springer Verlag
35. Messerges T.S. Using second-order power analysis to attack DPA resistant software. Proceedings of cryptographic hardware and embedded systems. LNCS vol. 1965 (2000), Springer-Verlag 71-77
36. MIFARE, http://www.mifare.net.
37. Nohl K, Evans D. Reverse-engineering a cryptographic RFID tag. In: Proceedings of the 17th USENIX security symposium; 2008, pp. 185-93.
38. NIST. Advanced Encryption Standard (AES) (FIPS{197) (2001), National Institute of Standards and Technology
39. Oyster Card, http://www.tfl.gov.uk/tube/.
40. Octopus Card, http://www.hong-kong-travel.org/Octopus.asp.
41. OpenPCD Project. http://www.openpcd.org.
42. Quisquater J.J., and Samyde D. Electromagnetic analysis (EMA): measures and countermeasures for smart cards. Proceedings of smart card programming and security, international conference on research in smart cards. LNCS vol. 2140 (2001), Springer-Verlag 200-210
43. Rankl W., and Effing W. Smart card handbook (2003), Wiley
44. Skorobogatov S., and Anderson R. Optical fault induction attacks. Proceedings of cryptographic hardware and embedded systems. LNCS vol. 2523 (2002), Springer-Verlag 2-12
45. Season Interface Logger. http://www.satshop.tv/en/Programmers/Season-Interface-Logger::456.html.
46. The Official PCMCIA Association. Website: http://www.pcmcia.org/.
47. Tunstall M., Markantonakis K., and Mayes K. Inhibiting card sharing attacks. Proceedings of advances in information security and computer science. LNCS vol. 4266 (2006), Springer-Verlag 239-251
48. VIAccess http://www.viaccess.com.
49. Viaccess to counter card sharing. http://www.eurocardsharing.com/f214/new-viaccess-counter-card-sharing-70051.
50. Visa Europe. Verified by Visa. http://www.visaeurope.com/merchant/handlingvisapayments/cardnotpresent/verifiedbyvisa.jsp.
51. Wong T. Satellite piracy costing TV industry billions. http://www.abadss.com/forum/91-fta-news-announcements/97216-satellite-piracy-costing-tv-industry-billions-2009-03-15-a.html.
52. Wirt K. Fault attack on the DVB common scrambling algorithm. Proceedings of international workshop on information security & hiding (ISH05) (2005), Springer Verlag
53. Wonglimpiyarat J. Strategies of competition in the bank card business: innovation management in a complex economic environment (2004), Sussex Academic Press