![<?echo $_SERVER['SERVER_NAME'];?>](/template/twentyseventeen/skin/images/header.jpg)
Today, smart card applications are becoming more and more widely used, and the security issues of smart card applications are very important. Smart cards are generally considered to have high security [1], but with the emergence and development of some specialized attack technologies, smart cards also present their security vulnerabilities, resulting in reduced security of the entire application system. Analysis of the security attacks faced by smart cards and research of corresponding defense measures are of great significance for ensuring the security of the entire smart card application system. The following analysis of one of the main smart card attack technologies, the edge-frequency attack technology, and the corresponding security design strategy.
1 Smart Card Brief
A smart card is a card made by embedding an integrated circuit chip with storage, encryption, and data processing capabilities on a plastic substrate. The hardware of the smart card mainly includes the microprocessor and the memory. The logical structure is shown in Figure 1.
Figure 1 smart card hardware structure![]()
The microprocessor inside the smart card mostly uses an 8-bit word-length CPU (of course, higher-order microprocessors are also starting to be applied). The main function of the microprocessor is to receive commands sent by external devices, analyze them, and control access to the memory as needed. When accessed, the microprocessor provides the memory with the address of the data unit to be accessed and the necessary parameters. The memory transfers the corresponding data to the microprocessor based on the address, and the microprocessor then processes the data. In addition, various operations performed by the smart card (such as encryption operations) are also performed by the microprocessor; and the control and implementation of the above process is the operating system COS of the smart card. The memory capacity within the card consists of a read only memory ROM, a random access RAM, and an electrically erasable programmable memory EEPROM. Among them, the operating system code is solidified in the ROM, and its capacity depends on the microprocessor used; the RAM is used to store operational data, and the capacity usually does not exceed 1 KB; the EEPROM stores various information of the smart card, such as encrypted data and application files. Etc., the capacity is usually between 2 KB and 32 KB (this part of the storage resources are available for users to develop and use).
2 Threats to smart card security
Attacks on smart cards can be divided into three basic types:
1 Logical attack - inserts a wiretap program during the execution of the software. There are many potential logical defects in smart cards and their COS, such as hidden commands, bad parameters and buffer overflows, file access, malicious processes, communication protocols, encryption protocols, and so on. Logical attackers use these flaws to trick cards into revealing confidential data or allowing undesired data modifications.
2 Physical Attacks - Analyze or change smart card hardware. Means and tools for achieving physical attacks include chemical solvents, etching and coloring materials, microscopes, submicron probe stations, and particle beam FIB.
3 Edge-frequency attacks—Use physical quantities to analyze and change the behavior of smart cards. Analyze the encrypted data of the smart card by observing some physical quantities in the circuit, such as energy consumption, electromagnetic radiation, time, etc.; or by interfering with certain physical quantities in the circuit, such as voltage, electromagnetic radiation, temperature, light, and X Ray, frequency, etc., to manipulate the behavior of the smart card.
The effectiveness of the smart card attack method is based on the fact that the attacker's benefit is higher than the time, effort, and expense spent. Table 1 gives a comparison of the above three types of attacks.
Table 1 Comparison of smart card attacks![]()
It can be seen from Table 1 that the physical attack cost is too high, time-consuming and laborious, and less used; although the logic attack is less invested and easy to implement, it is easy to prevent and has a low success rate. In recent years, emerging edge-frequency attack techniques have been widely used due to their high cost-benefit ratio. Although the smart card industry has gained more and more understanding of the solution for edge-frequency attacks, many smart cards are still immune to such attacks. At present, the most widely used sideband analysis and sideband manipulation techniques include: Differential Energy Analysis (DPA) and Energy Glitching. The following focuses on the analysis of these two side-frequency attacks and gives the corresponding security strategy.
3 differential energy analysis
3.1 Analysis of DPA attacks
DPA (Differential Energy Analysis) attacks are known by detecting the energy consumption of an electronic device with an oscilloscope. Figure 2 is an energy tracking diagram of a smart card encrypted with the DES algorithm.
Figure 2 Energy tracking diagram of DES operation![]()
As can be seen from Figure 2, the energy consumption is discontinuous and presents a pattern. It is well known that it takes 16 cycles to encrypt an input data with the DES algorithm, so these loops can be identified in the 16 repetition modes of the energy trace. The attacker only needs to know the plaintext (input) or ciphertext (output) of the algorithm, and the encryption key can be reproduced by analyzing and comparing a series of energy trajectories. The basis of a DPA attack is to assume that there is a connection between the processed data and the energy consumption. In other words, assuming that the processing 0 is less than the energy used (and vice versa), then the same algorithm is executed on two different data. The two energy trajectories can make a slight difference due to the difference in the input data. The differential trajectory is obtained by calculating the difference between the two trajectories by the computer strictly according to the clock. The moment at which the peak appears in the differential trajectory is the clock period in which the input data is different. By examining all the inputs of the encryption algorithm and the differential traces produced by each pair of 0's and 1's, you can identify the exact time they appear in the program code to obtain the encryption key.
DPA allows the internal processing of encryption algorithms to be studied, a risk that puts higher demands on smart card security. The encryption algorithm must use a full key of sufficient length to ensure that the process of exploring the key is too time consuming to be feasible. A complete algorithm is usually broken down into many small steps in the encryption process to make the processor achievable. These small steps often do not use a full key but use some of them. DPA can take the output of these small steps and explore these shorter key values, so in theory, all encryption algorithms can be cracked with DPA. Although the development of this attack method is very complicated, its application is very simple and requires only a small investment. The required equipment is limited to one PC and medium-precision oscilloscope, so the problem of solving DPA becomes the most smart card manufacturer. One of the urgent problems to face.
3.2 DPA Attack Security Policy
The security strategy for responding to DPA attacks is basically divided into three levels: hardware, software, and application.
(1) Hardware-level countermeasures
1 Use a balanced circuit to reduce signal energy and set metal protection to suppress electromagnetic emissions.
2 Perform parallel random processing to add a large value noise level. For example, an internal programming voltage generating circuit can be used as a parallel noise generator.
3 Handle the time noise introduced by the interrupt and the different clock frequencies at any time. The basis for computer processing of differential trajectories is that the trajectories are alignable. The working steps of the processor should be synchronized before joining the track. Time noise prevents or at least prevents the trajectories from aligning well.
The benefits of hardware countermeasures The sensitivity of smart cards to side-effect attacks is less dependent on software changes, but the weakness is that they can only reduce the sensitivity of smart cards to side-effect attacks and cannot completely eliminate them. In fact, hardware precautions simply reduce the signal to noise levels and make the attack difficult.
(2) Software-level countermeasures
1 Use a random processing sequence to reduce the associated signal. For example, parallel permutations in an algorithm (such as S-boxes in DES) can be done in a random order, and the number of permutations is reordered to decompose the signal produced by one permutation.
2 Use random delay and change path to increase timing noise. Timing noise can hinder the alignment of the tracks and reduce the quality of the differential tracks.
3 Eliminate the time dependence of key values ​​and intermediate media values. When the processing depends on the key value, a simple energy analysis can be achieved by directly observing the trajectory with the naked eye; and a continuous key processing in time can prevent such an easy attack.
4 Use random values ​​to hide intermediate media values. The leakage of energy depends on the number of bits in a single data. If random data is added to the actual data and then subtracted after processing, the path passed will not reveal useful information. However, this concealment will result in a nonlinearity in the transfer function and produce erroneous results. Therefore, these functions need to be carefully redesigned to compensate for the deviation caused by random data.
In theory, software countermeasures perfectly solve the problem of DPA attacks. However, this method must be tailored to an algorithm and its design is quite difficult and therefore very expensive and difficult to maintain.
(3) Application-level countermeasures
1 Reset the counter to limit the number of attempts by an attacker. Self-locking after three consecutive PIN verification failures is an effective method to prevent differential energy analysis.
2 Limit the control and visibility of the input and output in the encryption algorithm. If only part of the input can be selected, or only the results of some algorithms are returned, the attacker cannot complete the differential energy analysis.
The above is the basic method to prevent DPA attacks. The disadvantages are the negative impact on reliability and the need to change existing protocols.
4 energy short pulse interference
4.1 Analysis of energy short pulse jamming attacks
The microprocessor requires operation at a stable voltage, and the interruption of the energy supply is like a sudden impact on the program operation or reset circuit. However, a short and ingenious pulse can cause a single-step program error and the microprocessor can continue to execute the program. For example, the CPU reads the contents of the memory cell and the transistor uses a threshold to detect the value of the memory cell to determine if it is a logical "0" or "1". Sudden bursts of energy have an effect on both stored and logical values. Different internal capacities can affect stored values ​​differently, potentially causing real values ​​to be distorted. As shown in FIG. 3, the low level corresponding to the logic "0" may be lower than the threshold level in the normal operating state, however, the energy down of the short pulse may cause it to be above the threshold level.
Figure 3 Energy short pulse interference when reading memory![]()
Many encryption algorithms are susceptible to this type of fault injection. The differential fault analysis (DFA) technique is used to compare the correct and incorrect cipher codes to isolate the secret key. Some algorithms can only be attacked when a precise intermediate value is attacked, while other algorithms are less demanding and can be attacked anywhere in the process. Usually DFA requires that it is possible to encrypt the same plaintext twice, producing a correct and a wrong ciphertext.
The second application of fault injection occurs at a critical decision point in the safety process. If an application performs a security check such as a PIN check, it is most effective at the moment the device decides to continue or interrupt processing. It is possible for an attacker to turn a PIN verification failure into a success to trick the processor. A more rigorous way is to completely turn off the power when the processor is about to write a verification failure to the memory, thus avoiding the PIN check failure counter overflow.
A third application of short-pulse interference aims to manipulate communication activities. The communication protocol is designed to read a few bytes from the smart card memory and transfer it to the terminal. If the fault injection successfully attacks the transmit limit counter, it may cause the entire memory contents to be output to the serial interface.
4.2 Security strategy for short-wave energy interference
Energy short pulse interference and other side-tracking techniques are all attempting to change the environment of the smart card. The usual strategy to guard against such attacks is strict voltage, frequency, and temperature detection. However, the use of precise sensors can also affect reliability and cause potential failures in certain terminals. Not only that, but the sensor is also unable to detect all the induced signals. The circuit is not completely immune to signals injected by induction or carefully adjusted short pulses of energy. It is important to use software or application precautions to detect and recover fault injection.
In terms of software precautions, fault monitoring can be achieved by checking critical program flow and cryptographic results. Finding and comparing the results of two operations is one of the methods for detecting the validity of the result. However, if the same error is injected twice, it cannot be detected; therefore, the best method is to find the input from the inverse operation of the result, and The original input is compared. Reverse operations are usually different and reverse manipulation is more difficult. 5 Conclusion The smart card application system is a system with a complex security environment. This paper provides an idea for analyzing the security attacks faced by this system and provides a basis for the security design of the system. The next step is to quantify the various security design strategies and find the best balance between reducing security threats and increasing security costs.
1 Smart Card Brief
A smart card is a card made by embedding an integrated circuit chip with storage, encryption, and data processing capabilities on a plastic substrate. The hardware of the smart card mainly includes the microprocessor and the memory. The logical structure is shown in Figure 1.
Figure 1 smart card hardware structure
The microprocessor inside the smart card mostly uses an 8-bit word-length CPU (of course, higher-order microprocessors are also starting to be applied). The main function of the microprocessor is to receive commands sent by external devices, analyze them, and control access to the memory as needed. When accessed, the microprocessor provides the memory with the address of the data unit to be accessed and the necessary parameters. The memory transfers the corresponding data to the microprocessor based on the address, and the microprocessor then processes the data. In addition, various operations performed by the smart card (such as encryption operations) are also performed by the microprocessor; and the control and implementation of the above process is the operating system COS of the smart card. The memory capacity within the card consists of a read only memory ROM, a random access RAM, and an electrically erasable programmable memory EEPROM. Among them, the operating system code is solidified in the ROM, and its capacity depends on the microprocessor used; the RAM is used to store operational data, and the capacity usually does not exceed 1 KB; the EEPROM stores various information of the smart card, such as encrypted data and application files. Etc., the capacity is usually between 2 KB and 32 KB (this part of the storage resources are available for users to develop and use).
2 Threats to smart card security
Attacks on smart cards can be divided into three basic types:
1 Logical attack - inserts a wiretap program during the execution of the software. There are many potential logical defects in smart cards and their COS, such as hidden commands, bad parameters and buffer overflows, file access, malicious processes, communication protocols, encryption protocols, and so on. Logical attackers use these flaws to trick cards into revealing confidential data or allowing undesired data modifications.
2 Physical Attacks - Analyze or change smart card hardware. Means and tools for achieving physical attacks include chemical solvents, etching and coloring materials, microscopes, submicron probe stations, and particle beam FIB.
3 Edge-frequency attacks—Use physical quantities to analyze and change the behavior of smart cards. Analyze the encrypted data of the smart card by observing some physical quantities in the circuit, such as energy consumption, electromagnetic radiation, time, etc.; or by interfering with certain physical quantities in the circuit, such as voltage, electromagnetic radiation, temperature, light, and X Ray, frequency, etc., to manipulate the behavior of the smart card.
The effectiveness of the smart card attack method is based on the fact that the attacker's benefit is higher than the time, effort, and expense spent. Table 1 gives a comparison of the above three types of attacks.
Table 1 Comparison of smart card attacks
It can be seen from Table 1 that the physical attack cost is too high, time-consuming and laborious, and less used; although the logic attack is less invested and easy to implement, it is easy to prevent and has a low success rate. In recent years, emerging edge-frequency attack techniques have been widely used due to their high cost-benefit ratio. Although the smart card industry has gained more and more understanding of the solution for edge-frequency attacks, many smart cards are still immune to such attacks. At present, the most widely used sideband analysis and sideband manipulation techniques include: Differential Energy Analysis (DPA) and Energy Glitching. The following focuses on the analysis of these two side-frequency attacks and gives the corresponding security strategy.
3 differential energy analysis
3.1 Analysis of DPA attacks
DPA (Differential Energy Analysis) attacks are known by detecting the energy consumption of an electronic device with an oscilloscope. Figure 2 is an energy tracking diagram of a smart card encrypted with the DES algorithm.
Figure 2 Energy tracking diagram of DES operation
As can be seen from Figure 2, the energy consumption is discontinuous and presents a pattern. It is well known that it takes 16 cycles to encrypt an input data with the DES algorithm, so these loops can be identified in the 16 repetition modes of the energy trace. The attacker only needs to know the plaintext (input) or ciphertext (output) of the algorithm, and the encryption key can be reproduced by analyzing and comparing a series of energy trajectories. The basis of a DPA attack is to assume that there is a connection between the processed data and the energy consumption. In other words, assuming that the processing 0 is less than the energy used (and vice versa), then the same algorithm is executed on two different data. The two energy trajectories can make a slight difference due to the difference in the input data. The differential trajectory is obtained by calculating the difference between the two trajectories by the computer strictly according to the clock. The moment at which the peak appears in the differential trajectory is the clock period in which the input data is different. By examining all the inputs of the encryption algorithm and the differential traces produced by each pair of 0's and 1's, you can identify the exact time they appear in the program code to obtain the encryption key.
DPA allows the internal processing of encryption algorithms to be studied, a risk that puts higher demands on smart card security. The encryption algorithm must use a full key of sufficient length to ensure that the process of exploring the key is too time consuming to be feasible. A complete algorithm is usually broken down into many small steps in the encryption process to make the processor achievable. These small steps often do not use a full key but use some of them. DPA can take the output of these small steps and explore these shorter key values, so in theory, all encryption algorithms can be cracked with DPA. Although the development of this attack method is very complicated, its application is very simple and requires only a small investment. The required equipment is limited to one PC and medium-precision oscilloscope, so the problem of solving DPA becomes the most smart card manufacturer. One of the urgent problems to face.
3.2 DPA Attack Security Policy
The security strategy for responding to DPA attacks is basically divided into three levels: hardware, software, and application.
(1) Hardware-level countermeasures
1 Use a balanced circuit to reduce signal energy and set metal protection to suppress electromagnetic emissions.
2 Perform parallel random processing to add a large value noise level. For example, an internal programming voltage generating circuit can be used as a parallel noise generator.
3 Handle the time noise introduced by the interrupt and the different clock frequencies at any time. The basis for computer processing of differential trajectories is that the trajectories are alignable. The working steps of the processor should be synchronized before joining the track. Time noise prevents or at least prevents the trajectories from aligning well.
The benefits of hardware countermeasures The sensitivity of smart cards to side-effect attacks is less dependent on software changes, but the weakness is that they can only reduce the sensitivity of smart cards to side-effect attacks and cannot completely eliminate them. In fact, hardware precautions simply reduce the signal to noise levels and make the attack difficult.
(2) Software-level countermeasures
1 Use a random processing sequence to reduce the associated signal. For example, parallel permutations in an algorithm (such as S-boxes in DES) can be done in a random order, and the number of permutations is reordered to decompose the signal produced by one permutation.
2 Use random delay and change path to increase timing noise. Timing noise can hinder the alignment of the tracks and reduce the quality of the differential tracks.
3 Eliminate the time dependence of key values ​​and intermediate media values. When the processing depends on the key value, a simple energy analysis can be achieved by directly observing the trajectory with the naked eye; and a continuous key processing in time can prevent such an easy attack.
4 Use random values ​​to hide intermediate media values. The leakage of energy depends on the number of bits in a single data. If random data is added to the actual data and then subtracted after processing, the path passed will not reveal useful information. However, this concealment will result in a nonlinearity in the transfer function and produce erroneous results. Therefore, these functions need to be carefully redesigned to compensate for the deviation caused by random data.
In theory, software countermeasures perfectly solve the problem of DPA attacks. However, this method must be tailored to an algorithm and its design is quite difficult and therefore very expensive and difficult to maintain.
(3) Application-level countermeasures
1 Reset the counter to limit the number of attempts by an attacker. Self-locking after three consecutive PIN verification failures is an effective method to prevent differential energy analysis.
2 Limit the control and visibility of the input and output in the encryption algorithm. If only part of the input can be selected, or only the results of some algorithms are returned, the attacker cannot complete the differential energy analysis.
The above is the basic method to prevent DPA attacks. The disadvantages are the negative impact on reliability and the need to change existing protocols.
4 energy short pulse interference
4.1 Analysis of energy short pulse jamming attacks
The microprocessor requires operation at a stable voltage, and the interruption of the energy supply is like a sudden impact on the program operation or reset circuit. However, a short and ingenious pulse can cause a single-step program error and the microprocessor can continue to execute the program. For example, the CPU reads the contents of the memory cell and the transistor uses a threshold to detect the value of the memory cell to determine if it is a logical "0" or "1". Sudden bursts of energy have an effect on both stored and logical values. Different internal capacities can affect stored values ​​differently, potentially causing real values ​​to be distorted. As shown in FIG. 3, the low level corresponding to the logic "0" may be lower than the threshold level in the normal operating state, however, the energy down of the short pulse may cause it to be above the threshold level.
Figure 3 Energy short pulse interference when reading memory
Many encryption algorithms are susceptible to this type of fault injection. The differential fault analysis (DFA) technique is used to compare the correct and incorrect cipher codes to isolate the secret key. Some algorithms can only be attacked when a precise intermediate value is attacked, while other algorithms are less demanding and can be attacked anywhere in the process. Usually DFA requires that it is possible to encrypt the same plaintext twice, producing a correct and a wrong ciphertext.
The second application of fault injection occurs at a critical decision point in the safety process. If an application performs a security check such as a PIN check, it is most effective at the moment the device decides to continue or interrupt processing. It is possible for an attacker to turn a PIN verification failure into a success to trick the processor. A more rigorous way is to completely turn off the power when the processor is about to write a verification failure to the memory, thus avoiding the PIN check failure counter overflow.
A third application of short-pulse interference aims to manipulate communication activities. The communication protocol is designed to read a few bytes from the smart card memory and transfer it to the terminal. If the fault injection successfully attacks the transmit limit counter, it may cause the entire memory contents to be output to the serial interface.
4.2 Security strategy for short-wave energy interference
Energy short pulse interference and other side-tracking techniques are all attempting to change the environment of the smart card. The usual strategy to guard against such attacks is strict voltage, frequency, and temperature detection. However, the use of precise sensors can also affect reliability and cause potential failures in certain terminals. Not only that, but the sensor is also unable to detect all the induced signals. The circuit is not completely immune to signals injected by induction or carefully adjusted short pulses of energy. It is important to use software or application precautions to detect and recover fault injection.
In terms of software precautions, fault monitoring can be achieved by checking critical program flow and cryptographic results. Finding and comparing the results of two operations is one of the methods for detecting the validity of the result. However, if the same error is injected twice, it cannot be detected; therefore, the best method is to find the input from the inverse operation of the result, and The original input is compared. Reverse operations are usually different and reverse manipulation is more difficult. 5 Conclusion The smart card application system is a system with a complex security environment. This paper provides an idea for analyzing the security attacks faced by this system and provides a basis for the security design of the system. The next step is to quantify the various security design strategies and find the best balance between reducing security threats and increasing security costs.
Shampoo And Conditioner,Magic Hair Dye Shampoo,Biotin Collagen Hair Conditioner,Keratin Leave In Conditioner Spray
DELIN HAIR COSMETICS , https://www.hairdyecolorfactory.com