際際滷

際際滷Share a Scribd company logo

IS Report 3

Pranay Sable
Pranay Sable

This document discusses securing proximity smart cards from various attacks. It begins with an introduction to proximity smart cards and their uses. Then, it reviews literature on smart card security and common attacks. In the discussion, it describes side-channel attacks like timing analysis and differential power analysis, as well as relay attacks on the physical communication layer. It provides countermeasures for these attacks, such as adding random delays, dummy instructions, and voltage controllers. The document also covers hardware attacks and invasion attacks, concluding that smart card security requires defenses at both the communication and physical layers.

1 of 18
Download to read offline
Student Name Pranay Sable Student ID- 15870284 Lecturer Name- David Airehrour COMP821 INFORMATION SECURITY Securing Proximity Smart Cards
PRANAY SABLE (15870284) 1 Contents Report Synopsis......................................................................................................................................2 Introduction............................................................................................................................................3 Literature Review-..................................................................................................................................5 Discussion...............................................................................................................................................7 Side-channel attacks and countermeasures.......................................................................................7 1. Timing Analysis Attacks.........................................................................................................7 2. Relay Attacks...........................................................................................................................9 3. Eavesdropping.......................................................................................................................11 Hardware attack and its Countermeasures......................................................................................13 Invasion attacks.............................................................................................................................13 Conclusion- ...........................................................................................................................................16 References............................................................................................................................................17
PRANAY SABLE (15870284) 2 Report Synopsis Smartcard Technology has developed throughout the most recent couple of years taking after striking enhancements in the fundamental equipment and programming stages. It is almost used in every sector of life around us and has sensitive information in it. So to secure smart cards has become a foremost priority of developers. This article will provide defense mechanism to protect this smart tokens on communication and physical layer from hackers and attackers.
PRANAY SABLE (15870284) 3 Introduction- What are Proximity smart cards? A smart card can be defined by its very basic component like integrated circuit which is a microcontroller which can store any kind of data in its RAM. Smart card system has a reader and token and a background system. The system is connected to a card reader which can authenticate a token or card when presented, a system can be a personal computer or a web browser which uses Secure Socket Layers to secure online transactions. A smart card can have 8KB to 256KB of programmable Random Access Memory with 16-bit of the microprocessor on it. The most common application where smart cards used are: Wireless Communication(RFID) Money Tractions Door security system Loyalty cards Dish TV Logistics Smart cards can be classified into 1) Contact Cards- These are the cards which need to make physical contact with the reader to establish a connection,and 2) Contactless Cards- These uses wireless communication channels to establish connection between reader and token.
PRANAY SABLE (15870284) 4 Need for Security Smart cards are commonly thought to be tamper resistant, which implies that the expected usefulness and information held inside such a gadget should not be undermined by altering. Smart cards additionally offer a choice of security systems that could, for instance, be utilized to actualize verification or guarantee information privacy. Smart cards are in this manner utilized as a part of frameworks that give security administrations. While a ''safe and trusted'' token alone is insufficient to ensure security inside a framework. A creator joining smart cards into a framework ought to consider both attacks that apply to the security of the physical smart card token and the system as an entirety(Markantonakis, Tunstall, Hancke, Askoxylakis, & Mayes, 2009). This article gives a brief outline of most common attacks on a smart card, furthermore looks at the defense mechanism for each attack. The outline of this report is to have an understanding of most common attacks on the smart cards security system and their verified countermeasures in real life. Furthermore in discussion two types of core attacks and their countermeasures are presented with the outlined conclusion.
PRANAY SABLE (15870284) 5 Literature Review- To deal with my research topic I have gone through different papers which are related to security of smart cards and have researched various websites and blogs written by researchers. Following are a synopsis of literature used to create this research report. P a p e r S u m m a r y S e c u r i t y o f p r o x i m i t y i d e n t i f i c a t i o n s ys t e m s ( G e r h a r d P H a n c k e , 2 0 0 8 ) A s d i s c u s s e d b y ( G e r h a r d P H a n c k e , 2 0 0 8 ) i n h i s r e p o r t h a v e s u m m a r i z e d r e l a y a t t a c k s a n d d i s t a n c e b o u n d i n g p r o t o c o l s . C o n f i d e n c e i n s m a r t t o k e n p r o x i m i t y: R e l a y a t t a c k s r e v i s i t e d ( G . P . H a n c k e , M a ye s , & M a r k a n t o n a k i s , 2 0 0 9 ) ( G . P . H a n c k e e t a l . , 2 0 0 9 ) m e n t i o n e d d e t a i l e d s t u d y a n d i m p l e m e n t a t i o n o f r e l a y a t t a c k s a n d i t s c o u n t e r m e a s u r e s P r e v e n t i n g r e a l - w o r l d r e l a y a t t a c k s o n c o n t a c t l e s s d e v i c e ( H e n z l , H a n a c e k , & K a c i c , 2 0 1 4 ) T h e a u t h o r ( H e n z l e t a l . , 2 0 1 4 ) m e n t i o n e d t h e r e l a y a t t a c k s o n c o n t a c t l e s s o r N e a r - f i e l d c o m m u n i c a t i o n ( N F C ) . S m a r t c a r d a p p l i c a t i o n s a n d s e c u r i t y( L e n g , 2 0 0 9 ) ( Le n g , 2 0 0 9 ) h a v e b r i e f l y p r o p o s e d e v e r y a t t a c k s c e n a r i o o n s m a r t c a r d s s u c h a s s i d e c h a n n e l a t t a c k s , e a v e s d r o p p i n g , a n d p h ys i c a l a t t a c k s
PRANAY SABLE (15870284) 6 R F ID N o i s y R e a d e r H o w t o P r e v e n t f r o m E a v e s d r o p p i n g o n t h e C o m m u n i c a t i o n ? ( S a v r y, P e b a y- P e yr o u l a , D e h m a s , R o b e r t , & R e v e r d y, 2 0 0 7 ) O n t h e b a s i s o f a d e v i c e n a m e d n o i s y r e a d e r ( S a v r y e t a l . , 2 0 0 7 ) h a v e i n t r o d u c e d a d e f e n s e w e a p o n a g a i n s t E a v e s d r o p p i n g . S o l u t i o n s f o r R F I D S m a r t T a g g e d C a r d S e c u r i t y V u l n e r a b i l i t i e s ( W i l l i a m s o n , T s a y, K a t e e b , & B u r t o n , 2 0 1 3 ) ( W i l l i a m s o n e t a l . , 2 0 1 3 ) h a v e p r o p o s e d s o l u t i o n s f o r R F ID t a g s i n b i o m e d i c a l f i e l d t h r o u g h t h e a d d i t i o n o f t w o s e c u r i t y l a ye r s i n t h e c o m m u n i c a t i o n c h a n n e l R a n d o m i z e d e x e c u t i o n a l g o r i t h m s f o r s m a r t c a r d s t o r e s i s t p o w e r a n a l ys i s a t t a c k s ( Z h a n g , Li a o , Q i u , H u , & S h a , 2 0 1 2 ) I n t h i s p a p e r , i t i s d i s c u s s e d 3 - b i t a l g o r i t h m t e c h n i q u e s f o r s e c u r i t y a g a i n s t p o w e r a n a l ys i s a t t a c k s . S m a r t C a r d s , T o k e n s , S e c u r i t y a n d A p p l i c a t i o n ( M a r k a n t o n a k i s , 2 0 0 7 ) T h i s b o o k h a s p r o v i d e d a b r o a d e r v i e w o f m a n y c a r d s s ys t e m a n d p r a c t i c a l s e c u r i t y m e t h o d s u s e d . R F ID s ys t e m s : A s u r v e y o n s e c u r i t y t h r e a t s a n d p r o p o s e d s o l u t i o n s ( P e r i s - Lo p e z , H e r n a n d e z - C a s t r o , E s t e v e z - T a p i a d o r , & R i b a g o r d a , 2 0 0 6 ) ( P e r i s - Lo p e z e t a l . , 2 0 0 6 ) p r e s e n t e d t h r e a t s t o R F ID s e c u r i t y s ys t e m a n d p r o t e c t i n g p r i v a c y t h r o u g h F a r a d a y c a g e a n d b l o c k e r t a g s .
PRANAY SABLE (15870284) 7 Discussion Side-channel attacks and countermeasures A side-channel attack(Kocher,1996) comprises in observing unintended impacts of the calculation and recovering valuable data from these impacts. There are numerous such impacts, including the timing of the calculation, the information traded on the I/O channels, the power utilization, or some other impact of the calculation. Such attacks are considered as non- obtrusive, on the grounds that they are performed on a working smart card chip, and they, as a rule, don't require the tampering of the card. 1. Timing Analysis Attacks These are the most common types of side-channel attacks. To carry out this attack the attacker must have power system knowledge. By studying the power utilization of smart card one can tell what type of information is the card possessing within a microchip. Under power attacks, there are mainly 2 types of attacks which are described below. Simple power Analysis: -A powerful form of power analysis is to search for patterns within the acquired power consumption. An attacker can attempt to determine the location of individual functions within a command. For example, Fig. 2 shows the power consumption of a smart card during the execution of RSA, looking closely at the acquired power consumption, a series of events can be seen. There are two types of the event at two different power consumption levels, with a short dip in the power consumption between each event. This corresponds well to the square and multiply calculations used in RSA algorithm (Mayes and Markantonakis, 2008).
PRANAY SABLE (15870284) 8 Figure 2. Power consumption of an RSA implementation(Markantonakis, 2007) Differential power analysis- Differential Power Analysis (DPA) actually treats the consequences of power examination. The estimations are rehashed ordinarily so that the impacts of noise can be dispensed with by taking normal qualities. The differences are once the estimations have been finished, which can uncover even better contrasts in the current utilization of a microcontroller than basic force investigation. With the DPA procedure, the current utilization is initially measured while the microcontroller is handling known information, and afterward again while it is handling unknown information(Leng, 2009; Markantonakis et al., 2009). Time analysis attacks Countermeasures As suggested by (Leng, 2009)the least difficult equipment arrangement is to consolidate a quick acting voltage controller in the chip screens and guarantees that the power utilization is autonomous of the guidelines and information. The counterfeit noise current generators on the chip are likewise a successful arrangement. Another arrangement is to utilize a changed processor plan that dependably draws a steady current. Nevertheless, these methodologies will marginally expand the power utilization, which is undesirable in applications, for example, telecommunication. As an option, some more straightforward guard utilizing haphazardly produced delays (arbitrary holding up time) in the processor extensively builds the trouble of
PRANAY SABLE (15870284) 9 synchronization between the information and current, without expanding the chip's present utilization. A comparable methodology is that microcontrollers have their own on-chip clock generators, by consistently and randomly fluctuating the clock frequency inside certain breaking points. There is three software defense mechanism suggested by(Zhang et al., 2012) as follows Dummy Instructions Random Insertion (DIRI), Simple Randomized Execution(SRE), Advanced Randomized Execution with Independent Dummy Instructions(AREIDI) which shows significant results to protect smart cards from hackers. 2. Relay Attacks Relay attacks are basically carried out on the physical layer of the communication channel. In these case, the raider or attacker needs to have two hardware devices that are a reader and the token. The attacker sets up communication medium called as relay channel between its devices (reader and token). Now the attackers reader will send signals to legitimate token while the proxy token is situated near the reader. As the reader will transmit info to the proxy token which is indeed relayed back to the proxy reader. This proxy reader will send received signal information to token who will consider this reader as legitimate and responds, this response is conveyed back to the proxy token which will now acts exactly as the cloned token and transmit information to the real reader who misinterprets this cloned token as real and gives temporary access to the attacker(Gerhard P Hancke, 2008). Basically, there are two types of relay attacks. 1)Passive attack and 2) Passive attacks. The hacker never needs to know the plaintext information or the key K length of he and his assistant can keep transferring the particular messages between the reader and the real token. It does along these lines not make any difference if the information is encoded utilizing the Advanced Encryption Standard AES with a 256-bit key, or a powerless restrictive figure with a 32-bit key as the resultant ciphertext of either can be transferred simply. The achievement of
PRANAY SABLE (15870284) 10 the hacker is in this manner free of the application layer convention and encryption calculation utilized and subsequently application layer cryptographic systems are incapable at forestalling hand-off attack(G. P. Hancke et al., 2009). So this suggests that even if there is a secret key with the authenticating user it is not of any use as the hacker can any time be able to easily intercept the messages and can have a virtually cloned token. Security measures for relay attacks- There are many possible ways to been suggested to protect contactless system through the relay attack. a) Timing Constraints- The attacker's equipment needs time to transfer information between the reader and token and the attacker's reaction is along these lines deferred when contrasted with a genuine response. Executing time-outs would in this way have all the earmarks of being an achievable answer for keeping an attacker's "late" reaction from being acknowledged. Timing limitations are already defined for communication in the ISO 14443 standard furthermore, reader frequently has the ability to likewise actualize a period out on the token's response. The timing imperatives in the norms, be that as it may, are infrequently upheld in reader we watched. Setting a period out of reaction information is likewise not a powerful countermeasure as the postponement presented by the transfer equipment is substantially less than the run of the mill time-out qualities. Setting timeouts that would recognize such a little postpone is not useful either in light of the fact that the variety in the time taken by the token to produce a reaction is prone to be bigger than the time-out and real reactions would be a danger of being rejected. (G. P. Hancke et al., 2009). To time-outs measurements can more accurately be studied
PRANAY SABLE (15870284) 11 by observing the signal response of reader in an oscilloscope or by the proprietary reader. b) Distance bounding Protocols. Separation bounding conventions decide an upper limit for the physical separation between two conveying parties taking into account the Round-Trip-Time (R- T-T) of cryptographic test reaction sets. The of the test reaction sets is particularly intended to take into consideration an exact time estimation, e.g. picking up a response that takes an anticipated or steady time to compute. To accomplish an exact and trusted distance bound the convention should be keep running over a special correspondence channel since it has been demonstrated that routine channels present timing vulnerability that can dark the deferral presented by a relay attack. There are various protocols suggested for distance bounding, Brands and Chaum (1993) were the first to describe distance-bonding protocol since then many protocols have been suggested. Distance jumping would consequently require adjusted tokens and readers, which would expand the aggregate framework cost. Distance bounding has been for all intents and purposes executed in a contact framework yet appropriate contactless channels are still a work in advancement, with current recommendations raising security, on the other hand, is a concern (G. P. Hancke et al., 2009). 3. Eavesdropping An Eavesdropping attack happens when an attacker can recapture the information sent amid an exchange between a true reader and a token, which requires the hacker to set up in the region of a likely target. The attacker needs to catch the transmitted signs utilizing appropriate RF hardware before recuperating and putting away the information of interest. The level of
PRANAY SABLE (15870284) 12 accomplishment that the attacker will accomplish relies on upon the assets accessible to him. An aggressor with costly, particular RF estimation gear will have the capacity to listen in from further away than an attacker with a modest, home-made framework. The hacker is still a practical danger in any case. A pioneering attacker could recuperate the credit card subtle elements of the individual standing in front and that he had a small versatile framework that could listen in at 50 cm. On the other hand, if the aggressor can effectively listen in the correspondence from 10 m he could sit in a vehicle outside his nearby corner store and record every one of the truncation held inside. This attack can also happen when the card is not used and the hacker can trigger the smart card secretly without the holder being unaware of it. An attacker may dont have access to the sensitive but it may know. Defence Mechanism for Eavesdropping attacks- In Eavesdropping, an attacker interprets the data transferred between the token and reader so any system that can secure the information will be the best solution for this kind of attack. There is various solution proposed as an idea of using shared secret key or makes the channel more impervious to listening in. (Wyner, 1975)came with a solution of additive noise in the communication channel The concept works as follows when a sender sends data over a communication channel he adds two types of noise N(t) and N (t) (with a condition that(N(t)<< N(t)), so data send will be y(t)=N(t)+N(t)+i(t) but at the receivers end he will get y(t)=N(t)+i(t) and the attacker will have Z(t)=N(t)+I(t), this concept is called as wiretapping. But it has a problem in it, there is theoretical no evidence of that the noise level should be sufficient. (Savry et al., 2007) came up with a solution for the above-stated problem they developed a Noisy reader. As this is a very vast concept will just give the principle of
PRANAY SABLE (15870284) 13 this device. The rule of the noisy reader. To begin with, the reader creates a loud flag and emanates it through its receiving wire amid the time of the legitimate answer. So the reader or a hacker in the loop will see a signal with noise where the legitimate message is covered up. As the reader knows the commotion it radiated, it can subtract it from the message it got to recover the legitimate message. This is done by including these noisy generator object that can generate analogy noise in the ISO 14443 protocol in the physical communication layer without any modification in ISO 14443 standard of RFID reader. One or Two-factor authentication in Eavesdropping attack- In payment system using smart cards, this defence mechanism is introduced. Whenever you present your bank credit card or smart card it then asks you for your pin number and then only proceeds further with the transaction. But nowadays there is a new concept called pay-wave in which just you present your card and everything is done sounds easy. But think if your card gets stolen and no means to authenticate the person who is using it and until you block your card the damage is already done. While installing a door access system with access cards there should be a provision to authenticate like a pin or biometric verification such to make your system more secure from eavesdropping. Above we discussed some attacks and their countermeasures which are on the communication layer of the smart card system now lets explore hardware layer of the system. Hardware attack and its Countermeasures Invasion attacks are the attacks that require the microchip in a smart card to be evacuated and specifically altered and tampered physically. This class of attacks can, at any rate in the hypothesis, trade off any security measure of any microchip. Be that as it may, these attacks
PRANAY SABLE (15870284) 14 commonly require exceptionally costly hardware, awesome mastery and a vast interest in time to deliver results. Prying attacks are along these lines considered to be essentially in the domain of semiconductor makers furthermore, specializes in very much supported labs(Leng, 2009). Another strategy for physically attacking a chip is to put a test on bus lines so that qualities being sent over the transport can be seen on an oscilloscope. The noticeable data could incorporate cryptographic keys and/or the working framework present in ROM. The study of these attacks is beyond this article but for detailed information can refer (Anderson and Kuhn,1996) and (Kommerling and Kuhn,1999). Countermeasures for hardware attacks- Design- The incorporated circuit configuration can incorporate such countermeasures as glue logic, obfuscated logic and covered buses which make figuring out harder. Non-unpredictable memory, buses can be mixed to anticipate reverse engineering of uploaded programming, or chip plan strategies, through examining. Figure2 - Secure and Insured chips(Markantonakis, 2007)
PRANAY SABLE (15870284) 15 Anomaly Detectors: (Markantonakis et al., 2009) suggested this defense mechanism that there are normally diverse sorts of peculiarity detectors present in a smart card. These are utilized to identify irregular environmental conditions, for example, a disturbance in the voltage or clock supplied to the card. A smart card will regularly reset or execute an infinite circle until the irregular condition is evacuated.
PRANAY SABLE (15870284) 16 Conclusion- Smart cards are seen as a decent method for including a ''trusted equipment token'' that offers extra security administrations. The usage of secure applications on smart cards is diverse to advancement in different stages as it requires learning of both the abilities of various smart card items and conceivable attacker techniques focusing on these cards. Picking a smart card item that is viewed as powerless, based on legacy innovations or is (by and large) insufficient for designed framework, or neglecting to plan the framework to take into account any conceivable constraints in smart card innovation could present vulnerabilities that could be abused, as is obvious from the genuine attackers portrayed previously. There are various ways to an attacker can attack a system smart card alone cannot assure the full security of the system in many cases. For example, an intruder can physically damage the reader and can gain access. This means that there is a need to look beyond smart token or card and revise the rules regulation and policies for a security system. With every new security design developed every movement, an attacker or hacker is always ready to challenge, so the changes and development in the security system should be constant that is the rule of life if you want to survive in this constantly challenging world the security system should be in its evolving mode always.
PRANAY SABLE (15870284) 17 References Hancke, G. P. (2008). Security of proximity identification systems. University of Cambridge. Hancke, G. P., Mayes, K. E., & Markantonakis, K. (2009). Confidence in smart token proximity: Relay attacks revisited. Computers & Security, 28(7), 615-627. doi:10.1016/j.cose.2009.06.001 Henzl, M., Hanacek, P., & Kacic, M. (2014). Preventing real-world relay attacks on contactless devices. Paper presented at the Security Technology (ICCST), 2014 International Carnahan Conference on. Leng, X. (2009). Smart card applications and security. Information Security Technical Report, 14(2), 36-45. doi:10.1016/j.istr.2009.06.006 Markantonakis, K. (2007). Smart cards, tokens, security and applications: Springer Science & Business Media. Markantonakis, K., Tunstall, M., Hancke, G., Askoxylakis, I., & Mayes, K. (2009). Attacking smart card systems: Theory and practice. Information Security Technical Report, 14(2), 46-56. doi:10.1016/j.istr.2009.06.001 Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). RFID systems: A survey on security threats and proposed solutions. Paper presented at the Personal wireless communications. Savry, O., Pebay-Peyroula, F., Dehmas, F., Robert, G., & Reverdy, J. (2007). RFID Noisy Reader How to Prevent from Eavesdropping on the Communication? Cryptographic Hardware and Embedded Systems-CHES 2007, 334-345. Williamson, A., Tsay, L.-S., Kateeb, I. A., & Burton, L. (2013). Solutions for RFID Smart Tagged Card Security Vulnerabilities. AASRI Procedia, 4, 282-287. doi:10.1016/j.aasri.2013.10.042 Wyner, A. D. (1975). The wire-tap channel. Bell System Technical Journal, The, 54(8), 1355-1387. Zhang, D., Liao, X., Qiu, M., Hu, J., & Sha, E. H. M. (2012). Randomized execution algorithms for smart cards to resist power analysis attacks. Journal of Systems Architecture, 58(10), 426-438. doi:10.1016/j.sysarc.2012.08.004

Recommended

portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-s
Stephen Kelleher
L4G_2015_BROCHURE
L4G_2015_BROCHUREL4G_2015_BROCHURE
L4G_2015_BROCHURE
Andrew Grimstone
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)
Ahmad Sakib
4 IATA Training
4 IATA Training4 IATA Training
4 IATA Training
Mohamed Tayfour
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Form
nearnow
Passivhaus on a shoestring
Passivhaus on a shoestringPassivhaus on a shoestring
Passivhaus on a shoestring
Paul Testa
Traditional Media Buying
Traditional Media BuyingTraditional Media Buying
Traditional Media Buying
The Media Kitchen
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015
The Media Kitchen
Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - Lentoestevalot
Aerial Oy
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summary
fsikipa
Magenta 4.0
Magenta 4.0Magenta 4.0
Magenta 4.0
Justin Hall-tipping
Reduced penalty for late filing of income tax
Reduced penalty for late filing of income taxReduced penalty for late filing of income tax
Reduced penalty for late filing of income tax
E-startupindia
Waukegan west 1984
Waukegan west 1984Waukegan west 1984
Waukegan west 1984
Dave Levine
Eyespeak E Learning Plan
Eyespeak E Learning PlanEyespeak E Learning Plan
Eyespeak E Learning Plan
Eyespeak Brasil
Interior Design Portfolio
Interior Design PortfolioInterior Design Portfolio
Interior Design Portfolio
Cassandra Ryan
Career and career management
Career and career managementCareer and career management
Career and career management
Bindal Heena
Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983
Dave Levine
Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?
jvelie
GET - AR Timeline for Action
GET - AR Timeline for ActionGET - AR Timeline for Action
GET - AR Timeline for Action
Michael Wirscham
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
Altair
Portafolio Francisco D鱈az Tazza
Portafolio Francisco D鱈az TazzaPortafolio Francisco D鱈az Tazza
Portafolio Francisco D鱈az Tazza
FranciscoDiazTazza
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
GoLeanSixSigma.com
Brad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_svBrad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_sv
BradArender
201411141821490731366001415969509
201411141821490731366001415969509201411141821490731366001415969509
201411141821490731366001415969509
IMTS Institute
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarEfficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Mentor
GST Case Laws Digest
GST Case Laws DigestGST Case Laws Digest
GST Case Laws Digest
Taxmann
Croosing
Croosing Croosing
Croosing
Ronny Yakov
United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
IMARC Group
United States Roofing Market Growth, Demand and Challenges of the Key Industr...
United States Roofing Market Growth, Demand and Challenges of the Key Industr...United States Roofing Market Growth, Demand and Challenges of the Key Industr...
United States Roofing Market Growth, Demand and Challenges of the Key Industr...
IMARC Group
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
IMARC Group

More Related Content

What's hot (19)

Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - Lentoestevalot
Aerial Oy
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summary
fsikipa
Magenta 4.0
Magenta 4.0Magenta 4.0
Magenta 4.0
Justin Hall-tipping
Reduced penalty for late filing of income tax
Reduced penalty for late filing of income taxReduced penalty for late filing of income tax
Reduced penalty for late filing of income tax
E-startupindia
Waukegan west 1984
Waukegan west 1984Waukegan west 1984
Waukegan west 1984
Dave Levine
Eyespeak E Learning Plan
Eyespeak E Learning PlanEyespeak E Learning Plan
Eyespeak E Learning Plan
Eyespeak Brasil
Interior Design Portfolio
Interior Design PortfolioInterior Design Portfolio
Interior Design Portfolio
Cassandra Ryan
Career and career management
Career and career managementCareer and career management
Career and career management
Bindal Heena
Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983
Dave Levine
Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?
jvelie
GET - AR Timeline for Action
GET - AR Timeline for ActionGET - AR Timeline for Action
GET - AR Timeline for Action
Michael Wirscham
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
Altair
Portafolio Francisco D鱈az Tazza
Portafolio Francisco D鱈az TazzaPortafolio Francisco D鱈az Tazza
Portafolio Francisco D鱈az Tazza
FranciscoDiazTazza
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
GoLeanSixSigma.com
Brad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_svBrad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_sv
BradArender
201411141821490731366001415969509
201411141821490731366001415969509201411141821490731366001415969509
201411141821490731366001415969509
IMTS Institute
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarEfficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Mentor
GST Case Laws Digest
GST Case Laws DigestGST Case Laws Digest
GST Case Laws Digest
Taxmann
Croosing
Croosing Croosing
Croosing
Ronny Yakov
Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - Lentoestevalot
Aerial Oy
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summary
fsikipa
Magenta 4.0
Magenta 4.0Magenta 4.0
Magenta 4.0
Justin Hall-tipping
Reduced penalty for late filing of income tax
Reduced penalty for late filing of income taxReduced penalty for late filing of income tax
Reduced penalty for late filing of income tax
E-startupindia
Waukegan west 1984
Waukegan west 1984Waukegan west 1984
Waukegan west 1984
Dave Levine
Eyespeak E Learning Plan
Eyespeak E Learning PlanEyespeak E Learning Plan
Eyespeak E Learning Plan
Eyespeak Brasil
Interior Design Portfolio
Interior Design PortfolioInterior Design Portfolio
Interior Design Portfolio
Cassandra Ryan
Career and career management
Career and career managementCareer and career management
Career and career management
Bindal Heena
Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983
Dave Levine
Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?
jvelie
GET - AR Timeline for Action
GET - AR Timeline for ActionGET - AR Timeline for Action
GET - AR Timeline for Action
Michael Wirscham
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
Altair
Portafolio Francisco D鱈az Tazza
Portafolio Francisco D鱈az TazzaPortafolio Francisco D鱈az Tazza
Portafolio Francisco D鱈az Tazza
FranciscoDiazTazza
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
GoLeanSixSigma.com
Brad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_svBrad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_sv
BradArender
201411141821490731366001415969509
201411141821490731366001415969509201411141821490731366001415969509
201411141821490731366001415969509
IMTS Institute
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarEfficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Mentor
GST Case Laws Digest
GST Case Laws DigestGST Case Laws Digest
GST Case Laws Digest
Taxmann
Croosing
Croosing Croosing
Croosing
Ronny Yakov

Similar to IS Report 3 (20)

United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
IMARC Group
United States Roofing Market Growth, Demand and Challenges of the Key Industr...
United States Roofing Market Growth, Demand and Challenges of the Key Industr...United States Roofing Market Growth, Demand and Challenges of the Key Industr...
United States Roofing Market Growth, Demand and Challenges of the Key Industr...
IMARC Group
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
IMARC Group
United States Smart Grid Market Growth, Demand and Challenges of the Key Indu...
United States Smart Grid Market Growth, Demand and Challenges of the Key Indu...United States Smart Grid Market Growth, Demand and Challenges of the Key Indu...
United States Smart Grid Market Growth, Demand and Challenges of the Key Indu...
IMARC Group
United States Network Security Market Growth, Demand and Challenges of the Ke...
United States Network Security Market Growth, Demand and Challenges of the Ke...United States Network Security Market Growth, Demand and Challenges of the Ke...
United States Network Security Market Growth, Demand and Challenges of the Ke...
IMARC Group
South Korea Artificial Intelligence Market Growth, Demand and Challenges of t...
South Korea Artificial Intelligence Market Growth, Demand and Challenges of t...South Korea Artificial Intelligence Market Growth, Demand and Challenges of t...
South Korea Artificial Intelligence Market Growth, Demand and Challenges of t...
IMARC Group
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
Johannes Bjerva
United States Photonics Market by Product Type, Distribution Channel, End Use...
United States Photonics Market by Product Type, Distribution Channel, End Use...United States Photonics Market by Product Type, Distribution Channel, End Use...
United States Photonics Market by Product Type, Distribution Channel, End Use...
IMARC Group
United States Virtual Care Market by Product Type, Distribution Channel, End ...
United States Virtual Care Market by Product Type, Distribution Channel, End ...United States Virtual Care Market by Product Type, Distribution Channel, End ...
United States Virtual Care Market by Product Type, Distribution Channel, End ...
IMARC Group
United States Security as a Service Market by Product Type, Distribution Chan...
United States Security as a Service Market by Product Type, Distribution Chan...United States Security as a Service Market by Product Type, Distribution Chan...
United States Security as a Service Market by Product Type, Distribution Chan...
IMARC Group
United States Geospatial Analytics Market PPT: Growth, Outlook, Demand, Keypl...
United States Geospatial Analytics Market PPT: Growth, Outlook, Demand, Keypl...United States Geospatial Analytics Market PPT: Growth, Outlook, Demand, Keypl...
United States Geospatial Analytics Market PPT: Growth, Outlook, Demand, Keypl...
IMARC Group
Brazil Furniture Market by Product Type, Distribution Channel, End User 2024-...
Brazil Furniture Market by Product Type, Distribution Channel, End User 2024-...Brazil Furniture Market by Product Type, Distribution Channel, End User 2024-...
Brazil Furniture Market by Product Type, Distribution Channel, End User 2024-...
IMARC Group
United States Logistics Market Growth, Demand and Challenges of the Key Indus...
United States Logistics Market Growth, Demand and Challenges of the Key Indus...United States Logistics Market Growth, Demand and Challenges of the Key Indus...
United States Logistics Market Growth, Demand and Challenges of the Key Indus...
IMARC Group
United States Hearing Aids Market by Product Type, Distribution Channel, End ...
United States Hearing Aids Market by Product Type, Distribution Channel, End ...United States Hearing Aids Market by Product Type, Distribution Channel, End ...
United States Hearing Aids Market by Product Type, Distribution Channel, End ...
IMARC Group
United States Teleradiology Market PPT: Growth, Outlook, Demand, Keyplayer An...
United States Teleradiology Market PPT: Growth, Outlook, Demand, Keyplayer An...United States Teleradiology Market PPT: Growth, Outlook, Demand, Keyplayer An...
United States Teleradiology Market PPT: Growth, Outlook, Demand, Keyplayer An...
IMARC Group
United States Popcorn Market by Product Type, Distribution Channel, End User ...
United States Popcorn Market by Product Type, Distribution Channel, End User ...United States Popcorn Market by Product Type, Distribution Channel, End User ...
United States Popcorn Market by Product Type, Distribution Channel, End User ...
IMARC Group
United States Furniture Market by Product Type, Distribution Channel, End Use...
United States Furniture Market by Product Type, Distribution Channel, End Use...United States Furniture Market by Product Type, Distribution Channel, End Use...
United States Furniture Market by Product Type, Distribution Channel, End Use...
IMARC Group
United States Pest Control Market Growth, Demand and Challenges of the Key In...
United States Pest Control Market Growth, Demand and Challenges of the Key In...United States Pest Control Market Growth, Demand and Challenges of the Key In...
United States Pest Control Market Growth, Demand and Challenges of the Key In...
IMARC Group
United States Radiopharmaceuticals Market Growth, Demand and Challenges of th...
United States Radiopharmaceuticals Market Growth, Demand and Challenges of th...United States Radiopharmaceuticals Market Growth, Demand and Challenges of th...
United States Radiopharmaceuticals Market Growth, Demand and Challenges of th...
IMARC Group
United States Luxury Goods Market Growth, Demand and Challenges of the Key In...
United States Luxury Goods Market Growth, Demand and Challenges of the Key In...United States Luxury Goods Market Growth, Demand and Challenges of the Key In...
United States Luxury Goods Market Growth, Demand and Challenges of the Key In...
IMARC Group
United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
United States Cooling Tower Market PPT 2024: Size, Growth, Demand and Forecas...
IMARC Group
United States Roofing Market Growth, Demand and Challenges of the Key Industr...
United States Roofing Market Growth, Demand and Challenges of the Key Industr...United States Roofing Market Growth, Demand and Challenges of the Key Industr...
United States Roofing Market Growth, Demand and Challenges of the Key Industr...
IMARC Group
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
United States Cryptocurrency Market PPT 2024: Size, Growth, Demand and Foreca...
IMARC Group
United States Smart Grid Market Growth, Demand and Challenges of the Key Indu...
United States Smart Grid Market Growth, Demand and Challenges of the Key Indu...United States Smart Grid Market Growth, Demand and Challenges of the Key Indu...
United States Smart Grid Market Growth, Demand and Challenges of the Key Indu...
IMARC Group
United States Network Security Market Growth, Demand and Challenges of the Ke...
United States Network Security Market Growth, Demand and Challenges of the Ke...United States Network Security Market Growth, Demand and Challenges of the Ke...
United States Network Security Market Growth, Demand and Challenges of the Ke...
IMARC Group
South Korea Artificial Intelligence Market Growth, Demand and Challenges of t...
South Korea Artificial Intelligence Market Growth, Demand and Challenges of t...South Korea Artificial Intelligence Market Growth, Demand and Challenges of t...
South Korea Artificial Intelligence Market Growth, Demand and Challenges of t...
IMARC Group
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
Johannes Bjerva
United States Photonics Market by Product Type, Distribution Channel, End Use...
United States Photonics Market by Product Type, Distribution Channel, End Use...United States Photonics Market by Product Type, Distribution Channel, End Use...
United States Photonics Market by Product Type, Distribution Channel, End Use...
IMARC Group
United States Virtual Care Market by Product Type, Distribution Channel, End ...
United States Virtual Care Market by Product Type, Distribution Channel, End ...United States Virtual Care Market by Product Type, Distribution Channel, End ...
United States Virtual Care Market by Product Type, Distribution Channel, End ...
IMARC Group
United States Security as a Service Market by Product Type, Distribution Chan...
United States Security as a Service Market by Product Type, Distribution Chan...United States Security as a Service Market by Product Type, Distribution Chan...
United States Security as a Service Market by Product Type, Distribution Chan...
IMARC Group
United States Geospatial Analytics Market PPT: Growth, Outlook, Demand, Keypl...
United States Geospatial Analytics Market PPT: Growth, Outlook, Demand, Keypl...United States Geospatial Analytics Market PPT: Growth, Outlook, Demand, Keypl...
United States Geospatial Analytics Market PPT: Growth, Outlook, Demand, Keypl...
IMARC Group
Brazil Furniture Market by Product Type, Distribution Channel, End User 2024-...
Brazil Furniture Market by Product Type, Distribution Channel, End User 2024-...Brazil Furniture Market by Product Type, Distribution Channel, End User 2024-...
Brazil Furniture Market by Product Type, Distribution Channel, End User 2024-...
IMARC Group
United States Logistics Market Growth, Demand and Challenges of the Key Indus...
United States Logistics Market Growth, Demand and Challenges of the Key Indus...United States Logistics Market Growth, Demand and Challenges of the Key Indus...
United States Logistics Market Growth, Demand and Challenges of the Key Indus...
IMARC Group
United States Hearing Aids Market by Product Type, Distribution Channel, End ...
United States Hearing Aids Market by Product Type, Distribution Channel, End ...United States Hearing Aids Market by Product Type, Distribution Channel, End ...
United States Hearing Aids Market by Product Type, Distribution Channel, End ...
IMARC Group
United States Teleradiology Market PPT: Growth, Outlook, Demand, Keyplayer An...
United States Teleradiology Market PPT: Growth, Outlook, Demand, Keyplayer An...United States Teleradiology Market PPT: Growth, Outlook, Demand, Keyplayer An...
United States Teleradiology Market PPT: Growth, Outlook, Demand, Keyplayer An...
IMARC Group
United States Popcorn Market by Product Type, Distribution Channel, End User ...
United States Popcorn Market by Product Type, Distribution Channel, End User ...United States Popcorn Market by Product Type, Distribution Channel, End User ...
United States Popcorn Market by Product Type, Distribution Channel, End User ...
IMARC Group
United States Furniture Market by Product Type, Distribution Channel, End Use...
United States Furniture Market by Product Type, Distribution Channel, End Use...United States Furniture Market by Product Type, Distribution Channel, End Use...
United States Furniture Market by Product Type, Distribution Channel, End Use...
IMARC Group
United States Pest Control Market Growth, Demand and Challenges of the Key In...
United States Pest Control Market Growth, Demand and Challenges of the Key In...United States Pest Control Market Growth, Demand and Challenges of the Key In...
United States Pest Control Market Growth, Demand and Challenges of the Key In...
IMARC Group
United States Radiopharmaceuticals Market Growth, Demand and Challenges of th...
United States Radiopharmaceuticals Market Growth, Demand and Challenges of th...United States Radiopharmaceuticals Market Growth, Demand and Challenges of th...
United States Radiopharmaceuticals Market Growth, Demand and Challenges of th...
IMARC Group
United States Luxury Goods Market Growth, Demand and Challenges of the Key In...
United States Luxury Goods Market Growth, Demand and Challenges of the Key In...United States Luxury Goods Market Growth, Demand and Challenges of the Key In...
United States Luxury Goods Market Growth, Demand and Challenges of the Key In...
IMARC Group

IS Report 3

  • 1. Student Name Pranay Sable Student ID- 15870284 Lecturer Name- David Airehrour COMP821 INFORMATION SECURITY Securing Proximity Smart Cards
  • 2. PRANAY SABLE (15870284) 1 Contents Report Synopsis......................................................................................................................................2 Introduction............................................................................................................................................3 Literature Review-..................................................................................................................................5 Discussion...............................................................................................................................................7 Side-channel attacks and countermeasures.......................................................................................7 1. Timing Analysis Attacks.........................................................................................................7 2. Relay Attacks...........................................................................................................................9 3. Eavesdropping.......................................................................................................................11 Hardware attack and its Countermeasures......................................................................................13 Invasion attacks.............................................................................................................................13 Conclusion- ...........................................................................................................................................16 References............................................................................................................................................17
  • 3. PRANAY SABLE (15870284) 2 Report Synopsis Smartcard Technology has developed throughout the most recent couple of years taking after striking enhancements in the fundamental equipment and programming stages. It is almost used in every sector of life around us and has sensitive information in it. So to secure smart cards has become a foremost priority of developers. This article will provide defense mechanism to protect this smart tokens on communication and physical layer from hackers and attackers.
  • 4. PRANAY SABLE (15870284) 3 Introduction- What are Proximity smart cards? A smart card can be defined by its very basic component like integrated circuit which is a microcontroller which can store any kind of data in its RAM. Smart card system has a reader and token and a background system. The system is connected to a card reader which can authenticate a token or card when presented, a system can be a personal computer or a web browser which uses Secure Socket Layers to secure online transactions. A smart card can have 8KB to 256KB of programmable Random Access Memory with 16-bit of the microprocessor on it. The most common application where smart cards used are: Wireless Communication(RFID) Money Tractions Door security system Loyalty cards Dish TV Logistics Smart cards can be classified into 1) Contact Cards- These are the cards which need to make physical contact with the reader to establish a connection,and 2) Contactless Cards- These uses wireless communication channels to establish connection between reader and token.
  • 5. PRANAY SABLE (15870284) 4 Need for Security Smart cards are commonly thought to be tamper resistant, which implies that the expected usefulness and information held inside such a gadget should not be undermined by altering. Smart cards additionally offer a choice of security systems that could, for instance, be utilized to actualize verification or guarantee information privacy. Smart cards are in this manner utilized as a part of frameworks that give security administrations. While a ''safe and trusted'' token alone is insufficient to ensure security inside a framework. A creator joining smart cards into a framework ought to consider both attacks that apply to the security of the physical smart card token and the system as an entirety(Markantonakis, Tunstall, Hancke, Askoxylakis, & Mayes, 2009). This article gives a brief outline of most common attacks on a smart card, furthermore looks at the defense mechanism for each attack. The outline of this report is to have an understanding of most common attacks on the smart cards security system and their verified countermeasures in real life. Furthermore in discussion two types of core attacks and their countermeasures are presented with the outlined conclusion.
  • 6. PRANAY SABLE (15870284) 5 Literature Review- To deal with my research topic I have gone through different papers which are related to security of smart cards and have researched various websites and blogs written by researchers. Following are a synopsis of literature used to create this research report. P a p e r S u m m a r y S e c u r i t y o f p r o x i m i t y i d e n t i f i c a t i o n s ys t e m s ( G e r h a r d P H a n c k e , 2 0 0 8 ) A s d i s c u s s e d b y ( G e r h a r d P H a n c k e , 2 0 0 8 ) i n h i s r e p o r t h a v e s u m m a r i z e d r e l a y a t t a c k s a n d d i s t a n c e b o u n d i n g p r o t o c o l s . C o n f i d e n c e i n s m a r t t o k e n p r o x i m i t y: R e l a y a t t a c k s r e v i s i t e d ( G . P . H a n c k e , M a ye s , & M a r k a n t o n a k i s , 2 0 0 9 ) ( G . P . H a n c k e e t a l . , 2 0 0 9 ) m e n t i o n e d d e t a i l e d s t u d y a n d i m p l e m e n t a t i o n o f r e l a y a t t a c k s a n d i t s c o u n t e r m e a s u r e s P r e v e n t i n g r e a l - w o r l d r e l a y a t t a c k s o n c o n t a c t l e s s d e v i c e ( H e n z l , H a n a c e k , & K a c i c , 2 0 1 4 ) T h e a u t h o r ( H e n z l e t a l . , 2 0 1 4 ) m e n t i o n e d t h e r e l a y a t t a c k s o n c o n t a c t l e s s o r N e a r - f i e l d c o m m u n i c a t i o n ( N F C ) . S m a r t c a r d a p p l i c a t i o n s a n d s e c u r i t y( L e n g , 2 0 0 9 ) ( Le n g , 2 0 0 9 ) h a v e b r i e f l y p r o p o s e d e v e r y a t t a c k s c e n a r i o o n s m a r t c a r d s s u c h a s s i d e c h a n n e l a t t a c k s , e a v e s d r o p p i n g , a n d p h ys i c a l a t t a c k s
  • 7. PRANAY SABLE (15870284) 6 R F ID N o i s y R e a d e r H o w t o P r e v e n t f r o m E a v e s d r o p p i n g o n t h e C o m m u n i c a t i o n ? ( S a v r y, P e b a y- P e yr o u l a , D e h m a s , R o b e r t , & R e v e r d y, 2 0 0 7 ) O n t h e b a s i s o f a d e v i c e n a m e d n o i s y r e a d e r ( S a v r y e t a l . , 2 0 0 7 ) h a v e i n t r o d u c e d a d e f e n s e w e a p o n a g a i n s t E a v e s d r o p p i n g . S o l u t i o n s f o r R F I D S m a r t T a g g e d C a r d S e c u r i t y V u l n e r a b i l i t i e s ( W i l l i a m s o n , T s a y, K a t e e b , & B u r t o n , 2 0 1 3 ) ( W i l l i a m s o n e t a l . , 2 0 1 3 ) h a v e p r o p o s e d s o l u t i o n s f o r R F ID t a g s i n b i o m e d i c a l f i e l d t h r o u g h t h e a d d i t i o n o f t w o s e c u r i t y l a ye r s i n t h e c o m m u n i c a t i o n c h a n n e l R a n d o m i z e d e x e c u t i o n a l g o r i t h m s f o r s m a r t c a r d s t o r e s i s t p o w e r a n a l ys i s a t t a c k s ( Z h a n g , Li a o , Q i u , H u , & S h a , 2 0 1 2 ) I n t h i s p a p e r , i t i s d i s c u s s e d 3 - b i t a l g o r i t h m t e c h n i q u e s f o r s e c u r i t y a g a i n s t p o w e r a n a l ys i s a t t a c k s . S m a r t C a r d s , T o k e n s , S e c u r i t y a n d A p p l i c a t i o n ( M a r k a n t o n a k i s , 2 0 0 7 ) T h i s b o o k h a s p r o v i d e d a b r o a d e r v i e w o f m a n y c a r d s s ys t e m a n d p r a c t i c a l s e c u r i t y m e t h o d s u s e d . R F ID s ys t e m s : A s u r v e y o n s e c u r i t y t h r e a t s a n d p r o p o s e d s o l u t i o n s ( P e r i s - Lo p e z , H e r n a n d e z - C a s t r o , E s t e v e z - T a p i a d o r , & R i b a g o r d a , 2 0 0 6 ) ( P e r i s - Lo p e z e t a l . , 2 0 0 6 ) p r e s e n t e d t h r e a t s t o R F ID s e c u r i t y s ys t e m a n d p r o t e c t i n g p r i v a c y t h r o u g h F a r a d a y c a g e a n d b l o c k e r t a g s .
  • 8. PRANAY SABLE (15870284) 7 Discussion Side-channel attacks and countermeasures A side-channel attack(Kocher,1996) comprises in observing unintended impacts of the calculation and recovering valuable data from these impacts. There are numerous such impacts, including the timing of the calculation, the information traded on the I/O channels, the power utilization, or some other impact of the calculation. Such attacks are considered as non- obtrusive, on the grounds that they are performed on a working smart card chip, and they, as a rule, don't require the tampering of the card. 1. Timing Analysis Attacks These are the most common types of side-channel attacks. To carry out this attack the attacker must have power system knowledge. By studying the power utilization of smart card one can tell what type of information is the card possessing within a microchip. Under power attacks, there are mainly 2 types of attacks which are described below. Simple power Analysis: -A powerful form of power analysis is to search for patterns within the acquired power consumption. An attacker can attempt to determine the location of individual functions within a command. For example, Fig. 2 shows the power consumption of a smart card during the execution of RSA, looking closely at the acquired power consumption, a series of events can be seen. There are two types of the event at two different power consumption levels, with a short dip in the power consumption between each event. This corresponds well to the square and multiply calculations used in RSA algorithm (Mayes and Markantonakis, 2008).
  • 9. PRANAY SABLE (15870284) 8 Figure 2. Power consumption of an RSA implementation(Markantonakis, 2007) Differential power analysis- Differential Power Analysis (DPA) actually treats the consequences of power examination. The estimations are rehashed ordinarily so that the impacts of noise can be dispensed with by taking normal qualities. The differences are once the estimations have been finished, which can uncover even better contrasts in the current utilization of a microcontroller than basic force investigation. With the DPA procedure, the current utilization is initially measured while the microcontroller is handling known information, and afterward again while it is handling unknown information(Leng, 2009; Markantonakis et al., 2009). Time analysis attacks Countermeasures As suggested by (Leng, 2009)the least difficult equipment arrangement is to consolidate a quick acting voltage controller in the chip screens and guarantees that the power utilization is autonomous of the guidelines and information. The counterfeit noise current generators on the chip are likewise a successful arrangement. Another arrangement is to utilize a changed processor plan that dependably draws a steady current. Nevertheless, these methodologies will marginally expand the power utilization, which is undesirable in applications, for example, telecommunication. As an option, some more straightforward guard utilizing haphazardly produced delays (arbitrary holding up time) in the processor extensively builds the trouble of
  • 10. PRANAY SABLE (15870284) 9 synchronization between the information and current, without expanding the chip's present utilization. A comparable methodology is that microcontrollers have their own on-chip clock generators, by consistently and randomly fluctuating the clock frequency inside certain breaking points. There is three software defense mechanism suggested by(Zhang et al., 2012) as follows Dummy Instructions Random Insertion (DIRI), Simple Randomized Execution(SRE), Advanced Randomized Execution with Independent Dummy Instructions(AREIDI) which shows significant results to protect smart cards from hackers. 2. Relay Attacks Relay attacks are basically carried out on the physical layer of the communication channel. In these case, the raider or attacker needs to have two hardware devices that are a reader and the token. The attacker sets up communication medium called as relay channel between its devices (reader and token). Now the attackers reader will send signals to legitimate token while the proxy token is situated near the reader. As the reader will transmit info to the proxy token which is indeed relayed back to the proxy reader. This proxy reader will send received signal information to token who will consider this reader as legitimate and responds, this response is conveyed back to the proxy token which will now acts exactly as the cloned token and transmit information to the real reader who misinterprets this cloned token as real and gives temporary access to the attacker(Gerhard P Hancke, 2008). Basically, there are two types of relay attacks. 1)Passive attack and 2) Passive attacks. The hacker never needs to know the plaintext information or the key K length of he and his assistant can keep transferring the particular messages between the reader and the real token. It does along these lines not make any difference if the information is encoded utilizing the Advanced Encryption Standard AES with a 256-bit key, or a powerless restrictive figure with a 32-bit key as the resultant ciphertext of either can be transferred simply. The achievement of
  • 11. PRANAY SABLE (15870284) 10 the hacker is in this manner free of the application layer convention and encryption calculation utilized and subsequently application layer cryptographic systems are incapable at forestalling hand-off attack(G. P. Hancke et al., 2009). So this suggests that even if there is a secret key with the authenticating user it is not of any use as the hacker can any time be able to easily intercept the messages and can have a virtually cloned token. Security measures for relay attacks- There are many possible ways to been suggested to protect contactless system through the relay attack. a) Timing Constraints- The attacker's equipment needs time to transfer information between the reader and token and the attacker's reaction is along these lines deferred when contrasted with a genuine response. Executing time-outs would in this way have all the earmarks of being an achievable answer for keeping an attacker's "late" reaction from being acknowledged. Timing limitations are already defined for communication in the ISO 14443 standard furthermore, reader frequently has the ability to likewise actualize a period out on the token's response. The timing imperatives in the norms, be that as it may, are infrequently upheld in reader we watched. Setting a period out of reaction information is likewise not a powerful countermeasure as the postponement presented by the transfer equipment is substantially less than the run of the mill time-out qualities. Setting timeouts that would recognize such a little postpone is not useful either in light of the fact that the variety in the time taken by the token to produce a reaction is prone to be bigger than the time-out and real reactions would be a danger of being rejected. (G. P. Hancke et al., 2009). To time-outs measurements can more accurately be studied
  • 12. PRANAY SABLE (15870284) 11 by observing the signal response of reader in an oscilloscope or by the proprietary reader. b) Distance bounding Protocols. Separation bounding conventions decide an upper limit for the physical separation between two conveying parties taking into account the Round-Trip-Time (R- T-T) of cryptographic test reaction sets. The of the test reaction sets is particularly intended to take into consideration an exact time estimation, e.g. picking up a response that takes an anticipated or steady time to compute. To accomplish an exact and trusted distance bound the convention should be keep running over a special correspondence channel since it has been demonstrated that routine channels present timing vulnerability that can dark the deferral presented by a relay attack. There are various protocols suggested for distance bounding, Brands and Chaum (1993) were the first to describe distance-bonding protocol since then many protocols have been suggested. Distance jumping would consequently require adjusted tokens and readers, which would expand the aggregate framework cost. Distance bounding has been for all intents and purposes executed in a contact framework yet appropriate contactless channels are still a work in advancement, with current recommendations raising security, on the other hand, is a concern (G. P. Hancke et al., 2009). 3. Eavesdropping An Eavesdropping attack happens when an attacker can recapture the information sent amid an exchange between a true reader and a token, which requires the hacker to set up in the region of a likely target. The attacker needs to catch the transmitted signs utilizing appropriate RF hardware before recuperating and putting away the information of interest. The level of
  • 13. PRANAY SABLE (15870284) 12 accomplishment that the attacker will accomplish relies on upon the assets accessible to him. An aggressor with costly, particular RF estimation gear will have the capacity to listen in from further away than an attacker with a modest, home-made framework. The hacker is still a practical danger in any case. A pioneering attacker could recuperate the credit card subtle elements of the individual standing in front and that he had a small versatile framework that could listen in at 50 cm. On the other hand, if the aggressor can effectively listen in the correspondence from 10 m he could sit in a vehicle outside his nearby corner store and record every one of the truncation held inside. This attack can also happen when the card is not used and the hacker can trigger the smart card secretly without the holder being unaware of it. An attacker may dont have access to the sensitive but it may know. Defence Mechanism for Eavesdropping attacks- In Eavesdropping, an attacker interprets the data transferred between the token and reader so any system that can secure the information will be the best solution for this kind of attack. There is various solution proposed as an idea of using shared secret key or makes the channel more impervious to listening in. (Wyner, 1975)came with a solution of additive noise in the communication channel The concept works as follows when a sender sends data over a communication channel he adds two types of noise N(t) and N (t) (with a condition that(N(t)<< N(t)), so data send will be y(t)=N(t)+N(t)+i(t) but at the receivers end he will get y(t)=N(t)+i(t) and the attacker will have Z(t)=N(t)+I(t), this concept is called as wiretapping. But it has a problem in it, there is theoretical no evidence of that the noise level should be sufficient. (Savry et al., 2007) came up with a solution for the above-stated problem they developed a Noisy reader. As this is a very vast concept will just give the principle of
  • 14. PRANAY SABLE (15870284) 13 this device. The rule of the noisy reader. To begin with, the reader creates a loud flag and emanates it through its receiving wire amid the time of the legitimate answer. So the reader or a hacker in the loop will see a signal with noise where the legitimate message is covered up. As the reader knows the commotion it radiated, it can subtract it from the message it got to recover the legitimate message. This is done by including these noisy generator object that can generate analogy noise in the ISO 14443 protocol in the physical communication layer without any modification in ISO 14443 standard of RFID reader. One or Two-factor authentication in Eavesdropping attack- In payment system using smart cards, this defence mechanism is introduced. Whenever you present your bank credit card or smart card it then asks you for your pin number and then only proceeds further with the transaction. But nowadays there is a new concept called pay-wave in which just you present your card and everything is done sounds easy. But think if your card gets stolen and no means to authenticate the person who is using it and until you block your card the damage is already done. While installing a door access system with access cards there should be a provision to authenticate like a pin or biometric verification such to make your system more secure from eavesdropping. Above we discussed some attacks and their countermeasures which are on the communication layer of the smart card system now lets explore hardware layer of the system. Hardware attack and its Countermeasures Invasion attacks are the attacks that require the microchip in a smart card to be evacuated and specifically altered and tampered physically. This class of attacks can, at any rate in the hypothesis, trade off any security measure of any microchip. Be that as it may, these attacks
  • 15. PRANAY SABLE (15870284) 14 commonly require exceptionally costly hardware, awesome mastery and a vast interest in time to deliver results. Prying attacks are along these lines considered to be essentially in the domain of semiconductor makers furthermore, specializes in very much supported labs(Leng, 2009). Another strategy for physically attacking a chip is to put a test on bus lines so that qualities being sent over the transport can be seen on an oscilloscope. The noticeable data could incorporate cryptographic keys and/or the working framework present in ROM. The study of these attacks is beyond this article but for detailed information can refer (Anderson and Kuhn,1996) and (Kommerling and Kuhn,1999). Countermeasures for hardware attacks- Design- The incorporated circuit configuration can incorporate such countermeasures as glue logic, obfuscated logic and covered buses which make figuring out harder. Non-unpredictable memory, buses can be mixed to anticipate reverse engineering of uploaded programming, or chip plan strategies, through examining. Figure2 - Secure and Insured chips(Markantonakis, 2007)
  • 16. PRANAY SABLE (15870284) 15 Anomaly Detectors: (Markantonakis et al., 2009) suggested this defense mechanism that there are normally diverse sorts of peculiarity detectors present in a smart card. These are utilized to identify irregular environmental conditions, for example, a disturbance in the voltage or clock supplied to the card. A smart card will regularly reset or execute an infinite circle until the irregular condition is evacuated.
  • 17. PRANAY SABLE (15870284) 16 Conclusion- Smart cards are seen as a decent method for including a ''trusted equipment token'' that offers extra security administrations. The usage of secure applications on smart cards is diverse to advancement in different stages as it requires learning of both the abilities of various smart card items and conceivable attacker techniques focusing on these cards. Picking a smart card item that is viewed as powerless, based on legacy innovations or is (by and large) insufficient for designed framework, or neglecting to plan the framework to take into account any conceivable constraints in smart card innovation could present vulnerabilities that could be abused, as is obvious from the genuine attackers portrayed previously. There are various ways to an attacker can attack a system smart card alone cannot assure the full security of the system in many cases. For example, an intruder can physically damage the reader and can gain access. This means that there is a need to look beyond smart token or card and revise the rules regulation and policies for a security system. With every new security design developed every movement, an attacker or hacker is always ready to challenge, so the changes and development in the security system should be constant that is the rule of life if you want to survive in this constantly challenging world the security system should be in its evolving mode always.
  • 18. PRANAY SABLE (15870284) 17 References Hancke, G. P. (2008). Security of proximity identification systems. University of Cambridge. Hancke, G. P., Mayes, K. E., & Markantonakis, K. (2009). Confidence in smart token proximity: Relay attacks revisited. Computers & Security, 28(7), 615-627. doi:10.1016/j.cose.2009.06.001 Henzl, M., Hanacek, P., & Kacic, M. (2014). Preventing real-world relay attacks on contactless devices. Paper presented at the Security Technology (ICCST), 2014 International Carnahan Conference on. Leng, X. (2009). Smart card applications and security. Information Security Technical Report, 14(2), 36-45. doi:10.1016/j.istr.2009.06.006 Markantonakis, K. (2007). Smart cards, tokens, security and applications: Springer Science & Business Media. Markantonakis, K., Tunstall, M., Hancke, G., Askoxylakis, I., & Mayes, K. (2009). Attacking smart card systems: Theory and practice. Information Security Technical Report, 14(2), 46-56. doi:10.1016/j.istr.2009.06.001 Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). RFID systems: A survey on security threats and proposed solutions. Paper presented at the Personal wireless communications. Savry, O., Pebay-Peyroula, F., Dehmas, F., Robert, G., & Reverdy, J. (2007). RFID Noisy Reader How to Prevent from Eavesdropping on the Communication? Cryptographic Hardware and Embedded Systems-CHES 2007, 334-345. Williamson, A., Tsay, L.-S., Kateeb, I. A., & Burton, L. (2013). Solutions for RFID Smart Tagged Card Security Vulnerabilities. AASRI Procedia, 4, 282-287. doi:10.1016/j.aasri.2013.10.042 Wyner, A. D. (1975). The wire-tap channel. Bell System Technical Journal, The, 54(8), 1355-1387. Zhang, D., Liao, X., Qiu, M., Hu, J., & Sha, E. H. M. (2012). Randomized execution algorithms for smart cards to resist power analysis attacks. Journal of Systems Architecture, 58(10), 426-438. doi:10.1016/j.sysarc.2012.08.004
AboutCopyright
息 2025 際際滷