SlideShare a Scribd company logo

IS Report 3

Pranay Sable
Pranay Sable
1 of 18
Download to read offline
Student Name – Pranay Sable Student ID- 15870284 Lecturer Name- David Airehrour COMP821 INFORMATION SECURITY Securing Proximity Smart Cards
PRANAY SABLE (15870284) 1 Contents Report Synopsis......................................................................................................................................2 Introduction............................................................................................................................................3 Literature Review-..................................................................................................................................5 Discussion...............................................................................................................................................7 Side-channel attacks and countermeasures.......................................................................................7 1. Timing Analysis Attacks.........................................................................................................7 2. Relay Attacks...........................................................................................................................9 3. Eavesdropping.......................................................................................................................11 Hardware attack and its Countermeasures......................................................................................13 Invasion attacks.............................................................................................................................13 Conclusion- ...........................................................................................................................................16 References............................................................................................................................................17
PRANAY SABLE (15870284) 2 Report Synopsis Smartcard Technology has developed throughout the most recent couple of years taking after striking enhancements in the fundamental equipment and programming stages. It is almost used in every sector of life around us and has sensitive information in it. So to secure smart cards has become a foremost priority of developers. This article will provide defense mechanism to protect this smart tokens on communication and physical layer from hackers and attackers.
PRANAY SABLE (15870284) 3 Introduction- What are Proximity smart cards? A smart card can be defined by its very basic component like integrated circuit which is a microcontroller which can store any kind of data in its RAM. Smart card system has a reader and token and a background system. The system is connected to a card reader which can authenticate a token or card when presented, a system can be a personal computer or a web browser which uses Secure Socket Layers to secure online transactions. A smart card can have 8KB to 256KB of programmable Random Access Memory with 16-bit of the microprocessor on it. The most common application where smart cards used are:  Wireless Communication(RFID)  Money Tractions  Door security system  Loyalty cards  Dish TV  Logistics Smart cards can be classified into 1) Contact Cards- These are the cards which need to make physical contact with the reader to establish a connection,and 2) Contactless Cards- These uses wireless communication channels to establish connection between reader and token.
PRANAY SABLE (15870284) 4 Need for Security Smart cards are commonly thought to be tamper resistant, which implies that the expected usefulness and information held inside such a gadget should not be undermined by altering. Smart cards additionally offer a choice of security systems that could, for instance, be utilized to actualize verification or guarantee information privacy. Smart cards are in this manner utilized as a part of frameworks that give security administrations. While a ''safe and trusted'' token alone is insufficient to ensure security inside a framework. A creator joining smart cards into a framework ought to consider both attacks that apply to the security of the physical smart card token and the system as an entirety(Markantonakis, Tunstall, Hancke, Askoxylakis, & Mayes, 2009). This article gives a brief outline of most common attacks on a smart card, furthermore looks at the defense mechanism for each attack. The outline of this report is to have an understanding of most common attacks on the smart cards security system and their verified countermeasures in real life. Furthermore in discussion two types of core attacks and their countermeasures are presented with the outlined conclusion.
PRANAY SABLE (15870284) 5 Literature Review- To deal with my research topic I have gone through different papers which are related to security of smart cards and have researched various websites and blogs written by researchers. Following are a synopsis of literature used to create this research report. P a p e r S u m m a r y S e c u r i t y o f p r o x i m i t y i d e n t i f i c a t i o n s ys t e m s ( G e r h a r d P H a n c k e , 2 0 0 8 ) A s d i s c u s s e d b y ( G e r h a r d P H a n c k e , 2 0 0 8 ) i n h i s r e p o r t h a v e s u m m a r i z e d r e l a y a t t a c k s a n d d i s t a n c e b o u n d i n g p r o t o c o l s . C o n f i d e n c e i n s m a r t t o k e n p r o x i m i t y: R e l a y a t t a c k s r e v i s i t e d ( G . P . H a n c k e , M a ye s , & M a r k a n t o n a k i s , 2 0 0 9 ) ( G . P . H a n c k e e t a l . , 2 0 0 9 ) m e n t i o n e d d e t a i l e d s t u d y a n d i m p l e m e n t a t i o n o f r e l a y a t t a c k s a n d i t s c o u n t e r m e a s u r e s P r e v e n t i n g r e a l - w o r l d r e l a y a t t a c k s o n c o n t a c t l e s s d e v i c e ( H e n z l , H a n a c e k , & K a c i c , 2 0 1 4 ) T h e a u t h o r ( H e n z l e t a l . , 2 0 1 4 ) m e n t i o n e d t h e r e l a y a t t a c k s o n c o n t a c t l e s s o r N e a r - f i e l d c o m m u n i c a t i o n ( N F C ) . S m a r t c a r d a p p l i c a t i o n s a n d s e c u r i t y( L e n g , 2 0 0 9 ) ( Le n g , 2 0 0 9 ) h a v e b r i e f l y p r o p o s e d e v e r y a t t a c k s c e n a r i o o n s m a r t c a r d s s u c h a s s i d e c h a n n e l a t t a c k s , e a v e s d r o p p i n g , a n d p h ys i c a l a t t a c k s
PRANAY SABLE (15870284) 6 R F ID N o i s y R e a d e r H o w t o P r e v e n t f r o m E a v e s d r o p p i n g o n t h e C o m m u n i c a t i o n ? ( S a v r y, P e b a y- P e yr o u l a , D e h m a s , R o b e r t , & R e v e r d y, 2 0 0 7 ) O n t h e b a s i s o f a d e v i c e n a m e d n o i s y r e a d e r ( S a v r y e t a l . , 2 0 0 7 ) h a v e i n t r o d u c e d a d e f e n s e w e a p o n a g a i n s t E a v e s d r o p p i n g . “ S o l u t i o n s f o r R F I D S m a r t T a g g e d C a r d S e c u r i t y V u l n e r a b i l i t i e s ” ( W i l l i a m s o n , T s a y, K a t e e b , & B u r t o n ” , 2 0 1 3 ) ( W i l l i a m s o n e t a l . , 2 0 1 3 ) h a v e p r o p o s e d s o l u t i o n s f o r R F ID t a g s i n b i o m e d i c a l f i e l d t h r o u g h t h e a d d i t i o n o f t w o s e c u r i t y l a ye r s i n t h e c o m m u n i c a t i o n c h a n n e l R a n d o m i z e d e x e c u t i o n a l g o r i t h m s f o r s m a r t c a r d s t o r e s i s t p o w e r a n a l ys i s a t t a c k s ( Z h a n g , Li a o , Q i u , H u , & S h a , 2 0 1 2 ) I n t h i s p a p e r , i t i s d i s c u s s e d 3 - b i t a l g o r i t h m t e c h n i q u e s f o r s e c u r i t y a g a i n s t p o w e r a n a l ys i s a t t a c k s . S m a r t C a r d s , T o k e n s , S e c u r i t y a n d A p p l i c a t i o n ( M a r k a n t o n a k i s , 2 0 0 7 ) T h i s b o o k h a s p r o v i d e d a b r o a d e r v i e w o f m a n y c a r d s s ys t e m a n d p r a c t i c a l s e c u r i t y m e t h o d s u s e d . R F ID s ys t e m s : A s u r v e y o n s e c u r i t y t h r e a t s a n d p r o p o s e d s o l u t i o n s ( P e r i s - Lo p e z , H e r n a n d e z - C a s t r o , E s t e v e z - T a p i a d o r , & R i b a g o r d a , 2 0 0 6 ) ( P e r i s - Lo p e z e t a l . , 2 0 0 6 ) p r e s e n t e d t h r e a t s t o R F ID s e c u r i t y s ys t e m a n d p r o t e c t i n g p r i v a c y t h r o u g h F a r a d a y c a g e a n d b l o c k e r t a g s .
PRANAY SABLE (15870284) 7 Discussion Side-channel attacks and countermeasures A side-channel attack(Kocher,1996) comprises in observing unintended impacts of the calculation and recovering valuable data from these impacts. There are numerous such impacts, including the timing of the calculation, the information traded on the I/O channels, the power utilization, or some other impact of the calculation. Such attacks are considered as non- obtrusive, on the grounds that they are performed on a working smart card chip, and they, as a rule, don't require the tampering of the card. 1. Timing Analysis Attacks These are the most common types of side-channel attacks. To carry out this attack the attacker must have power system knowledge. By studying the power utilization of smart card one can tell what type of information is the card possessing within a microchip. Under power attacks, there are mainly 2 types of attacks which are described below. Simple power Analysis: -A powerful form of power analysis is to search for patterns within the acquired power consumption. An attacker can attempt to determine the location of individual functions within a command. For example, Fig. 2 shows the power consumption of a smart card during the execution of RSA, looking closely at the acquired power consumption, a series of events can be seen. There are two types of the event at two different power consumption levels, with a short dip in the power consumption between each event. This corresponds well to the square and multiply calculations used in RSA algorithm (Mayes and Markantonakis, 2008).
PRANAY SABLE (15870284) 8 Figure 2. Power consumption of an RSA implementation(Markantonakis, 2007) Differential power analysis- Differential Power Analysis (DPA) actually treats the consequences of power examination. The estimations are rehashed ordinarily so that the impacts of noise can be dispensed with by taking normal qualities. The differences are once the estimations have been finished, which can uncover even better contrasts in the current utilization of a microcontroller than basic force investigation. With the DPA procedure, the current utilization is initially measured while the microcontroller is handling known information, and afterward again while it is handling unknown information(Leng, 2009; Markantonakis et al., 2009). Time analysis attacks Countermeasures As suggested by (Leng, 2009)the least difficult equipment arrangement is to consolidate a quick acting voltage controller in the chip screens and guarantees that the power utilization is autonomous of the guidelines and information. The counterfeit noise current generators on the chip are likewise a successful arrangement. Another arrangement is to utilize a changed processor plan that dependably draws a steady current. Nevertheless, these methodologies will marginally expand the power utilization, which is undesirable in applications, for example, telecommunication. As an option, some more straightforward guard utilizing haphazardly produced delays (arbitrary holding up time) in the processor extensively builds the trouble of
PRANAY SABLE (15870284) 9 synchronization between the information and current, without expanding the chip's present utilization. A comparable methodology is that microcontrollers have their own on-chip clock generators, by consistently and randomly fluctuating the clock frequency inside certain breaking points. There is three software defense mechanism suggested by(Zhang et al., 2012) as follows “Dummy Instructions Random Insertion (DIRI), Simple Randomized Execution(SRE), Advanced Randomized Execution with Independent Dummy Instructions(AREIDI)” which shows significant results to protect smart cards from hackers. 2. Relay Attacks Relay attacks are basically carried out on the physical layer of the communication channel. In these case, the raider or attacker needs to have two hardware devices that are a reader and the token. The attacker sets up communication medium called as relay channel between its devices (reader and token). Now the attacker’s reader will send signals to legitimate token while the proxy token is situated near the reader. As the reader will transmit info to the proxy token which is indeed relayed back to the proxy reader. This proxy reader will send received signal information to token who will consider this reader as legitimate and responds, this response is conveyed back to the proxy token which will now acts exactly as the cloned token and transmit information to the real reader who misinterprets this cloned token as real and gives temporary access to the attacker(Gerhard P Hancke, 2008). Basically, there are two types of relay attacks. 1)Passive attack and 2) Passive attacks. The hacker never needs to know the plaintext information or the key K length of he and his assistant can keep transferring the particular messages between the reader and the real token. It does along these lines not make any difference if the information is encoded utilizing the Advanced Encryption Standard AES with a 256-bit key, or a powerless restrictive figure with a 32-bit key as the resultant ciphertext of either can be transferred simply. The achievement of
PRANAY SABLE (15870284) 10 the hacker is in this manner free of the application layer convention and encryption calculation utilized and subsequently application layer cryptographic systems are incapable at forestalling hand-off attack(G. P. Hancke et al., 2009). So this suggests that even if there is a secret key with the authenticating user it is not of any use as the hacker can any time be able to easily intercept the messages and can have a virtually cloned token. Security measures for relay attacks- There are many possible ways to been suggested to protect contactless system through the relay attack. a) Timing Constraints- The attacker's equipment needs time to transfer information between the reader and token and the attacker's reaction is along these lines deferred when contrasted with a genuine response. Executing time-outs would in this way have all the earmarks of being an achievable answer for keeping an attacker's "late" reaction from being acknowledged. Timing limitations are already defined for communication in the ISO 14443 standard furthermore, reader frequently has the ability to likewise actualize a period out on the token's response. The timing imperatives in the norms, be that as it may, are infrequently upheld in reader we watched. Setting a period out of reaction information is likewise not a powerful countermeasure as the postponement presented by the transfer equipment is substantially less than the run of the mill time-out qualities. Setting timeouts that would recognize such a little postpone is not useful either in light of the fact that the variety in the time taken by the token to produce a reaction is prone to be bigger than the time-out and real reactions would be a danger of being rejected. (G. P. Hancke et al., 2009). To time-outs measurements can more accurately be studied
PRANAY SABLE (15870284) 11 by observing the signal response of reader in an oscilloscope or by the proprietary reader. b) Distance bounding Protocols. Separation bounding conventions decide an upper limit for the physical separation between two conveying parties taking into account the Round-Trip-Time (R- T-T) of cryptographic test reaction sets. The of the test reaction sets is particularly intended to take into consideration an exact time estimation, e.g. picking up a response that takes an anticipated or steady time to compute. To accomplish an exact and trusted distance bound the convention should be keep running over a special correspondence channel since it has been demonstrated that routine channels present timing vulnerability that can dark the deferral presented by a relay attack. There are various protocols suggested for distance bounding, Brands and Chaum (1993) were the first to describe distance-bonding protocol since then many protocols have been suggested. Distance jumping would consequently require adjusted tokens and readers, which would expand the aggregate framework cost. Distance bounding has been for all intents and purposes executed in a contact framework yet appropriate contactless channels are still a work in advancement, with current recommendations raising security, on the other hand, is a concern (G. P. Hancke et al., 2009). 3. Eavesdropping An Eavesdropping attack happens when an attacker can recapture the information sent amid an exchange between a true reader and a token, which requires the hacker to set up in the region of a likely target. The attacker needs to catch the transmitted signs utilizing appropriate RF hardware before recuperating and putting away the information of interest. The level of
PRANAY SABLE (15870284) 12 accomplishment that the attacker will accomplish relies on upon the assets accessible to him. An aggressor with costly, particular RF estimation gear will have the capacity to listen in from further away than an attacker with a modest, home-made framework. The hacker is still a practical danger in any case. A pioneering attacker could recuperate the credit card subtle elements of the individual standing in front and that he had a small versatile framework that could listen in at 50 cm. On the other hand, if the aggressor can effectively listen in the correspondence from 10 m he could sit in a vehicle outside his nearby corner store and record every one of the truncation held inside. This attack can also happen when the card is not used and the hacker can trigger the smart card secretly without the holder being unaware of it. An attacker may don’t have access to the sensitive but it may know. Defence Mechanism for Eavesdropping attacks- In Eavesdropping, an attacker interprets the data transferred between the token and reader so any system that can secure the information will be the best solution for this kind of attack. There is various solution proposed as an idea of using shared secret key or makes the channel more impervious to listening in. (Wyner, 1975)came with a solution of additive noise in the communication channel The concept works as follows when a sender sends data over a communication channel he adds two types of noise N’(t) and N” (t) (with a condition that(N’(t)<< N”(t)), so data send will be y(t)=N’(t)+N”(t)+i(t) but at the receivers end he will get y(t)=N’(t)+i(t) and the attacker will have Z(t)=N”(t)+I(t), this concept is called as wiretapping. But it has a problem in it, there is theoretical no evidence of that the noise level should be sufficient. (Savry et al., 2007) came up with a solution for the above-stated problem they developed a ‘Noisy reader’. As this is a very vast concept will just give the principle of
PRANAY SABLE (15870284) 13 this device. The rule of the noisy reader. To begin with, the reader creates a loud flag and emanates it through its receiving wire amid the time of the legitimate answer. So the reader or a hacker in the loop will see a signal with noise where the legitimate message is covered up. As the reader knows the commotion it radiated, it can subtract it from the message it got to recover the legitimate message. This is done by including these noisy generator object that can generate analogy noise in the ISO 14443 protocol in the physical communication layer without any modification in ISO 14443 standard of RFID reader. One or Two-factor authentication in Eavesdropping attack- In payment system using smart cards, this defence mechanism is introduced. Whenever you present your bank credit card or smart card it then asks you for your pin number and then only proceeds further with the transaction. But nowadays there is a new concept called ‘pay-wave’ in which just you present your card and everything is done sounds easy. But think if your card gets stolen and no means to authenticate the person who is using it and until you block your card the damage is already done. While installing a door access system with access cards there should be a provision to authenticate like a pin or biometric verification such to make your system more secure from eavesdropping. Above we discussed some attacks and their countermeasures which are on the communication layer of the smart card system now let’s explore hardware layer of the system. Hardware attack and its Countermeasures Invasion attacks are the attacks that require the microchip in a smart card to be evacuated and specifically altered and tampered physically. This class of attacks can, at any rate in the hypothesis, trade off any security measure of any microchip. Be that as it may, these attacks
PRANAY SABLE (15870284) 14 commonly require exceptionally costly hardware, awesome mastery and a vast interest in time to deliver results. Prying attacks are along these lines considered to be essentially in the domain of semiconductor makers furthermore, specializes in very much supported labs(Leng, 2009). Another strategy for physically attacking a chip is to put a test on bus lines so that qualities being sent over the transport can be seen on an oscilloscope. The noticeable data could incorporate cryptographic keys and/or the working framework present in ROM. The study of these attacks is beyond this article but for detailed information can refer (Anderson and Kuhn,1996) and (Kommerling and Kuhn,1999). Countermeasures for hardware attacks- Design- The incorporated circuit configuration can incorporate such countermeasures as glue logic, obfuscated logic and covered buses which make figuring out harder. Non-unpredictable memory, buses can be mixed to anticipate reverse engineering of uploaded programming, or chip plan strategies, through examining. Figure2 - Secure and Insured chips(Markantonakis, 2007)
PRANAY SABLE (15870284) 15 Anomaly Detectors: (Markantonakis et al., 2009) suggested this defense mechanism that there are normally diverse sorts of peculiarity detectors present in a smart card. These are utilized to identify irregular environmental conditions, for example, a disturbance in the voltage or clock supplied to the card. A smart card will regularly reset or execute an infinite circle until the irregular condition is evacuated.
PRANAY SABLE (15870284) 16 Conclusion- Smart cards are seen as a decent method for including a ''trusted equipment token'' that offers extra security administrations. The usage of secure applications on smart cards is diverse to advancement in different stages as it requires learning of both the abilities of various smart card items and conceivable attacker techniques focusing on these cards. Picking a smart card item that is viewed as powerless, based on legacy innovations or is (by and large) insufficient for designed framework, or neglecting to plan the framework to take into account any conceivable constraints in smart card innovation could present vulnerabilities that could be abused, as is obvious from the genuine attackers portrayed previously. There are various ways to an attacker can attack a system smart card alone cannot assure the full security of the system in many cases. For example, an intruder can physically damage the reader and can gain access. This means that there is a need to look beyond smart token or card and revise the rules regulation and policies for a security system. With every new security design developed every movement, an attacker or hacker is always ready to challenge, so the changes and development in the security system should be constant that is the rule of life if you want to survive in this constantly challenging world the security system should be in its evolving mode always.
PRANAY SABLE (15870284) 17 References Hancke, G. P. (2008). Security of proximity identification systems. University of Cambridge. Hancke, G. P., Mayes, K. E., & Markantonakis, K. (2009). Confidence in smart token proximity: Relay attacks revisited. Computers & Security, 28(7), 615-627. doi:10.1016/j.cose.2009.06.001 Henzl, M., Hanacek, P., & Kacic, M. (2014). Preventing real-world relay attacks on contactless devices. Paper presented at the Security Technology (ICCST), 2014 International Carnahan Conference on. Leng, X. (2009). Smart card applications and security. Information Security Technical Report, 14(2), 36-45. doi:10.1016/j.istr.2009.06.006 Markantonakis, K. (2007). Smart cards, tokens, security and applications: Springer Science & Business Media. Markantonakis, K., Tunstall, M., Hancke, G., Askoxylakis, I., & Mayes, K. (2009). Attacking smart card systems: Theory and practice. Information Security Technical Report, 14(2), 46-56. doi:10.1016/j.istr.2009.06.001 Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). RFID systems: A survey on security threats and proposed solutions. Paper presented at the Personal wireless communications. Savry, O., Pebay-Peyroula, F., Dehmas, F., Robert, G., & Reverdy, J. (2007). RFID Noisy Reader How to Prevent from Eavesdropping on the Communication? Cryptographic Hardware and Embedded Systems-CHES 2007, 334-345. Williamson, A., Tsay, L.-S., Kateeb, I. A., & Burton”, L. (2013). “Solutions for RFID Smart Tagged Card Security Vulnerabilities”. AASRI Procedia, 4, 282-287. doi:10.1016/j.aasri.2013.10.042 Wyner, A. D. (1975). The wire-tap channel. Bell System Technical Journal, The, 54(8), 1355-1387. Zhang, D., Liao, X., Qiu, M., Hu, J., & Sha, E. H. M. (2012). Randomized execution algorithms for smart cards to resist power analysis attacks. Journal of Systems Architecture, 58(10), 426-438. doi:10.1016/j.sysarc.2012.08.004

Recommended

portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-sStephen Kelleher
 
L4G_2015_BROCHURE
L4G_2015_BROCHUREL4G_2015_BROCHURE
L4G_2015_BROCHUREAndrew Grimstone
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA TrainingMohamed Tayfour
 
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Formnearnow
 
Passivhaus on a shoestring
Passivhaus on a shoestringPassivhaus on a shoestring
Passivhaus on a shoestringPaul Testa
 
Traditional Media Buying
Traditional Media BuyingTraditional Media Buying
Traditional Media BuyingThe Media Kitchen
 
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015The Media Kitchen
 

Recommended

portfolio2014_StK-s
portfolio2014_StK-sportfolio2014_StK-s
portfolio2014_StK-sStephen Kelleher
 
L4G_2015_BROCHURE
L4G_2015_BROCHUREL4G_2015_BROCHURE
L4G_2015_BROCHUREAndrew Grimstone
 
Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Elements of mechanical engineering (notes)
Elements of mechanical engineering (notes)Ahmad Sakib
 
4 IATA Training
4 IATA Training4 IATA Training
4 IATA TrainingMohamed Tayfour
 
Know How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application FormKnow How: Graduates & Research Placement Application Form
Know How: Graduates & Research Placement Application Formnearnow
 
Passivhaus on a shoestring
Passivhaus on a shoestringPassivhaus on a shoestring
Passivhaus on a shoestringPaul Testa
 
Traditional Media Buying
Traditional Media BuyingTraditional Media Buying
Traditional Media BuyingThe Media Kitchen
 
TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015TMK.edu Traditional Media Buying Presentation: August 2015
TMK.edu Traditional Media Buying Presentation: August 2015The Media Kitchen
 
Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotAerial Oy
 
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summaryfsikipa
 
Magenta 4.0
Magenta 4.0Magenta 4.0
Magenta 4.0Justin Hall-tipping
 
Reduced penalty for late filing of income tax
Reduced penalty for late filing of income taxReduced penalty for late filing of income tax
Reduced penalty for late filing of income taxE-startupindia
 
Waukegan west 1984
Waukegan west 1984Waukegan west 1984
Waukegan west 1984Dave Levine
 
Eyespeak E Learning Plan
Eyespeak E Learning PlanEyespeak E Learning Plan
Eyespeak E Learning PlanEyespeak Brasil
 
Interior Design Portfolio
Interior Design PortfolioInterior Design Portfolio
Interior Design PortfolioCassandra Ryan
 
Career and career management
Career and career managementCareer and career management
Career and career managementBindal Heena
 
Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983Dave Levine
 
Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?jvelie
 
GET - AR Timeline for Action
GET - AR Timeline for ActionGET - AR Timeline for Action
GET - AR Timeline for ActionMichael Wirscham
 
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesAltair
 
Portafolio Francisco Díaz Tazza
Portafolio Francisco Díaz TazzaPortafolio Francisco Díaz Tazza
Portafolio Francisco Díaz TazzaFranciscoDiazTazza
 
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%GoLeanSixSigma.com
 
Brad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_svBrad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_svBradArender
 
201411141821490731366001415969509
201411141821490731366001415969509201411141821490731366001415969509
201411141821490731366001415969509IMTS Institute
 
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarEfficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarMentor
 
GST Case Laws Digest
GST Case Laws DigestGST Case Laws Digest
GST Case Laws DigestTaxmann
 
Croosing
Croosing Croosing
Croosing Ronny Yakov
 
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...Johannes Bjerva
 
The Secret of the Legal Industry - Understand how they play Americans.pptx
The Secret of the Legal Industry - Understand how they play Americans.pptxThe Secret of the Legal Industry - Understand how they play Americans.pptx
The Secret of the Legal Industry - Understand how they play Americans.pptxSueBozgoz
 
Rigger and Signal Person
Rigger and Signal PersonRigger and Signal Person
Rigger and Signal PersonJason Wilson
 

More Related Content

What's hot

Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotAerial Oy
 
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summaryfsikipa
 
Reduced penalty for late filing of income tax
Reduced penalty for late filing of income taxReduced penalty for late filing of income tax
Reduced penalty for late filing of income taxE-startupindia
 
Waukegan west 1984
Waukegan west 1984Waukegan west 1984
Waukegan west 1984Dave Levine
 
Eyespeak E Learning Plan
Eyespeak E Learning PlanEyespeak E Learning Plan
Eyespeak E Learning PlanEyespeak Brasil
 
Interior Design Portfolio
Interior Design PortfolioInterior Design Portfolio
Interior Design PortfolioCassandra Ryan
 
Career and career management
Career and career managementCareer and career management
Career and career managementBindal Heena
 
Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983Dave Levine
 
Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?jvelie
 
GET - AR Timeline for Action
GET - AR Timeline for ActionGET - AR Timeline for Action
GET - AR Timeline for ActionMichael Wirscham
 
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesAltair
 
Portafolio Francisco Díaz Tazza
Portafolio Francisco Díaz TazzaPortafolio Francisco Díaz Tazza
Portafolio Francisco Díaz TazzaFranciscoDiazTazza
 
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%GoLeanSixSigma.com
 
Brad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_svBrad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_svBradArender
 
201411141821490731366001415969509
201411141821490731366001415969509201411141821490731366001415969509
201411141821490731366001415969509IMTS Institute
 
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarEfficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarMentor
 
GST Case Laws Digest
GST Case Laws DigestGST Case Laws Digest
GST Case Laws DigestTaxmann
 

What's hot (19)

Obstruction lights - Lentoestevalot
Obstruction lights - LentoestevalotObstruction lights - Lentoestevalot
Obstruction lights - Lentoestevalot
 
Active22 - Executive Summary
Active22 - Executive SummaryActive22 - Executive Summary
Active22 - Executive Summary
 
Magenta 4.0
Magenta 4.0Magenta 4.0
Magenta 4.0
 
Reduced penalty for late filing of income tax
Reduced penalty for late filing of income taxReduced penalty for late filing of income tax
Reduced penalty for late filing of income tax
 
Waukegan west 1984
Waukegan west 1984Waukegan west 1984
Waukegan west 1984
 
Eyespeak E Learning Plan
Eyespeak E Learning PlanEyespeak E Learning Plan
Eyespeak E Learning Plan
 
Interior Design Portfolio
Interior Design PortfolioInterior Design Portfolio
Interior Design Portfolio
 
Career and career management
Career and career managementCareer and career management
Career and career management
 
Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983Niles West v Glenbrook North 1983
Niles West v Glenbrook North 1983
 
Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?Immigration Compliance: How to keep the Government from knocking on the Door?
Immigration Compliance: How to keep the Government from knocking on the Door?
 
GET - AR Timeline for Action
GET - AR Timeline for ActionGET - AR Timeline for Action
GET - AR Timeline for Action
 
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury SmartphonesATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
ATC UK 2015: Enhancing Drop Testing Simulation for Luxury Smartphones
 
Portafolio Francisco Díaz Tazza
Portafolio Francisco Díaz TazzaPortafolio Francisco Díaz Tazza
Portafolio Francisco Díaz Tazza
 
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
PROJECT STORYBOARD: Increasing First Run Parts From 60% to 90%
 
Brad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_svBrad Arender 2019 portfolio_sv
Brad Arender 2019 portfolio_sv
 
201411141821490731366001415969509
201411141821490731366001415969509201411141821490731366001415969509
201411141821490731366001415969509
 
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminarEfficient needs assessment into effective curriculum planning - ADEPIS seminar
Efficient needs assessment into effective curriculum planning - ADEPIS seminar
 
GST Case Laws Digest
GST Case Laws DigestGST Case Laws Digest
GST Case Laws Digest
 
Croosing
Croosing Croosing
Croosing
 

Similar to IS Report 3

From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...Johannes Bjerva
 
The Secret of the Legal Industry - Understand how they play Americans.pptx
The Secret of the Legal Industry - Understand how they play Americans.pptxThe Secret of the Legal Industry - Understand how they play Americans.pptx
The Secret of the Legal Industry - Understand how they play Americans.pptxSueBozgoz
 
Rigger and Signal Person
Rigger and Signal PersonRigger and Signal Person
Rigger and Signal PersonJason Wilson
 
Suud Alwi CV September 29 2016
Suud Alwi CV September 29 2016Suud Alwi CV September 29 2016
Suud Alwi CV September 29 2016Su'ud Su'ud
 
Strategic Cartography: Identifying IL Intersections Across the Curriculum
Strategic Cartography: Identifying IL Intersections Across the CurriculumStrategic Cartography: Identifying IL Intersections Across the Curriculum
Strategic Cartography: Identifying IL Intersections Across the Curriculumchar booth
 
School Violence and student
School Violence and studentSchool Violence and student
School Violence and studentacastane
 
How Consumers use Digital Technology
How Consumers use Digital TechnologyHow Consumers use Digital Technology
How Consumers use Digital TechnologyHannah Frazer-Morris
 
Human Trafficking in Texas.pptx
Human Trafficking in Texas.pptxHuman Trafficking in Texas.pptx
Human Trafficking in Texas.pptxJoyDAlbano
 
military training
military trainingmilitary training
military trainingKelvin Xuna
 
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxScanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxkenjordan97598
 
H2 Administration Reduces the Behavioral Deformities in the Offspring in a Ma...
H2 Administration Reduces the Behavioral Deformities in the Offspring in a Ma...H2 Administration Reduces the Behavioral Deformities in the Offspring in a Ma...
H2 Administration Reduces the Behavioral Deformities in the Offspring in a Ma...FasTrax Solutions
 
Slideshare - LinkedIn - B2B (1).PPTX
Slideshare - LinkedIn - B2B (1).PPTXSlideshare - LinkedIn - B2B (1).PPTX
Slideshare - LinkedIn - B2B (1).PPTXSofiane Djemai
 
Ct2 sketching new
Ct2 sketching newCt2 sketching new
Ct2 sketching newDaphne Tan
 
이한나 (Hanna lee) -
이한나 (Hanna lee) -이한나 (Hanna lee) -
이한나 (Hanna lee) -Phil Longwell
 
PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATION
PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATIONPARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATION
PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATIONDr. Michael Agbaje
 
Org 536 effective business communications portfolio (f) copy
Org 536 effective business communications portfolio (f) copyOrg 536 effective business communications portfolio (f) copy
Org 536 effective business communications portfolio (f) copyYorkCSU
 

Similar to IS Report 3 (20)

From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
From Phonology to Syntax: Unsupervised Linguistic Typology at Different Level...
 
The Secret of the Legal Industry - Understand how they play Americans.pptx
The Secret of the Legal Industry - Understand how they play Americans.pptxThe Secret of the Legal Industry - Understand how they play Americans.pptx
The Secret of the Legal Industry - Understand how they play Americans.pptx
 
Rigger and Signal Person
Rigger and Signal PersonRigger and Signal Person
Rigger and Signal Person
 
Suud Alwi CV September 29 2016
Suud Alwi CV September 29 2016Suud Alwi CV September 29 2016
Suud Alwi CV September 29 2016
 
Strategic Cartography: Identifying IL Intersections Across the Curriculum
Strategic Cartography: Identifying IL Intersections Across the CurriculumStrategic Cartography: Identifying IL Intersections Across the Curriculum
Strategic Cartography: Identifying IL Intersections Across the Curriculum
 
Hidrocarburos
HidrocarburosHidrocarburos
Hidrocarburos
 
School Violence and student
School Violence and studentSchool Violence and student
School Violence and student
 
How Consumers use Digital Technology
How Consumers use Digital TechnologyHow Consumers use Digital Technology
How Consumers use Digital Technology
 
Training developers in user research af Søeren Vinther Færch, AAU
Training developers in user research af Søeren Vinther Færch, AAUTraining developers in user research af Søeren Vinther Færch, AAU
Training developers in user research af Søeren Vinther Færch, AAU
 
Transcripts and PC
Transcripts and PCTranscripts and PC
Transcripts and PC
 
Human Trafficking in Texas.pptx
Human Trafficking in Texas.pptxHuman Trafficking in Texas.pptx
Human Trafficking in Texas.pptx
 
military training
military trainingmilitary training
military training
 
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docxScanned by CamScannerG o o d w M P r e p a id r e n t.docx
Scanned by CamScannerG o o d w M P r e p a id r e n t.docx
 
MCCIA 014
MCCIA 014MCCIA 014
MCCIA 014
 
H2 Administration Reduces the Behavioral Deformities in the Offspring in a Ma...
H2 Administration Reduces the Behavioral Deformities in the Offspring in a Ma...H2 Administration Reduces the Behavioral Deformities in the Offspring in a Ma...
H2 Administration Reduces the Behavioral Deformities in the Offspring in a Ma...
 
Slideshare - LinkedIn - B2B (1).PPTX
Slideshare - LinkedIn - B2B (1).PPTXSlideshare - LinkedIn - B2B (1).PPTX
Slideshare - LinkedIn - B2B (1).PPTX
 
Ct2 sketching new
Ct2 sketching newCt2 sketching new
Ct2 sketching new
 
이한나 (Hanna lee) -
이한나 (Hanna lee) -이한나 (Hanna lee) -
이한나 (Hanna lee) -
 
PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATION
PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATIONPARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATION
PARASITIC COMPUTING: PROBLEMS AND ETHICAL CONSIDERATION
 
Org 536 effective business communications portfolio (f) copy
Org 536 effective business communications portfolio (f) copyOrg 536 effective business communications portfolio (f) copy
Org 536 effective business communications portfolio (f) copy
 

IS Report 3

  • 1. Student Name – Pranay Sable Student ID- 15870284 Lecturer Name- David Airehrour COMP821 INFORMATION SECURITY Securing Proximity Smart Cards
  • 2. PRANAY SABLE (15870284) 1 Contents Report Synopsis......................................................................................................................................2 Introduction............................................................................................................................................3 Literature Review-..................................................................................................................................5 Discussion...............................................................................................................................................7 Side-channel attacks and countermeasures.......................................................................................7 1. Timing Analysis Attacks.........................................................................................................7 2. Relay Attacks...........................................................................................................................9 3. Eavesdropping.......................................................................................................................11 Hardware attack and its Countermeasures......................................................................................13 Invasion attacks.............................................................................................................................13 Conclusion- ...........................................................................................................................................16 References............................................................................................................................................17
  • 3. PRANAY SABLE (15870284) 2 Report Synopsis Smartcard Technology has developed throughout the most recent couple of years taking after striking enhancements in the fundamental equipment and programming stages. It is almost used in every sector of life around us and has sensitive information in it. So to secure smart cards has become a foremost priority of developers. This article will provide defense mechanism to protect this smart tokens on communication and physical layer from hackers and attackers.
  • 4. PRANAY SABLE (15870284) 3 Introduction- What are Proximity smart cards? A smart card can be defined by its very basic component like integrated circuit which is a microcontroller which can store any kind of data in its RAM. Smart card system has a reader and token and a background system. The system is connected to a card reader which can authenticate a token or card when presented, a system can be a personal computer or a web browser which uses Secure Socket Layers to secure online transactions. A smart card can have 8KB to 256KB of programmable Random Access Memory with 16-bit of the microprocessor on it. The most common application where smart cards used are:  Wireless Communication(RFID)  Money Tractions  Door security system  Loyalty cards  Dish TV  Logistics Smart cards can be classified into 1) Contact Cards- These are the cards which need to make physical contact with the reader to establish a connection,and 2) Contactless Cards- These uses wireless communication channels to establish connection between reader and token.
  • 5. PRANAY SABLE (15870284) 4 Need for Security Smart cards are commonly thought to be tamper resistant, which implies that the expected usefulness and information held inside such a gadget should not be undermined by altering. Smart cards additionally offer a choice of security systems that could, for instance, be utilized to actualize verification or guarantee information privacy. Smart cards are in this manner utilized as a part of frameworks that give security administrations. While a ''safe and trusted'' token alone is insufficient to ensure security inside a framework. A creator joining smart cards into a framework ought to consider both attacks that apply to the security of the physical smart card token and the system as an entirety(Markantonakis, Tunstall, Hancke, Askoxylakis, & Mayes, 2009). This article gives a brief outline of most common attacks on a smart card, furthermore looks at the defense mechanism for each attack. The outline of this report is to have an understanding of most common attacks on the smart cards security system and their verified countermeasures in real life. Furthermore in discussion two types of core attacks and their countermeasures are presented with the outlined conclusion.
  • 6. PRANAY SABLE (15870284) 5 Literature Review- To deal with my research topic I have gone through different papers which are related to security of smart cards and have researched various websites and blogs written by researchers. Following are a synopsis of literature used to create this research report. P a p e r S u m m a r y S e c u r i t y o f p r o x i m i t y i d e n t i f i c a t i o n s ys t e m s ( G e r h a r d P H a n c k e , 2 0 0 8 ) A s d i s c u s s e d b y ( G e r h a r d P H a n c k e , 2 0 0 8 ) i n h i s r e p o r t h a v e s u m m a r i z e d r e l a y a t t a c k s a n d d i s t a n c e b o u n d i n g p r o t o c o l s . C o n f i d e n c e i n s m a r t t o k e n p r o x i m i t y: R e l a y a t t a c k s r e v i s i t e d ( G . P . H a n c k e , M a ye s , & M a r k a n t o n a k i s , 2 0 0 9 ) ( G . P . H a n c k e e t a l . , 2 0 0 9 ) m e n t i o n e d d e t a i l e d s t u d y a n d i m p l e m e n t a t i o n o f r e l a y a t t a c k s a n d i t s c o u n t e r m e a s u r e s P r e v e n t i n g r e a l - w o r l d r e l a y a t t a c k s o n c o n t a c t l e s s d e v i c e ( H e n z l , H a n a c e k , & K a c i c , 2 0 1 4 ) T h e a u t h o r ( H e n z l e t a l . , 2 0 1 4 ) m e n t i o n e d t h e r e l a y a t t a c k s o n c o n t a c t l e s s o r N e a r - f i e l d c o m m u n i c a t i o n ( N F C ) . S m a r t c a r d a p p l i c a t i o n s a n d s e c u r i t y( L e n g , 2 0 0 9 ) ( Le n g , 2 0 0 9 ) h a v e b r i e f l y p r o p o s e d e v e r y a t t a c k s c e n a r i o o n s m a r t c a r d s s u c h a s s i d e c h a n n e l a t t a c k s , e a v e s d r o p p i n g , a n d p h ys i c a l a t t a c k s
  • 7. PRANAY SABLE (15870284) 6 R F ID N o i s y R e a d e r H o w t o P r e v e n t f r o m E a v e s d r o p p i n g o n t h e C o m m u n i c a t i o n ? ( S a v r y, P e b a y- P e yr o u l a , D e h m a s , R o b e r t , & R e v e r d y, 2 0 0 7 ) O n t h e b a s i s o f a d e v i c e n a m e d n o i s y r e a d e r ( S a v r y e t a l . , 2 0 0 7 ) h a v e i n t r o d u c e d a d e f e n s e w e a p o n a g a i n s t E a v e s d r o p p i n g . “ S o l u t i o n s f o r R F I D S m a r t T a g g e d C a r d S e c u r i t y V u l n e r a b i l i t i e s ” ( W i l l i a m s o n , T s a y, K a t e e b , & B u r t o n ” , 2 0 1 3 ) ( W i l l i a m s o n e t a l . , 2 0 1 3 ) h a v e p r o p o s e d s o l u t i o n s f o r R F ID t a g s i n b i o m e d i c a l f i e l d t h r o u g h t h e a d d i t i o n o f t w o s e c u r i t y l a ye r s i n t h e c o m m u n i c a t i o n c h a n n e l R a n d o m i z e d e x e c u t i o n a l g o r i t h m s f o r s m a r t c a r d s t o r e s i s t p o w e r a n a l ys i s a t t a c k s ( Z h a n g , Li a o , Q i u , H u , & S h a , 2 0 1 2 ) I n t h i s p a p e r , i t i s d i s c u s s e d 3 - b i t a l g o r i t h m t e c h n i q u e s f o r s e c u r i t y a g a i n s t p o w e r a n a l ys i s a t t a c k s . S m a r t C a r d s , T o k e n s , S e c u r i t y a n d A p p l i c a t i o n ( M a r k a n t o n a k i s , 2 0 0 7 ) T h i s b o o k h a s p r o v i d e d a b r o a d e r v i e w o f m a n y c a r d s s ys t e m a n d p r a c t i c a l s e c u r i t y m e t h o d s u s e d . R F ID s ys t e m s : A s u r v e y o n s e c u r i t y t h r e a t s a n d p r o p o s e d s o l u t i o n s ( P e r i s - Lo p e z , H e r n a n d e z - C a s t r o , E s t e v e z - T a p i a d o r , & R i b a g o r d a , 2 0 0 6 ) ( P e r i s - Lo p e z e t a l . , 2 0 0 6 ) p r e s e n t e d t h r e a t s t o R F ID s e c u r i t y s ys t e m a n d p r o t e c t i n g p r i v a c y t h r o u g h F a r a d a y c a g e a n d b l o c k e r t a g s .
  • 8. PRANAY SABLE (15870284) 7 Discussion Side-channel attacks and countermeasures A side-channel attack(Kocher,1996) comprises in observing unintended impacts of the calculation and recovering valuable data from these impacts. There are numerous such impacts, including the timing of the calculation, the information traded on the I/O channels, the power utilization, or some other impact of the calculation. Such attacks are considered as non- obtrusive, on the grounds that they are performed on a working smart card chip, and they, as a rule, don't require the tampering of the card. 1. Timing Analysis Attacks These are the most common types of side-channel attacks. To carry out this attack the attacker must have power system knowledge. By studying the power utilization of smart card one can tell what type of information is the card possessing within a microchip. Under power attacks, there are mainly 2 types of attacks which are described below. Simple power Analysis: -A powerful form of power analysis is to search for patterns within the acquired power consumption. An attacker can attempt to determine the location of individual functions within a command. For example, Fig. 2 shows the power consumption of a smart card during the execution of RSA, looking closely at the acquired power consumption, a series of events can be seen. There are two types of the event at two different power consumption levels, with a short dip in the power consumption between each event. This corresponds well to the square and multiply calculations used in RSA algorithm (Mayes and Markantonakis, 2008).
  • 9. PRANAY SABLE (15870284) 8 Figure 2. Power consumption of an RSA implementation(Markantonakis, 2007) Differential power analysis- Differential Power Analysis (DPA) actually treats the consequences of power examination. The estimations are rehashed ordinarily so that the impacts of noise can be dispensed with by taking normal qualities. The differences are once the estimations have been finished, which can uncover even better contrasts in the current utilization of a microcontroller than basic force investigation. With the DPA procedure, the current utilization is initially measured while the microcontroller is handling known information, and afterward again while it is handling unknown information(Leng, 2009; Markantonakis et al., 2009). Time analysis attacks Countermeasures As suggested by (Leng, 2009)the least difficult equipment arrangement is to consolidate a quick acting voltage controller in the chip screens and guarantees that the power utilization is autonomous of the guidelines and information. The counterfeit noise current generators on the chip are likewise a successful arrangement. Another arrangement is to utilize a changed processor plan that dependably draws a steady current. Nevertheless, these methodologies will marginally expand the power utilization, which is undesirable in applications, for example, telecommunication. As an option, some more straightforward guard utilizing haphazardly produced delays (arbitrary holding up time) in the processor extensively builds the trouble of
  • 10. PRANAY SABLE (15870284) 9 synchronization between the information and current, without expanding the chip's present utilization. A comparable methodology is that microcontrollers have their own on-chip clock generators, by consistently and randomly fluctuating the clock frequency inside certain breaking points. There is three software defense mechanism suggested by(Zhang et al., 2012) as follows “Dummy Instructions Random Insertion (DIRI), Simple Randomized Execution(SRE), Advanced Randomized Execution with Independent Dummy Instructions(AREIDI)” which shows significant results to protect smart cards from hackers. 2. Relay Attacks Relay attacks are basically carried out on the physical layer of the communication channel. In these case, the raider or attacker needs to have two hardware devices that are a reader and the token. The attacker sets up communication medium called as relay channel between its devices (reader and token). Now the attacker’s reader will send signals to legitimate token while the proxy token is situated near the reader. As the reader will transmit info to the proxy token which is indeed relayed back to the proxy reader. This proxy reader will send received signal information to token who will consider this reader as legitimate and responds, this response is conveyed back to the proxy token which will now acts exactly as the cloned token and transmit information to the real reader who misinterprets this cloned token as real and gives temporary access to the attacker(Gerhard P Hancke, 2008). Basically, there are two types of relay attacks. 1)Passive attack and 2) Passive attacks. The hacker never needs to know the plaintext information or the key K length of he and his assistant can keep transferring the particular messages between the reader and the real token. It does along these lines not make any difference if the information is encoded utilizing the Advanced Encryption Standard AES with a 256-bit key, or a powerless restrictive figure with a 32-bit key as the resultant ciphertext of either can be transferred simply. The achievement of
  • 11. PRANAY SABLE (15870284) 10 the hacker is in this manner free of the application layer convention and encryption calculation utilized and subsequently application layer cryptographic systems are incapable at forestalling hand-off attack(G. P. Hancke et al., 2009). So this suggests that even if there is a secret key with the authenticating user it is not of any use as the hacker can any time be able to easily intercept the messages and can have a virtually cloned token. Security measures for relay attacks- There are many possible ways to been suggested to protect contactless system through the relay attack. a) Timing Constraints- The attacker's equipment needs time to transfer information between the reader and token and the attacker's reaction is along these lines deferred when contrasted with a genuine response. Executing time-outs would in this way have all the earmarks of being an achievable answer for keeping an attacker's "late" reaction from being acknowledged. Timing limitations are already defined for communication in the ISO 14443 standard furthermore, reader frequently has the ability to likewise actualize a period out on the token's response. The timing imperatives in the norms, be that as it may, are infrequently upheld in reader we watched. Setting a period out of reaction information is likewise not a powerful countermeasure as the postponement presented by the transfer equipment is substantially less than the run of the mill time-out qualities. Setting timeouts that would recognize such a little postpone is not useful either in light of the fact that the variety in the time taken by the token to produce a reaction is prone to be bigger than the time-out and real reactions would be a danger of being rejected. (G. P. Hancke et al., 2009). To time-outs measurements can more accurately be studied
  • 12. PRANAY SABLE (15870284) 11 by observing the signal response of reader in an oscilloscope or by the proprietary reader. b) Distance bounding Protocols. Separation bounding conventions decide an upper limit for the physical separation between two conveying parties taking into account the Round-Trip-Time (R- T-T) of cryptographic test reaction sets. The of the test reaction sets is particularly intended to take into consideration an exact time estimation, e.g. picking up a response that takes an anticipated or steady time to compute. To accomplish an exact and trusted distance bound the convention should be keep running over a special correspondence channel since it has been demonstrated that routine channels present timing vulnerability that can dark the deferral presented by a relay attack. There are various protocols suggested for distance bounding, Brands and Chaum (1993) were the first to describe distance-bonding protocol since then many protocols have been suggested. Distance jumping would consequently require adjusted tokens and readers, which would expand the aggregate framework cost. Distance bounding has been for all intents and purposes executed in a contact framework yet appropriate contactless channels are still a work in advancement, with current recommendations raising security, on the other hand, is a concern (G. P. Hancke et al., 2009). 3. Eavesdropping An Eavesdropping attack happens when an attacker can recapture the information sent amid an exchange between a true reader and a token, which requires the hacker to set up in the region of a likely target. The attacker needs to catch the transmitted signs utilizing appropriate RF hardware before recuperating and putting away the information of interest. The level of
  • 13. PRANAY SABLE (15870284) 12 accomplishment that the attacker will accomplish relies on upon the assets accessible to him. An aggressor with costly, particular RF estimation gear will have the capacity to listen in from further away than an attacker with a modest, home-made framework. The hacker is still a practical danger in any case. A pioneering attacker could recuperate the credit card subtle elements of the individual standing in front and that he had a small versatile framework that could listen in at 50 cm. On the other hand, if the aggressor can effectively listen in the correspondence from 10 m he could sit in a vehicle outside his nearby corner store and record every one of the truncation held inside. This attack can also happen when the card is not used and the hacker can trigger the smart card secretly without the holder being unaware of it. An attacker may don’t have access to the sensitive but it may know. Defence Mechanism for Eavesdropping attacks- In Eavesdropping, an attacker interprets the data transferred between the token and reader so any system that can secure the information will be the best solution for this kind of attack. There is various solution proposed as an idea of using shared secret key or makes the channel more impervious to listening in. (Wyner, 1975)came with a solution of additive noise in the communication channel The concept works as follows when a sender sends data over a communication channel he adds two types of noise N’(t) and N” (t) (with a condition that(N’(t)<< N”(t)), so data send will be y(t)=N’(t)+N”(t)+i(t) but at the receivers end he will get y(t)=N’(t)+i(t) and the attacker will have Z(t)=N”(t)+I(t), this concept is called as wiretapping. But it has a problem in it, there is theoretical no evidence of that the noise level should be sufficient. (Savry et al., 2007) came up with a solution for the above-stated problem they developed a ‘Noisy reader’. As this is a very vast concept will just give the principle of
  • 14. PRANAY SABLE (15870284) 13 this device. The rule of the noisy reader. To begin with, the reader creates a loud flag and emanates it through its receiving wire amid the time of the legitimate answer. So the reader or a hacker in the loop will see a signal with noise where the legitimate message is covered up. As the reader knows the commotion it radiated, it can subtract it from the message it got to recover the legitimate message. This is done by including these noisy generator object that can generate analogy noise in the ISO 14443 protocol in the physical communication layer without any modification in ISO 14443 standard of RFID reader. One or Two-factor authentication in Eavesdropping attack- In payment system using smart cards, this defence mechanism is introduced. Whenever you present your bank credit card or smart card it then asks you for your pin number and then only proceeds further with the transaction. But nowadays there is a new concept called ‘pay-wave’ in which just you present your card and everything is done sounds easy. But think if your card gets stolen and no means to authenticate the person who is using it and until you block your card the damage is already done. While installing a door access system with access cards there should be a provision to authenticate like a pin or biometric verification such to make your system more secure from eavesdropping. Above we discussed some attacks and their countermeasures which are on the communication layer of the smart card system now let’s explore hardware layer of the system. Hardware attack and its Countermeasures Invasion attacks are the attacks that require the microchip in a smart card to be evacuated and specifically altered and tampered physically. This class of attacks can, at any rate in the hypothesis, trade off any security measure of any microchip. Be that as it may, these attacks
  • 15. PRANAY SABLE (15870284) 14 commonly require exceptionally costly hardware, awesome mastery and a vast interest in time to deliver results. Prying attacks are along these lines considered to be essentially in the domain of semiconductor makers furthermore, specializes in very much supported labs(Leng, 2009). Another strategy for physically attacking a chip is to put a test on bus lines so that qualities being sent over the transport can be seen on an oscilloscope. The noticeable data could incorporate cryptographic keys and/or the working framework present in ROM. The study of these attacks is beyond this article but for detailed information can refer (Anderson and Kuhn,1996) and (Kommerling and Kuhn,1999). Countermeasures for hardware attacks- Design- The incorporated circuit configuration can incorporate such countermeasures as glue logic, obfuscated logic and covered buses which make figuring out harder. Non-unpredictable memory, buses can be mixed to anticipate reverse engineering of uploaded programming, or chip plan strategies, through examining. Figure2 - Secure and Insured chips(Markantonakis, 2007)
  • 16. PRANAY SABLE (15870284) 15 Anomaly Detectors: (Markantonakis et al., 2009) suggested this defense mechanism that there are normally diverse sorts of peculiarity detectors present in a smart card. These are utilized to identify irregular environmental conditions, for example, a disturbance in the voltage or clock supplied to the card. A smart card will regularly reset or execute an infinite circle until the irregular condition is evacuated.
  • 17. PRANAY SABLE (15870284) 16 Conclusion- Smart cards are seen as a decent method for including a ''trusted equipment token'' that offers extra security administrations. The usage of secure applications on smart cards is diverse to advancement in different stages as it requires learning of both the abilities of various smart card items and conceivable attacker techniques focusing on these cards. Picking a smart card item that is viewed as powerless, based on legacy innovations or is (by and large) insufficient for designed framework, or neglecting to plan the framework to take into account any conceivable constraints in smart card innovation could present vulnerabilities that could be abused, as is obvious from the genuine attackers portrayed previously. There are various ways to an attacker can attack a system smart card alone cannot assure the full security of the system in many cases. For example, an intruder can physically damage the reader and can gain access. This means that there is a need to look beyond smart token or card and revise the rules regulation and policies for a security system. With every new security design developed every movement, an attacker or hacker is always ready to challenge, so the changes and development in the security system should be constant that is the rule of life if you want to survive in this constantly challenging world the security system should be in its evolving mode always.
  • 18. PRANAY SABLE (15870284) 17 References Hancke, G. P. (2008). Security of proximity identification systems. University of Cambridge. Hancke, G. P., Mayes, K. E., & Markantonakis, K. (2009). Confidence in smart token proximity: Relay attacks revisited. Computers & Security, 28(7), 615-627. doi:10.1016/j.cose.2009.06.001 Henzl, M., Hanacek, P., & Kacic, M. (2014). Preventing real-world relay attacks on contactless devices. Paper presented at the Security Technology (ICCST), 2014 International Carnahan Conference on. Leng, X. (2009). Smart card applications and security. Information Security Technical Report, 14(2), 36-45. doi:10.1016/j.istr.2009.06.006 Markantonakis, K. (2007). Smart cards, tokens, security and applications: Springer Science & Business Media. Markantonakis, K., Tunstall, M., Hancke, G., Askoxylakis, I., & Mayes, K. (2009). Attacking smart card systems: Theory and practice. Information Security Technical Report, 14(2), 46-56. doi:10.1016/j.istr.2009.06.001 Peris-Lopez, P., Hernandez-Castro, J. C., Estevez-Tapiador, J. M., & Ribagorda, A. (2006). RFID systems: A survey on security threats and proposed solutions. Paper presented at the Personal wireless communications. Savry, O., Pebay-Peyroula, F., Dehmas, F., Robert, G., & Reverdy, J. (2007). RFID Noisy Reader How to Prevent from Eavesdropping on the Communication? Cryptographic Hardware and Embedded Systems-CHES 2007, 334-345. Williamson, A., Tsay, L.-S., Kateeb, I. A., & Burton”, L. (2013). “Solutions for RFID Smart Tagged Card Security Vulnerabilities”. AASRI Procedia, 4, 282-287. doi:10.1016/j.aasri.2013.10.042 Wyner, A. D. (1975). The wire-tap channel. Bell System Technical Journal, The, 54(8), 1355-1387. Zhang, D., Liao, X., Qiu, M., Hu, J., & Sha, E. H. M. (2012). Randomized execution algorithms for smart cards to resist power analysis attacks. Journal of Systems Architecture, 58(10), 426-438. doi:10.1016/j.sysarc.2012.08.004