Cryptography on smart cards

doi:10.1016/S1389-1286(01)00164-5

Computer Networks

Volume 36, Issue 4, 16 July 2001, Pages 423-435

https://doi.org/10.1016/S1389-1286(01)00164-5 Get rights and content

Abstract

This article presents an overview of the cryptographic primitives that are commonly implemented on smart cards. We also discuss attacks that can be mounted on smart cards as well as countermeasures against such attacks.

Introduction

Smart cards are small, portable, tamper-resistant devices providing users with a convenient storage and processing capability. The smart card is amenable to cryptographic implementations for several reasons. The card contains many security features that enable the protection of sensitive cryptographic data and provide for a secure processing environment. The protection of the cryptographic keying material is critical; to provide cryptographic services, this key must never be revealed.

This article presents an overview of the cryptographic primitives that are commonly implemented on smart cards. We will also discuss attacks that can be mounted on smart cards. Besides cryptographic attacks on the algorithms, smart cards are also vulnerable to attacks that exploit weaknesses in the implementations. Typical examples are timing attacks, power analysis, memory scanning, …

The article is organised as follows. In Section 2, we summarise the constraints that a typical smart card imposes on its applications. In Section 3, we give an overview of cryptographic primitives that are implemented on smart cards and in Section 4 we discuss attacks on smart cards.

Section snippets

Smart card constraints

Smart cards are used in a wide variety of applications such as electronic purses, electronic commerce and identification. In most of these applications, a tradeoff has to be made between cryptographic functionality and the cost of the smart card. While most of the applications would benefit from the use of asymmetric cryptography, e.g., to implement digital signatures, the cost of smart cards that can run asymmetric cryptographic primitives, is still prohibitive for several applications.

Cryptographic primitives

In this section, we discuss the following symmetric primitives: block ciphers, message authentication codes and hash functions. We discuss two important asymmetric primitives: RSA and elliptic curves. We conclude with a discussion of (pseudo-) random number generators.

Attacks on smart cards

Smart card designs have to take into account restrictions such as memory constraints, flexibility of the processor, external power supply, restricted physical security, etc. Moreover, an attacker has the ability to control certain aspects of the environment of a smart card: power supply, clock frequency, external radiation, etc. These potential weaknesses have made smart cards an attractive target for system-based attacks. Classical attacks against cryptographic primitives exploit only

Conclusions

One can expect that in the coming years, DES will be replaced as the main symmetric algorithm on smart cards. While triple-DES is currently very popular, the selection of Rijndael as the AES provides designers with an interesting alternative algorithm. An increasing number of smart cards will be able to perform public-key cryptography; elliptic curves will become more important, but a significant fraction of the applications will use RSA. Recent progress in system-based attacks have triggered

Johan Borst obtained in February 1997 the degree of engineer at the Technical University of Eindhoven, The Netherlands. He started Ph.D. in cryptography at the ESAT/COSIC lab of the K.U. Leuven. In October 2000, Johan was close to finishing his Ph.D., when he suddenly passed away.

References (41)

R. Anderson, M. Kuhn, Tamper resistance – a cautionary note, in: The Second USENIX Workshop on Electronic Commerce...
ANSI X9.19 Financial Institution Retail Message Authentication, American Bankers Association, 13 August...
ANSI X9.52 Triple Data Encryption Algorithm Modes of Operation, American Bankers Association,...
M. Bellare, R. Canetti, H. Krawczyk, Keying hash functions for message authentication, in: N. Koblitz (Ed.), Advances...
M. Bellare, J. Kilian, P. Rogaway, The security of cipher block chaining, in: Y. Desmedt (Ed.), Advances in Cryptology,...
E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in: B. Kaliski (Ed.), Advances in...
E. Biham, A. Shamir, Power analysis of the AES candidates, Proceedings of the Second Advanced Encryption Standard...
D. Boneh, R. DeMillo, R. Lipton, On the importance of checking cryptographic protocols for faults, in: W. Fumy (Ed.),...
A. Bosselaers et al.
The RIPEMD-160 cryptographic hash function
Dr. Dobb's J.
(1997)
S. Cavallar, Factorization of a bit RSA modulus, in: B. Preneel (Ed.), Advances in Cryptology – Eurocrypt 2000, Lecture...

S. Chari, C. Jutla, J. Rao, P. Rohatgi, Towards sound approaches to counteract power-analysis attacks, in: M. Wiener...

D. Coppersmith, L.R. Knudsen, C.J.M. Mitchell, Key recovery and forgery attacks on the MacDES MAC Algorithm, in: M....

J. Daemen, V. Rijmen, Resistance against implementation attacks, A comparative study of the AES proposals, Proceedings...

Electronic Frontier Foundation (O'Reilly & Associates, Sebastopol, 1998), Cracking DES, Secrets of Encryption Research,...

P. Fahn, P. Pearson, IPA: A new class of power attacks, in: C. Koc, C. Paar (Eds.), Proc. CHES'99, Lecture Notes in...

FIPS 180-1, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180-1, National Institute...

L. Goubin, J. Patarin, DES and differential power analysis. The duplication method, in: C. Koc, C. Paar (Eds.), Proc....

R.C. Fairfield, A. Matusevich, J. Plany, An LSI random number Generator (RNG), Advances in Cryptology, Proc. Crypto'84,...

H. Handschuh et al.

Smart card crypto-coprocessors for public-key cryptography

CryptoBytes

(1998)

IEEE P1363, Standard Specifications for Public Key Cryptography,...

Cited by (27)

Secure and efficient two-factor zero-knowledge authentication solution for access control systems
2018, Computers and Security
The authentication schemes based on common chip cards such as Mifare cards are still very popular and are used in various access control systems deployed in critical infrastructure sectors, universities, companies, libraries, hospitals, and other public and private institutions. On one hand, the access control systems based on these obsolete cards and cryptographic protocols have several security flaws and can be easily attacked. On the other hand, newer authentication schemes usually need many complex cryptographic operations and thus take impractical time on current programmable smart cards during the authentication of users. In this paper, we present a secure and efficient two-factor authentication protocol for fast access control systems and user-things identification schemes based on programmable smart cards. Our protocol is based on a zero-knowledge approach, and it is protected against common attacks. Further, we implement the proposed authentication protocol on current off-the-shelf programmable smart cards in order to demonstrate its efficiency and practicality. Finally, we compare our solution with related works and show the improvement of our solution in computation and communication perspectives.
Advanced remote user authentication protocol for multi-server architecture based on ECC
2013, Journal of Information Security and Applications
Citation Excerpt :
Symmetric cryptographic parameters are inexpensive in terms of computation cost but they are simpler to forge as compared to public key cryptographic parameters. In comparison to other public key systems (PKS), Elliptic Curve Cryptosystem provides maximum security per bit for a given key size (Borst et al., 2001). Smaller key size implies faster computation even with limited resources.
We have reached an era where desired web services are available over the networks by click of a button. In such a scenario, remote user authentication plays the most important role in identifying the legitimate users of a web service on the Internet. Researchers have proposed a number of password based authentication schemes which rely on single server for authentication. But, with tremendous advancements in technology, it is possible to engage multiple servers in authenticating their clients in order to achieve better security. In this paper, we propose an efficient password based authentication protocol for multi-server architecture. The protocol provides mutual authentication using smart card and is based on Elliptic Curve Cryptography, therefore offers best security at a low cost. In 2011, Sood et al. proposed a multi-server architecture protocol using smart cards. In this paper, we improve Sood et al. scheme by increasing its security and reducing the computation cost. The protocol is based on the concept of dynamic identity that uses a nonce based system and has no time synchronization problem.
Two robust remote user authentication protocols using smart cards
2010, Journal of Systems and Software
Citation Excerpt :
This is because only lightweight operation modules such as one-way hash function and exclusive-or operation are required. In Borst et al. (2001), the authors had presented that there are ways to implement fast enough hash function onto smart card to perform authentication and other access control mechanisms. Therefore, with better security, we think our protocol is practical to be implemented in real world environments.
With the rapid growth of electronic commerce and enormous demand from variants of Internet based applications, strong privacy protection and robust system security have become essential requirements for an authentication scheme or universal access control mechanism. In order to reduce implementation complexity and achieve computation efficiency, design issues for efficient and secure password based remote user authentication scheme have been extensively investigated by research community in these two decades. Recently, two well-designed password based authentication schemes using smart cards are introduced by Hsiang and Shih (2009) and Wang et al. (2009), respectively. Hsiang et al. proposed a static ID based authentication protocol and Wang et al. presented a dynamic ID based authentication scheme. The authors of both schemes claimed that their protocol delivers important security features and system functionalities, such as mutual authentication, data security, no verification table implementation, freedom on password selection, resistance against ID-theft attack, replay attack and insider attack, as well as computation efficiency. However, these two schemes still have much space for security enhancement. In this paper, we first demonstrate a series of vulnerabilities on these two schemes. Then, two enhanced protocols with corresponding remedies are proposed to eliminate all identified security flaws in both schemes.
An Introduction to Modern Cryptology
2007, The History of Information Security: A Comprehensive Handbook
This chapter discusses the issues in modern cryptology and provides an overview of cryptographic algorithms. Problems solved in cryptography include identification, time stamping, sharing of secrets, and electronic cash. The chapter studies many interesting problems under the concept of secure multiparty computation, such as electronic elections and the generation and verification of digital signatures in a distributed way. An important aspect is the underlying key management infrastructure which ensures that secret and public keys can be established and maintained throughout the system in a secure way. The chapter demonstrates that while cryptology has made significant progress as a science, there are some interesting research challenges ahead from both a theoretic and a practical viewpoint. Progress needs to be made in theoretical foundations—such as how to prove that a problem is hard—in the development of new cryptographic algorithms—such as new public-key cryptosystems that do not depend on algebraic number theory and light-weight or low footprint secret-key cryptosystems—and in the secure and efficient implementations of cryptographic algorithms.
A survey of recent developments in cryptographic algorithms for smart cards
2007, Computer Networks
This article presents an update on recent developments in the area of cryptographic algorithms that are relevant for smart cards. It includes a review of the status of hash functions, block ciphers and stream ciphers and presents an update on authenticated or unforgeable encryption. Finally the issue of secure padding for the RSA algorithm is discussed and the status of Elliptic Curve Cryptography is briefly reviewed.
An introduction to modern cryptology
2007, The History of Information Security
This chapter discusses the issues in modern cryptology and provides an overview of cryptographic algorithms. Problems solved in cryptography include identification, time stamping, sharing of secrets, and electronic cash. The chapter studies many interesting problems under the concept of secure multiparty computation, such as electronic elections and the generation and verification of digital signatures in a distributed way. An important aspect is the underlying key management infrastructure which ensures that secret and public keys can be established and maintained throughout the system in a secure way. The chapter demonstrates that while cryptology has made significant progress as a science, there are some interesting research challenges ahead from both a theoretic and a practical viewpoint. Progress needs to be made in theoretical foundations—such as how to prove that a problem is hard—in the development of new cryptographic algorithms—such as new public-key cryptosystems that do not depend on algebraic number theory and light-weight or low footprint secret-key cryptosystems—and in the secure and efficient implementations of cryptographic algorithms.

View all citing articles on Scopus

Bart Preneel received the Electrical Engineering degree and the Doctorate in Applied Sciences in 1987 and 1993, respectively, both from the Katholieke Universiteit Leuven (Belgium). He is currently a professor at the Katholieke Universiteit Leuven and a visiting professor (Professor II) at the University of Bergen in Norway and the University of Ghent in Belgium. During the academic year 1993–1994, he was a research fellow of the EECS Department of the University of California at Berkeley. His main research interests are cryptography, computer security and network security. Bart Preneel has authored and co-authored more than 70 scientific publications, and is inventor of one patent. He is a member of the Board of Directors of the IACR (International Association for Cryptologic Research) and of the Editorial Board of the Journal of Cryptology and of Cryptologia. He was program chair of the 1994 workshop on Fast Software Encryption, of the IFIP conference CMS'99 (Communications and Multimedia Security), and of Eurocrypt 2000. He is currently project manager of NESSIE (New European Schemes for Signature, Integrity and Encryption).

Vincent Rijmen obtained in 1993 the degree of electronics engineer at the K.U. Leuven, Belgium. He became Ph.D. student at the ESAT/COSIC lab of the K.U. Leuven. (COSIC stands for COmputer Security and Industrial Cryptography.) In 1997, Vincent finished his doctoral dissertation, titled “Cryptanalysis and design of iterated block ciphers”. Since then, he is postdoctoral researcher at the COSIC lab. Vincent Rijmen is one of the two designers of Rijndael, the Advanced Encryption Standard that will soon be adopted by NIST.

^☆: This research was sponsored in part by GOA Mefisto 2000/06 and by the IWT project STEBS.

¹: F.W.O. Postdoctoral researcher, sponsored by the Fund for Scientific Research, Flanders, Belgium.

View full text

Cryptography on smart cards☆