Smart cards are electronic components that have been developed to help facilitate high volume consumer transactions. For example, smart cards are used to record the number of fares on a bus pass. When a consumer boards a bus, the smart card is placed in a smartcard reader and one credit is deducted from the consumer's account.
As a data processing system, a smart card stores information, e.g., personal, financial, etc., that requires protection from unauthorized access. For this reason, a principle purpose of a smart card is to secure data stored therein. If the data in the smart card is issued to unapproved persons, a user or a system manager may suffer considerable damage. Unapproved access of a smart card is called “tampering”. Tampering techniques can be divided into four major attack techniques, that is, a microprobing technique, a software technique, an eavesdropping technique, and a fault generation technique.
The microprobing technique can be used to access a chip surface directly. The software attack technique uses the normal communication interface of a processor and exploits security vulnerabilities found in the protocols, cryptographic algorithms, or their implementation. The eavesdropping technique monitors, with high time resolution, analog characteristics of all supply and interface connections and any other electromagnetic radiation produced by a processor during a normal operation. The fault generation technique uses abnormal environment conditions to generate malfunctions in a processor that provide additional access. All microprobing techniques are invasive attacks. They require hours or weeks in a specialized laboratory and, in the process, they destroy the packaging. The other three techniques are non-invasive attacks.
As a non-invasive attack technique, a glitch attack technique attacks a smart card without permission by applying abnormal signals to an externally provided signal or a power supply voltage so that a smart card operates unpredictably. Particularly interesting commands that an attacker might want to replace with glitches are conditional jumps or the test instructions preceding them. They create a window of vulnerability in the processing stages of many security applications that often allows an attacker to bypass sophisticated cryptographic barriers by simply preventing the execution of the code that detects that an authentication attempt was unsuccessful. Instruction glitches can also be used to extend or reduce the runtime of loops.
In conclusion, data stored in a smart card as a data processing system can be tampered by the glitch attack technique.