A smart card, chip card, or integrated circuit card (ICC), is a pocket-sized card with embedded integrated circuits, which can process data. Some smart cards contain only non-volatile memory (NVM) storage components and security logic. Other smart cards contain volatile memory and microprocessor components. Smart cards are often used as a form of security authentication for various applications, and thus store and operate on secret data. Smart cards are subject to various attacks, usually in an effort to obtain the secret data stored in the smart card.
One kind of attack relates to mechanisms where data are sent to the smart card and compared in the card with corresponding values or reference data, with a retry counter being incremented according to the result of the comparison. For example, a Personal Identification Number (PIN) may be compared to a corresponding PIN stored in the card, and a retry counter can be incremented for negative comparisons. The attack works, for example, by measuring a voltage drop across a resistor in a power supply lead. If a suitable command containing the comparison data is sent to the smart card, it is possible to see from the voltage measurement whether the retry counter has been incremented, even before a return code has been received. If the return code is sent before the retry counter is written to memory when the result of the comparison is positive, this method can be used to determine the value of the reference data. This is done by sending all possible variations of the comparison value to the smart card, and cutting off power to the card before the retry counter has been incremented, if the result is negative. A positive result can be recognized from the associated return code, which is sent before the retry counter is written to memory.
One defense is to always increment the retry counter before making the comparison, and then decrementing the counter afterwards. In this case, the attacker cannot obtain an advantage, regardless of when he interrupts power to the card, since the retry counter will have already been incremented. In a second approach, the retry counter is incremented after a negative comparison and written to an unused non-volatile memory cell after a positive comparison. Both of these write accesses occur at the same time in the process, so the attacker can draw no conclusions with regard to the result of the comparison. The attacker learns the result of the comparison only after receiving the return code, and at this point it is too late to prevent a write access to the retry counter by cutting off the power.
A problem with the defenses described above is that the non-volatile memory is stressed from the writes, and therefore these defenses will have an impact on the endurance and data retention of the non-volatile memory.