Secure integrated circuit cards, commonly referred to as smart cards, may be of the form of an embedded integrated circuit hardware device that is small enough to fit into a user's pocket. Secure integrated circuit cards may be used in many situations where critical information must be stored and shared. For example, set-top boxes that facilitate pay-per-view or video-on-demand features may use a secure integrated circuit card to supply user account information to a provider along with a request for access to such features, and to subsequently decrypt encrypted digital video streams that may be provided in response to the request. As another example, a Subscriber Identity Module (SIM) card in a Global Systems for Mobile Communications (GSM) phone may be used to store a user's personal information, such as his or her phone book, device preferences, preferred network(s), saved text or voice messages and service provider information. A SIM card may allow a user, for example, to change handsets while retaining all of his or her information on the SIM card. Smart cards may be used in a variety of applications (e.g., electronic payment systems, including specialized auto-debit devices such as public transportation cards and personal identification documents, such as passports, drivers licenses, and medical identification cards).
Due to security concerns, encryption standards or algorithms may be used to protect sensitive information on a smart card. For example, the Digital Encryption Standard (DES) may be used to encrypt information with a 56-bit key. Access to private data may only be available to a holder of the key. Newer updates to this standard, such as Triple-DES and Advanced Encryption Standard (AES) may offer an even more complex (and secure) encryption key algorithm. Another example standard is RSA (an acronym derived from the surnames of its three creators—Rivest, Shamir and Adleman), a public-key encryption standard with private-key decryption.
Because of the value of information that may be stored on and protected by a smart card, hackers may employ various techniques to break or bypass various encryption algorithms used to protect sensitive information on a smart card. Various techniques employed by hackers to break or bypass the encryption algorithms may generally be categorized as invasive attacks and non-invasive attacks.
In an invasive attack, a hacker may physically disassemble the smart card in order to access, monitor and control its internal circuitry. Once the smart card has been disassembled (e.g., the packaging has been removed), the hacker may inspect internal circuitry with, for example, an optical microscope or similar viewing apparatus or may employ a logic probe or analyzer in an attempt to understand timing and functionality of the hardware employed. A hacker may slow or speed up a clock signal or subject a power supply to voltage glitches, which may have the effect of placing the hardware in a vulnerable state. A hacker may use a laser to remove protective circuitry in order to, for example, permanently disable encryption or decryption functionality. A hacker may also employ a directed light beam or other light or radiation source to modify the value of a particular hardware element. For example, the hacker may force a logic gate to have a particular value. Each of these example methods may be employed by a hacker to either create a vulnerability in the device that can be subsequently exploited or to glean information about the operation of the device.
A hacker may also attempt to inject “faults” into a smart card or other secure device, in order to extract sensitive information or corrupt the operation of the device. For example, rather than observing the smart card in its typical operation, a hacker may inject a “glitch” into the circuitry and analyze the circuit's response. In particular, the hacker may temporarily speed up a clock signal, in order to, for example, cause inputs to be sampled before updated information has propagated through a circuit—possibly bypassing key security, or revealing details about how the circuit functions. A hacker may inject a voltage glitch to, for example, temporarily shift the threshold voltages of transistors or logic gates. Such a voltage glitch may cause the hardware to skip certain procedures, allowing the hacker to commandeer portions of the logic or hijack data before it is encrypted, etc.
A hacker may also employ non-invasive, or “side channel” attacks to discover functional details of a smart card. In particular, a hacker may observe various aspects of the smart card in operation, and apply statistical analysis to the observed aspects to deduce operational details of the smart card or to extract sensitive information (e.g., encryption or decryption keys). For example, the hacker may use differential power analysis (DPA) to analyze power consumption during smart card operations. Since the power consumption may be directly related to particular operations, the hacker may be able to deduce, for example, particular bits of a key used in a decryption algorithm, by observing many instances of a particular operation and applying statistical analysis to the observations. Similarly, a hacker may employ electromagnetic analysis (EMA) to monitor radiation output of a smart card during particular operations; statistical analysis of the radiation may also reveal sensitive information. A hacker may also analyze timing between variations in power consumption or electromagnetic radiation to identify times at which key operations of known algorithms (e.g., encryption or decryption algorithms) are performed.
Once a hacker has extracted sensitive information from a device, the hacker may use the sensitive information for various nefarious purposes. For example, the hacker may obtain pay-per-view or video-on-demand services using another user's account; the hacker may access telecommunication services that are billed to another user; the hacker may steal another user's bank account funds; the hacker may steal another's identity; etc.