Smart card security depends on the hardware design of the card circuitry and above all on the cryptographic mechanisms used in the card's operating system. The keys that are used in the cards for symmetric and asymmetric algorithms are hidden. The key's hidden characteristic plays an important role in systems whose security relies on micro calculator cards.
Today, there is a theoretically applicable method that allows the user to determine the contents of a key stored within a smart card. This method successively toggles all non-volatile memory cells (EPROM or EEPROM) that record the stored key's binary elements. This method can be executed using physical or electronic means that allow the logical contents (or the electrical charge) of an elementary memory cell to be modified.
However, in order to execute this type of operation, it is absolutely necessary that the user know the physical order or arrangement of the memory cells on the chip. The user must also be able to ensure correspondence between these physical addresses (defined by a memory chip mask) and the relative or absolute logic addresses that allow the user to access information.
When a memory cell that contains a binary element of a stored key that needs to be identified is found, this cell can be subjected to selective X-ray exposure to alter the contents of the memory cell.
The key contents determining approach consists of performing a calculation using this stored key in order to save the results obtained and then trying to modify the contents of a cell using the method described above (changes are only possible in one direction-load or unload a cell). Next, the preceding calculation is redone. Therefore, if there is no modification of the cell's binary value, the same result is obtained; otherwise, it is modified. Thus, the value of the stored key that undergoes the process can be determined and, by preceding incrementally, the value of the set of bits that make up a key can be determined.
The possibility of fraud becomes even more pronounced for base keys or mother board keys that are used on a number x of cards. Therefore, a user can use the procedure described above, taking one bit from each of these x cards to determine the total number of bits of the base key that are used on each of the x cards.