Even Smart Cards Can Make Dumb Mistakes

By Peter Coffee  |  Posted 2002-04-08 Print this article Print

Peter Coffee: Companies should understand the limitations of smart card security—and plan for them—before counting on smart cards to protect important data.

Bits are a lie. The difference between the fiction of bits and the truth of actual hardware is a fundamental threat to secure computing. The software pretense of bits depends on an upstream hardware reality of voltages, currents, stray radio-frequency emissions and other artifacts that our abstract models omit—but that a determined attacker can study and exploit. Its especially important to think about the oft-ignored behaviors of the physical machine if were going to depend on ubiquitous devices such as "smart cards."
Portable, active security tokens have to be built inexpensively—and have to be compact and lightweight—to be useful in their intended applications; the problem is that these attributes often go hand-in-hand with revealing behaviors. Timing attacks, for example, correlate smart card response times against an attackers knowledge of encryption algorithms to dramatically shrink the search space for possible keys. Differential power analysis uses the power consumption patterns of smart card hardware to provide similar clues.
Yes, smart cards offer far more protection than many alternative forms of portable data packaging, such as magnetic stripes: being able to perform local computations, a smart card can take active measures in its own defense that a passive data record can not. The current political environment makes it likely that smart card readers will proliferate more rapidly than might otherwise be the case—and smart card vendors are happy to encourage this—but these installations must be designed with care to avoid introducing new vulnerabilities at the same time that they promote a possibly false confidence. If we start to believe that the model is the reality, were making the same mistake as someone who puts a $100 lock on a steel-reinforced end flap on a cardboard box: Our model says that you have to open the lock and open the flap to get inside, but the pragmatic intruder can merely cut through the side of the box and take whatever he wants. Smart cards are good locks, and with encrypted interfaces they can be used to construct well-reinforced doors, but we need to think like spies and burglars: The storehouses of our precious data must not have uncovered windows or fragile walls. E-mail eWEEK Technology Editor Peter Coffee
Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel