11. Security Techniques on Smart Cards
|
|
- Silvester Long
- 5 years ago
- Views:
Transcription
1 11. Security Techniques on Smart Cards Dr.-Ing. Martin Novotný Katedra číslicového návrhu Fakulta informačních technologií České vysoké učení technické v Praze c Martin Novotný, 2011 MI-BHW Bezpečnost a technické prostředky LS 2010/11, 11. přednáška Evropský sociální fond. Praha & EU: Investujeme do vaší budoucnosti Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 1 / 20
2 Security Techniques on Smart Cards Based on Chapter 8 of the book W. Rankl and W. Effing: Smart Card Handbook, Third Edition, John Wiley & Sons, Ltd., 2004, ISBN: Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 2 / 20
3 Security Techniques User Identification Smart Card Security Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 3 / 20
4 Security Techniques User Identification Smart Card Security Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 4 / 20
5 User Identification Knowledge of a secret (PIN) Possition of and object (holding a card) Bodily feature (biometric methods) Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 5 / 20
6 User Identification Knowledge of a secret (PIN) Possition of and object (holding a card) Bodily feature (biometric methods) Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 6 / 20
7 Biometric Methods Physiological methods face iris (eye) retina (eye) hand geometry fingerprint Behavioral methods typing rythm voice dynamic signature Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 7 / 20
8 Example: Fingerprint Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 8 / 20
9 Example: Dynamic Signature Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 9 / 20
10 Example: Dynamic Signature Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 10 / 20
11 Security Techniques User Identification Smart Card Security Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 11 / 20
12 Smart Card Security Attacks on smart cards attacks at the social level attacks at the physical level attacks at the logical level Attacks timing attacks during the development stage attacks during manufacturing attacks while the card is in use Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 12 / 20
13 Attacks during development Development of the smart card microcontroller Protection: design criteria absolutely no undocumented mechanisms or functions Protection: unique chip number can be copied, i.e. should be used only as a basis for other crypto mechanisms (e.g. for derivation of secret keys, etc.) Development of the smart card operating system Protection: development principles programmers should never work alone on the project the source code is inspected by independent testing agency Protection: distributing knowledge nobody knows everything Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 13 / 20
14 Attacks during production An eavesdropper can replace genuine smart cards with dummy cards during production. Cards are loaded with firmware during production. If the dummy card can perform memory dump, the secret key can be later revealed. Protection: administrative measures ( authorized personnel only ), authentication between the smart card and the security module, etc. Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 14 / 20
15 Attacks while the card is in use Attacks at the physical level Attacks at the logical level Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 15 / 20
16 Attacks at the physical level I Static analysis of smart card microcontrollers Protection: semiconductor technology Submicron technologies make reverse engineering difficult Protection: chip design Standard cells make reverse engineering easier Protection: dummy structures Just to confuse the attacker... Dummy structures can also be monitored Protection: chip buses Busses should be in lower layers of silicon to prevent connection and monitoring Protection: memory design ROMs should be in lower layers of silicon to prevent connection and monitoring Protection: protective layers (shields) Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 16 / 20
17 Attacks at the physical level II Attack and defense: reading out volatile memory When cooled to 60 o C, RAM can keep its content even if switched off. Protection: during operation, secret keys are not held in RAM any longer than is absolutely necessary, following which they are immediately erased. Protection: memory scrambling Protection: memory encryption Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 17 / 20
18 Attacks at the physical level III Dynamic analysis of smart card microcontrollers Protection: monitoring the passivation layer passivation layer must be removed before any sort of manipulation of the chip can be performed Protection: voltage monitoring prevents e.g. against differential fault analysis Protection: frequency monitoring Prevents operation in single-step mode (which simplifies attack). It also prevents overclocking Protection: temperature monitoring Protection: bus scrambling Bus scrambling can be static (permutation of wires), dynamic in time and also chip-specific (randomizer derives the scheme e.g. from the chip number). Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 18 / 20
19 Attacks at the physical level IV Protection: irreversible switching from the test mode to the user mode Dynamic analysis and defense: measuring the current consumption of the CPU (SPA, DPA) Protection: fast-acting voltage regulator in the chip that monitors the current and ensures it is independent on the instruction or data (drawback: higher consumption) Protection: Artificial noise current generators (drawback: higher consumption) Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 19 / 20
20 Attacks at the physical level V Protection: Employing other units (as noise current generators) Protection: Technology that provides consumption independent on operation Protection: Randomly generated delays (wait states) in the processor operation Protection: Only machine instruction with similar consumptions are used... Martin Novotný (ČVUT FIT, 2011) 11. Security Techniques on Smart Cards MI-BHW, 2011, 11. přednáška 20 / 20
Intrusion Techniques
Intrusion Techniques Mgr. Rudolf B. Blažek, Ph.D. Department of Systems Faculty of Information Technologies Czech Technical University in Prague Rudolf Blažek 2010-2011 Network Security MI-SIB, ZS 2011/12,
More informationParallel Connected Components
Parallel Connected Components prof. Ing. Pavel Tvrdík CSc. Katedra počítačových systémů Fakulta informačních technologií České vysoké učení technické v Praze c Pavel Tvrdík, 00 Pokročilé paralelní algoritmy
More informationParallel scan on linked lists
Parallel scan on linked lists prof. Ing. Pavel Tvrdík CSc. Katedra počítačových systémů Fakulta informačních technologií České vysoké učení technické v Praze c Pavel Tvrdík, 00 Pokročilé paralelní algoritmy
More informationNetwork Intrusion Goals and Methods
Network Intrusion Goals and Methods Mgr. Rudolf B. Blažek, Ph.D. Department of Computer Systems Faculty of Information Technologies Czech Technical University in Prague Rudolf Blažek 2010-2011 Network
More informationStatistical Aspects of Intrusion Detection
Statistical Aspects of Intrusion Detection Mgr. Rudolf B. Blažek, Ph.D. Department of Computer Systems Faculty of Information Technologies Czech Technical University in Prague Rudolf Blažek 2010-2011 Network
More informationFUNKCIONÁLNÍ A LOGICKÉ PROGRAMOVÁNÍ 1. ÚVOD DO PŘEDMĚTU, LAMBDA CALCULUS
FUNKCIONÁLNÍ A LOGICKÉ PROGRAMOVÁNÍ 1. ÚVOD DO PŘEDMĚTU, LAMBDA CALCULUS 2011 Jan Janoušek MI-FLP Evropský sociální fond Praha & EU: Investujeme do vaší budoucnosti Funkcionální a logické programování
More informationServers I. Ing. Jiří Kašpar prof. Ing. Pavel Tvrdík CSc.
Jiří Kašpar, Pavel Tvrdík (ČVUT FIT) Servers I. MI-POA, 2011, Lecture 5 1/17 Servers I. Ing. Jiří Kašpar prof. Ing. Pavel Tvrdík CSc. Department of Computer Systems Faculty of Information Technology Czech
More informationIn this unit we are continuing our discussion of IT security measures.
1 In this unit we are continuing our discussion of IT security measures. 2 One of the best security practices in Information Security is that users should have access only to the resources and systems
More informationServers II. Ing. Jiří Kašpar prof. Ing. Pavel Tvrdík CSc.
Jiří Kašpar, Pavel Tvrdík (ČVUT FIT) Servers II. MI-POA, 2011, Lecture 6 1/20 Servers II. Ing. Jiří Kašpar prof. Ing. Pavel Tvrdík CSc. Department of Computer Systems Faculty of Information Technology
More informationProgramovatelné obvody a SoC. PI-PSC
Evropský sociální fond Praha & EU: Investujeme do vaší budoucnosti Programovatelné obvody a SoC. PI-PSC doc. Ing. Hana Kubátová, CSc. Katedra číslicového návrhu Fakulta informačních technologií ČVUT v
More information2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient
2 nd ETSI Security Workshop: Future Security Smart Cards Dr. Klaus Vedder Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient ETSI TC SCP, the Smart Card Committee 19 Years of Dedication and Real-life
More informationHow microprobing can attack encrypted memory
How microprobing can attack encrypted memory Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Hardware Security research since 1995 testing microcontrollers and smartcards
More informationCOMPGA12 1 TURN OVER
Applied Cryptography, COMPGA12, 2009-10 Answer ALL questions. 2 hours. Marks for each part of each question are indicated in square brackets Calculators are NOT permitted 1. Multiple Choice Questions.
More informationSpráva sítí I Bezpečnost a řízení přístupu
Správa sítí I Bezpečnost a řízení přístupu Mgr. Rudolf B. Blažek, Ph.D. Katedra počítačových systémů Fakulta informačních technologií České vysoké učení technické v Praze Rudolf Blažek 2010-2011 Moderní
More informationCOPYRIGHTED MATERIAL. Overview of Smart Cards. Chapter Card Classification
Chapter 1 Overview of Smart Cards In contrast to information technology practices in the PC realm, the development and functionality of smart cards are strongly driven by international standards. The reason
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationAuthentication Objectives People Authentication I
Authentication Objectives People Authentication I Dr. Shlomo Kipnis December 15, 2003 User identification (name, id, etc.) User validation (proof of identity) Resource identification (name, address, etc.)
More informationBIOMETRIC MECHANISM FOR ONLINE TRANSACTION ON ANDROID SYSTEM ENHANCED SECURITY OF. Anshita Agrawal
BIOMETRIC MECHANISM FOR ENHANCED SECURITY OF ONLINE TRANSACTION ON ANDROID SYSTEM 1 Anshita Agrawal CONTENTS Introduction Biometric Authentication Fingerprints Proposed System Conclusion References 2 INTRODUCTION
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationAuthentication Technology Alternatives. Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin
Authentication Technology Alternatives Mark G. McGovern Chief Technologist Smart Cards, Crypto, Stego, PKI Lockheed Martin Passwords Initial response by security and programming experts to deny access
More informationModern Technology of Internet
Modern Technology of Internet Jiří Navrátil, Josef Vojtěch, Jan Furman, Tomáš Košnar, Sven Ubik, Milan Šárek, Jan Růžička, Martin Pustka, Laban Mwansa, Rudolf Blažek Katedra počítačových systémů FIT České
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationIBG Protection for Anti-Fuse OTP Memory Security Breaches
IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview Anti-Fuse Memory IP is considered by some to be the gold standard for secure memory. Once programmed, reverse engineering methods will
More information2017 European CMR exam PRAGUE: Candidate Instructions
2017 European CMR exam PRAGUE: Candidate Instructions Dear Candidate, We would like to thank you for participating in this exam. The following is an overview of what to expect during the day of the examination.
More informationHow Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches
How Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview A global problem that impacts the lives of millions daily is digital life security breaches. One of the
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationCrypto tidbits: misuse, side channels. Slides from Dave Levin 414-spring2016
Crypto tidbits: misuse, side channels Slides from Dave Levin 414-spring2016 A paper from 2013 that looked at how Android apps use crypto, as a function of 6 rules that reflect the bare minimum a secure
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More information- 4 hours per week (2 hours lectures + 2 hours laboratory exercises)
Course title: INFORMATION SYSTEMS SECURITY Lecturers Asst.Prof. Tonimir Kišasondi, Ph.D. Language of Croatian and English instruction: Schedule: 60 teaching hours - 4 hours per week (2 hours lectures +
More informationLecture Objectives. Introduction to Computing Chapter 0. Topics. Numbering Systems 04/09/2017
Lecture Objectives Introduction to Computing Chapter The AVR microcontroller and embedded systems using assembly and c Students should be able to: Convert between base and. Explain the difference between
More informationSecure Smartcard Design against Laser Fault Injection. FDTC 2007, September 10 th Odile DEROUET
Secure Smartcard Design against Laser Fault Injection FDTC 2007, September 10 th Odile DEROUET Agenda Fault Attacks on Smartcard Laser Fault Injection Our experiment Background on secure hardware design
More informationBiometrics problem or solution?
Biometrics problem or solution? Summary Biometrics are a security approach that offers great promise, but also presents users and implementers with a number of practical problems. Whilst some of these
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (3 rd Week) 3. User Authentication 3.Outline Electronic User Authentication Principles Password-Based Authentication Token-Based Authentication Biometric
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationVendaCard MF1ICS50. major cities have adopted MIFARE as their e-ticketing solution of choice.
1. General description VendaCard MF1ICS50 Rev.. 5.3?29 January 2008 Product data sheet 001053 PUBLIC NXP has developed for VENDAPIN LLC the MIFARE MF1ICS50 to be used in a contactless smart card applications
More informationTo be familiar with the USART (RS-232) protocol. To be familiar with one type of internal storage system in PIC (EEPROM).
Lab # 6 Serial communications & EEPROM Objectives To be familiar with the USART (RS-232) protocol. To be familiar with one type of internal storage system in PIC (EEPROM). Serial Communications Serial
More informationHY-457 Information Systems Security
HY-457 Information Systems Security Recitation 1 Panagiotis Papadopoulos(panpap@csd.uoc.gr) Kostas Solomos (solomos@csd.uoc.gr) 1 Question 1 List and briefly define categories of passive and active network
More informationMicroprocessors/Microcontrollers
Microprocessors/Microcontrollers A central processing unit (CPU) fabricated on one or more chips, containing the basic arithmetic, logic, and control elements of a computer that are required for processing
More informationA Multi-Application Smart-Card ID System for George Mason University. - Suraj Ravichandran.
A Multi-Application Smart-Card ID System for George Mason University - Suraj Ravichandran. Current System Magnetic Swipe Card based ID The card has three tracks They each store the following: Name, G#
More informationCREDENTSYS CARD FAMILY
CREDENTSYS CARD FAMILY Credentsys is a secure smart card family that is designed for national ID systems, passports, and multi-use enterprise security environments. The family is certified to FIPS 140-2
More informationHW Trends and Architectures
Pavel Tvrdík, Jiří Kašpar (ČVUT FIT) HW Trends and Architectures MI-POA, 2011, Lecture 1 1/29 HW Trends and Architectures prof. Ing. Pavel Tvrdík CSc. Ing. Jiří Kašpar Department of Computer Systems Faculty
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationSecurity of Remote Devices with Personal Identification Card using Biometrics
Security of Remote Devices with Personal Identification Card using Biometrics Ravi Parkash Goela MTech Scholar, Department of Computer Science & Applications, Kurukshetra University, Kurukshetra ravigoela@kuk.ac.in
More informationSurveying the Physical Landscape
Surveying the Physical Landscape UL and the UL logo are trademarks of UL LLC 2017 What do we mean by physical security? Some might think about this Or this Or For this presentation, we mean protection
More informationCOMP3221: Microprocessors and. and Embedded Systems. Overview. Lecture 23: Memory Systems (I)
COMP3221: Microprocessors and Embedded Systems Lecture 23: Memory Systems (I) Overview Memory System Hierarchy RAM, ROM, EPROM, EEPROM and FLASH http://www.cse.unsw.edu.au/~cs3221 Lecturer: Hui Wu Session
More informationGurmeet Kaur 1, Parikshit 2, Dr. Chander Kant 3 1 M.tech Scholar, Assistant Professor 2, 3
Volume 8 Issue 2 March 2017 - Sept 2017 pp. 72-80 available online at www.csjournals.com A Novel Approach to Improve the Biometric Security using Liveness Detection Gurmeet Kaur 1, Parikshit 2, Dr. Chander
More informationHow multi-fault injection. of smart cards. Marc Witteman Riscure. Session ID: RR-201 Session Classification: Advanced
How multi-fault injection breaks Title the of Presentation security of smart cards Marc Witteman Riscure Session ID: RR-201 Session Classification: Advanced Imagine you could turn your BART EZ Rider fare
More informationAT90SDC10X Summary Datasheet
AT90SDC10X Summary Datasheet Features General twincore Secure Dual Core Architecture - 135 Powerful s (Most Executed in a Single Clock Cycle) Total isolation between Master & Secure Cores Secure Inter-Core
More informationMF1ICS General description. Functional specification. 1.1 Key applications. 1.2 Anticollision. Energy. MIFARE card contacts La, Lb.
Rev. 1.1 29 January 2008 Product data sheet 132211 PUBLIC 1. General description NXP has developed the MIFARE to be used in a contactless smart card according to ISO/IEC 14443 Type A. The MIFARE IC is
More informationA Security Module for Car Appliances
A Security Module for Car Appliances Pang-Chieh Wang, Ting-Wei Hou, Jung-Hsuan Wu, and Bo-Chiuan Chen Abstract In this paper we discuss on the security module for the car appliances to prevent stealing
More informationVineet Kumar Sharma ( ) Ankit Agrawal ( )
- A new approach to hardware security analysis - Copy Protection in Modern Microcontrollers Vineet Kumar Sharma (200601093) Ankit Agrawal (200601003) Presentation Flow Why a need of Secure of Microcontrollers?
More informationSmart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security
Smart Cards and Authentication Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Payment Landscape Contactless payment technology being deployed Speeds
More informationDigital Signature Generation using Fingerprint, Password and Smart Card
Digital Signature Generation using Fingerprint, Password and Smart Card FAWAD AHMED and MOHAMMED YAKOOB SIYAL School of Electrical and Electronic Engineering Nanyang Technological University 50 Nanyang
More informationGrundlagen Microcontroller Memory. Günther Gridling Bettina Weiss
Grundlagen Microcontroller Memory Günther Gridling Bettina Weiss 1 Lecture Overview Memory Memory Types Address Space Allocation 2 Memory Requirements What do we want to store? program constants (e.g.
More informationStuart Hall ICTN /10/17 Advantages and Drawbacks to Using Biometric Authentication
Stuart Hall ICTN 4040 601 04/10/17 Advantages and Drawbacks to Using Biometric Authentication As technology advances, so must the means of heightened information security. Corporate businesses, hospitals
More informationCryptographic Module Security Policy
Cryptographic Module Security Policy for jnet Citadel-OS on Atmel AT90SC144144CT Document Version 1.1 February 22, 2007 Prepared by: jnet Technology, Inc. 560 South Winchester Blvd., Suite 500 San Jose,
More informationSecurity & Chip Card ICs SLE 55R04. Intelligent 770 Byte EEPROM with Contactless Interface complying to ISO/IEC Type A and Security Logic
Security & Chip Card ICs SLE 55R04 Intelligent 770 Byte EEPROM with Contactless Interface complying to ISO/IEC 14443 Type A and Security Logic Short Product Information January 2001 Short Product Information
More informationLogical and physical data structures for very small databases (VSDB)
Logical and physical data structures for very small databases () Fabio A. Schreiber Cristiana Bolchini Letizia Tanca Fabio Salice Politecnico di Milano DATABASES SYSTEMS LARGE DB VLDB SYSTEM? SMALL SMALL
More informationSecurity of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security
More informationSmart Cards and Biometrics in Privacy- Sensitive Secure Personal Identification Systems
Smart Cards and Biometrics in Privacy- Sensitive Secure Personal Identification Systems A Smart Card Alliance Report Publication Date: May 2002 Publication Number: ID-02001 Smart Card Alliance 191 Clarksville
More informationIdentification, authentication, authorisation. Identification and authentication. Authentication. Authentication. Three closely related concepts:
Identification, authentication, authorisation Three closely related concepts: Identification and authentication WSPC, Chapter 6 Identification: associating an identity with a subject ( Who are you? ) Authentication:
More informationA systematic approach to eliminating the vulnerabilities in smart cards evaluation
A systematic approach to eliminating the vulnerabilities in smart cards evaluation Hongsong Shi, Jinping Gao, Chongbing Zhang hongsongshi@gmail.com China Information Technology Security Evaluation Center
More informationLecture (01) Introducing Embedded Systems and the Microcontrollers By: Dr. Ahmed ElShafee
Lecture (01) Introducing Embedded Systems and the Microcontrollers By: Dr. Ahmed ElShafee ١ Agenda What is microprocessor system? What is Microcontroller/embedded system? Definition of Embedded Systems
More informationKuppingerCole Whitepaper. by Dave Kearns February 2013
KuppingerCole Whitepaper by Dave Kearns February 2013 KuppingerCole Whitepaper Using Information Stewardship within by Dave Kearns dk@kuppingercole.com February 2013 Content 1. Summary... 3 2. Good information
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 5: Side channels: memory, taxonomy Lecturer: Eran Tromer 1 More architectural side channels + Example of a non-cryptographic
More informationA Lightweight AES Implementation Against Bivariate First-Order DPA Attacks Weize Yu and Selçuk Köse
A Lightweight AES Implementation Against Bivariate First-Order DPA Attacks Weize Yu and Selçuk Köse Department of Electrical Engineering University of South Florida 1 Presentation Flow p Side-channel attacks
More informationECE 471 Embedded Systems Lecture 2
ECE 471 Embedded Systems Lecture 2 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 7 September 2018 Announcements Reminder: The class notes are posted to the website. HW#1 will
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationConsidering the Security of Mobile Commerce and Banking. Professor Keith Mayes Information Security Group ACE-CSR
Considering the Security of Mobile Commerce and Banking Professor Keith Mayes Information Security Group ACE-CSR Information Security Group (ISG) Established 1992 17 Full-time Academics, 8+ Research Assistants
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More informationTypes of Peripheral Devices
DSB International Public School Rishikesh Class VII Computer Science L1 - More Peripherals A computer peripheral is a device that is connected to a computer but is not part of the core computer architecture.
More informationHitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip
Hitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip Suitable for multi-purpose multi-application smart cards in the fields such as
More informationSequential Logic Synthesis
Sequential Logic Synthesis Logic Circuits Design Seminars WS2010/2011, Lecture 9 Ing. Petr Fišer, Ph.D. Department of Digital Design Faculty of Information Technology Czech Technical University in Prague
More informationBacking Up Firmware from Dallas Semiconductor DS5002FP
Backing Up Firmware from Dallas Semiconductor DS5002FP Peter Wilhelmsen Morten Shearman Kirkegaard 2017-07-16 Abstract Secure embedded systems (e.g. arcade games) may use a Dallas Semiconductor DS5002FP
More informationLogical and physical data structures for very small databases (VSDB) Politecnico di Milano
Logical and physical data structures for very small databases (VSDB) Fabio A. Schreiber Cristiana Bolchini Letizia Tanca Fabio Salice Politecnico di Milano DATABASES AND SYSTEMS LARGE DB VLDB SYSTEM VSDB?
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationBiometrics. Overview of Authentication
May 2001 Biometrics The process of verifying that the person with whom a system is communicating or conducting a transaction is, in fact, that specific individual is called authentication. Authentication
More informationAuthentication. Chapter 2
Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication
More informationLord of the Rings J.R.R. TOLKIEN
Copyright 1994 AT&T and Lumeta Corporation. All Rights Reserved. Notice: For personal use only. These materials may not be reproduced or distributed in any form or by any means except that they may be
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationCDN220 HIGH DENSITY I/O ADAPTER USER GUIDE
CDN220 HIGH DENSITY I/O ADAPTER USER GUIDE 13022001 (c) Copyright DIP Inc., 1996 DIP Inc. P.O. Box 9550 MORENO VALLEY, CA 92303 714-924-1730 CONTENTS CDN220 PRODUCT OVERVIEW 1 CDN220 INSTALLATION 2 POWER
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationDistributed and Cloud Computing
Jiří Kašpar, Pavel Tvrdík (ČVUT FIT) Distributed and Cloud Computing MI-POA, 2011, Lecture 12 1/28 Distributed and Cloud Computing Ing. Jiří Kašpar prof. Ing. Pavel Tvrdík CSc. Department of Computer Systems
More informationSmart cards are made of plastic, usually polyvinyl chloride. The card may embed a hologram to prevent counterfeiting. Smart cards provide strong
Smart Cards By: Definition Smart cards, chip card, or integrated circuit card (ICC) are card with embedded integrated circuits that contain a computer chip capable of carrying out a cryptographic protocol.
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationCS System Security Mid-Semester Review
CS 356 - System Security Mid-Semester Review Fall 2013 Mid-Term Exam Thursday, 9:30-10:45 you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This is to
More informationThe Need for Biometric Authentication
The Need for Biometric Authentication Presented previously at: InfoTec 2002 DefCon 10 in Las Vegas NebraskaCERT 2002 Mutual of Omaha ConAgra Foods Presented by: Nate Rotschafer Peter Kiewit Institute Revised:
More informationGlobal Mobile Biometric Authentication Market: Size, Trends & Forecasts ( ) October 2017
Global Mobile Biometric Authentication Market: Size, Trends & Forecasts (2017-2021) October 2017 Global Mobile Biometric Authentication Market Report Scope of the Report The report entitled Global Mobile
More informationAT90SO72 Summary Datasheet
AT90SO Summary Datasheet Features General High-performance, Low-power -/-bit Enhanced RISC Architecture Microcontroller - Powerful Instructions (Most Executed in a Single Clock Cycle) Low Power Idle and
More informationFault-Based Attack of RSA Authentication
Fault-Based Attack of RSA Authentication, Valeria Bertacco and Todd Austin 1 Cryptography: Applications 2 Value of Cryptography $2.1 billions 1,300 employees $1.5 billions 4,000 employees $8.7 billions
More informationPro s and con s Why pins # s, passwords, smart cards and tokens fail
Current Authentication Methods Pro s and con s Why pins # s, passwords, smart cards and tokens fail IDENTIFYING CREDENTIALS In The Physical World Verified by Physical Inspection of the Credential by an
More informationA Novel Approach to RFID Authentication: The Vera M4H Unclonable RFID IC
A Novel Approach to RFID Authentication: The Vera M4H Unclonable RFID IC Presenter: Vivek Khandelwal, Vice President of Marketing & Business Development 1 Agenda» Company Overview» PUF Technology Overview»
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationOptical Fault Masking Attacks. Sergei Skorobogatov
Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Memory modification attacks were actively used in mid 90s to circumvent the security in microcontrollers In old chips
More informationBL75R06SM 8K-bit EEPROM Contactless smart card chip
Description BL75R06SM consists of the RF-Interface, the Digital Control Unit and the 8 Kbit EEPROM. Operating distance is up to 10cm(depending on antenna geometry). The communication layer complies to
More informationIS23SC4439 Preliminary. 1K bytes EEPROM Contactless Smart Card Conform to ISO/IEC 14443A Standard. Table of contents
1K bytes EEPROM Contactless Smart Card Conform to ISO/IEC 14443A Standard Table of contents 1 Features 2 2 General Description 2 3 Typical Transaction Time 2 4 Functional Description 2 41 Block Description
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More information