Achieving security in Integrated Circuit Card applications: reality or desire?

Author

Sanchez-Reillo, Raul

Author_Institution

Dpt. Ingenieria Electrica, Electronica y Automatica, Univ. Carlos III de Madrid, Spain

fYear

2001

fDate

37165

Firstpage

197

Lastpage

201

Abstract

It has been always claimed that smart cards provide a really high level of security, considering them as tamper-proof devices, with the possibility to auto-block some or all of the services they provide. Unfortunately, nowadays some hackers appear to have demonstrated the lack of security involved in some applications where Integrated Circuit Cards (ICC) have been used. This has led to expansion of the opinion that smart cards are not secure enough, and their security is only in the minds of the commercial companies involved with the technology. The author explains the reasons why all this hacking has succeeded. For example, sometimes memory cards have been used instead of smart cards, or very old smart cards have been issued and not renewed, or just the development team involved has not used basic security techniques such as diversified keys. The author also gives clues to achieving a high level of security depending on the final application, and the environment where it is going to be used

Keywords

authorisation; computer crime; memory cards; message authentication; smart cards; ICC; Integrated Circuit Card application security; auto-block; development team; diversified keys; hackers; memory cards; smart card security; tamper-proof device; Application specific integrated circuits; Computer crime; Computer hacking; Integrated circuit technology; Operating systems; Plastics; Radiofrequency identification; Security; Smart cards; Telephony;

fLanguage

English

Publisher

ieee

Conference_Titel

Security Technology, 2001 IEEE 35th International Carnahan Conference on

Conference_Location

London

Print_ISBN

0-7803-6636-0

Type

conf

DOI

10.1109/.2001.962833

Filename

962833