Security’s Role in the Smart-card Game
- By Paul Kocher, Pankaj Rohatgi, Ken Warren
- Aug 01, 2010
Smart cards are the first truly successful mass-market
semiconductor segment with the primary objective
of providing security. Unlike holograms, magnetic-stripe
cards and most RFID chips, smart cards can perform
cryptographic computations using on-chip keys. As a result,
a smart card can authenticate itself to other devices
without revealing its secrets.
This capability has proved valuable for a wide range
of applications. For example, smart cards for banking are
ubiquitous outside the United States and have played a
major role in managing fraud by securely authenticating
account holders. In fact, securely binding a user’s identity
to a card is a common feature across many smart-card
applications, including transport, healthcare, passport
and identification, and the largest smart-card segment,
SIMs for mobile phones. The importance of smart cards
is reflected in their ubiquity; about 5 billion smart cards
are produced annually.
Smart cards have played a major role in the development
of semiconductor security technologies over the
past decades. The evolution of sophisticated tamper-resistance
mechanisms and secure design methodologies,
including countermeasures to side channel attacks, has
largely been driven by the smart-card industry’s need to
protect on-chip secrets.
We are now seeing similar tools and techniques being
adopted in a wide range of other technology products.
For example, the development of new payment
platforms is creating requirements for tamper-resistant
cryptographic implementations for mobile phones and
other devices. Similar needs also are appearing in the
entertainment, embedded systems, network access and
power metering fields.
Smart cards also have played an important role in
making strong security cost effective. The average
smart-card chip sells for less than $1. Even low-end
chips support standard cryptographic algorithms, such
as AES, which are mathematically extremely secure. But
chips do vary in their protection against attackers who
have physical possession of the chip and are seeking
to extract secret keys. While no physical device can be
perfectly secure against such attacks, smart-card chips
that cost a few dollars can often provide similar protection
to hardware security modules selling for thousands
of dollars.
As we face the challenges of integrating security into
an ever-increasing range of products, the security technologies
developed to secure smart cards will provide a
very useful toolbox.
About the Authors
Paul Kocher is the founder, president and chief scientist at Cryptography Research.
Pankaj Rohatji is the technical director of hardware solutions.
Ken Warren is the smart-card business manager at Cryptography Research.