Browse > Article
http://dx.doi.org/10.13089/JKIISC.2005.15.5.47

A New Method for Detecting Trapdoors in Smart Cards with Timing and Power Analysis  

Lee Jung Youp (Korea University)
Jun Eun-A (Korea University)
Jung Seok Won (Mokpo National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.15, no.5, 2005 , pp. 47-57 More about this Journal
Abstract
For economic reasons, even though there are some security problems, the commands of re-initializing and writing patch code are widely used in smart cards. The current software tester has difficulty in detecting these trapdoor commands because trapdoors are not published and programmed sophisticatedly. Up to now the effective way to detect them is to completely reveal and analyze the entire code of the COS with applications such as the ITSEC. It is, however, a very time-consuming and expensive processes. We propose the new detecting approach of trapdoors in smart cards using timing and power analysis. With our experiments, this paper shows that the proposed approach is more practical than the current methods.
Keywords
Smart Cards; COS; Trapdoor; Timing Analysis; Simple Power Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 W. Rankl and W. Effing, 'Smart Card Handbook,' Third Edition, John Wiley & Sons, Ltd, 2003, pp.244, pp.544-546, pp.579, pp.589
2 ISO/IEC 7816-3:1997, Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols
3 P. Kocher, 'Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS, and Other Systems,' CRYPTO 1996, LNCS 1109, Springer-Verlag, 1996, pp.104-113
4 Information Technology Security Evaluation Criteria, Version 1.2, Office for Official Publications of the European Communities, June 1991
5 ISO/IEC 14443-3:2001, Identification cards. Contactless integrated circuit(s) cards. Proximity cards. Part 3: Initialization and anticollision
6 P. Kocher, J. Jaffe, and B. Jun, 'Differential Power Analysis,' CRYPTO 1999, LNCS 1666, Springer-Verlag, 1999, pp.388-397
7 VISA Corporation, Chip Card: Testing and Approval Requirements Version 7.0, Industry Services, Dec. 2002
8 Common Criteria for Information Technology Security Criteria, Version 2.1, Aug. 1999
9 Trusted Computer Systems Evaluation Criteria, US DoD 5200.28-STD, Dec. 1985
10 ISO/IEC 7816-4:1995, Identification cards - Integrated circuit(s) cards with contacts - Part 4: Interindustry commands for interchange
11 ISO/IEC 14443-4:2001, Identification cards. Contactless integrated circuit(s) cards. Proximity cards. Part 4: Transmission protocol