Smart card security controllers are often subject to a large number of hacking attacks. Recently, the vast improvement in attack methods has announced the end of many previous claims that their products are very secure. For high-security chips such as passports that were originally designed to have a long design life, they now have to take the latest countermeasures to deal with them. And you need to accept the widest variety of tests.
It should be clear that the pure RFID chip and the pure RFID chip with standard microcontroller and safety controller are mainly used for item identification applications, which do not include a microcontroller. These chips have limited functionality and security measures. It can only be used for its specific application.
For contactless card applications, a very high level of privacy protection and data protection is required. The specially designed security is the controller, which can meet the advanced requirements of privacy protection and data protection for such applications.
From the various discussions, people's attention to the application of chip technology in the field of identification documents is on the rise. However, most of the current discussion focuses on the practical application of electronic identification system technology. However, people must also pay attention to an aspect that is not easy to see (Up chip technology itself).
For semiconductor chips used in contactless cards such as electronic identification cards or passports, the ability to protect stored data from unauthorized tampering must be designed. Hackers implement illegal tampering by manipulating data inside the chip. When the card itself has been tampered with. The hacker can make the content conform to the identity card information of a certain country, so that the printed information is consistent with the information on the chip. Some identification systems are capable of implementing an authentication function, that is, the reading device is capable of checking the integrity and authenticity of the information of the identity card or the passport, and vice versa, which is referred to as mutual authentication. For both applications, the security controller pair has a separate key for inspection. but. Once this key is made public, security will no longer exist. therefore. Such chips must also be able to protect their secure authentication keys from being illegally read.
In short. The goal of chip manufacturers is to design effective, testable and identifiable security measures. To defend against the following three categories of threats: false sensing attacks, physical attacks, and bypass channel attacks.
Half-invasion attack
At present, the function of disrupting smart cards has evolved into a comparative method of attack. Thousands of hackers from amateur to very professional around the world use this method. Therefore, this type of false sensing attack (also known as a semi-human attack) has become the main target of security performance evaluation and verification of security controllers.
Smart card controllers are usually made of silicon. The electrical properties of the silicon will vary with different environmental parameters. For example, the electrical properties of a silicon wafer will vary with different voltages, temperatures, light, ionizing radiation, and changes in the surrounding electromagnetic field. The attacker will attempt to introduce some erroneous behavior by changing these environment parameters, including introducing errors into the program flow of the smart card controller. Often, an attacker forces the chip to make a wrong decision (such as receiving an incorrect input authentication code), allowing access to confidential data in memory. This so-called "memory dump" is gradually becoming a place of interest for false attacks.
However, for an attacker to extract a complete key using a complex algorithm, the use of "different error attacks (DFA)" is only valid for some single error operation in some cases. There are various ways to induce unknown errors, including changing the power source, electromagnetic induction, illuminating the surface of the smart card with visible or radioactive materials, or changing the temperature. Some of the above methods can be implemented with very low cost equipment, making them ideal for amateur attackers.
Although the countermeasures against these attacks are given in the data sheet of the security controller. But only through actual testing can you prove whether these measures are really effective. Because of the performance of these countermeasures, the range of variation is up to several orders of magnitude. Therefore, it is extremely important to check the level of safety through independent evaluation and verification. A large number of security tests must be performed before the chip is approved for use in an ID card or e-passport. However, the standards for these security tests are different for different identity card systems of the same family. The implementation of the concept of error-induced attacks must be constructed from a different point of view, and a strict mutual cooperation mechanism must be constructed. The safety concept of Infineon's advanced chip card controller is based on the following three aspects:
1. Prevent false induction:
2. Measuring error induction conditions;
3. Various measures to resist the wrong behavior of the safety controller.
The power supply and input signals are filtered as a first barrier, using a fast reaction stabilizer to prevent a sudden change in the voltage of a given fan. Similarly, some irregular behavior about clock power is also blocked. For example, if the security controller is subjected to a very high voltage attack that is only unsuitable with the usual rules. The sensor is used as part of the second barrier. If the sensor detects a critical value of the environmental parameter, an alarm will be triggered. The chip will be set to a safe state. Voltage sensors are used to check the power supply, clock sensors check the irregular behavior of the frequency, and temperature and light sensors check for light and temperature attacks. The south light attack can be achieved by the back side of the chip, which is effective for both sides of the device. The first barrier is built from the security controller kernel itself. The combination of hardware and software creates an effective third barrier. Here, the combination of hardware and software is crucial, because in some cases, pure software measures are themselves the target of false attacks.
Controllable layer attack
The attacker may also manipulate the circuitry on the chip in a more direct manner, for example, using electrical devices to directly connect the signal lines on the microcontroller. To read the secret data transmitted on the line or to inject the attacker's own data into the chip.
In order to deal with physical attacks, the most important thing is to encrypt the memory and bus system inside the chip, which means that the data on the chip itself is encrypted with a strong cryptographic algorithm. This is the case, even if the attacker can get the data, it can only produce useless information.
On the other hand, an effective shielding network can be used to form an effective barrier for attackers. In this case, the micro-scale ultra-fine protection wire is used to cover the safety controller. These lines of protection are continuously monitored and an alarm is activated if some lines are shorted, cut or damaged. With so many levels of protection, the controller can be protected from physical attacks, even from advanced attack devices.
Bypass attack
Attackers also use methods to obtain confidential data information (such as authentication codes), which is achieved by carefully observing various parameters while working on the chip. Using power analysis (SPA - Simple Power Summer Analysis. DPA - Different Power Analysis. EMA - Electromagnetic Analysis), an attacker can extract information based on power consumption or electromagnetic radiation, depending on the type of operation and the chip. The data processed in the process varies, and the power consumption and radiation intensity vary.
Past, present and future
Considering that attackers will constantly change the attack method and even adopt newer technologies. It is important to recognize that a comprehensive set of security concepts is needed to effectively protect current and future attacks. Therefore, Infineon decided to develop its own high-security processor core for the company's chip card. Safety and product performance are optimally optimized during technical research and product development as well as safety testing and verification.
Although the decision to develop your own kernel is also related to other considerations, the usual benefits are immediately apparent after the first safety test is completed. Infineon uses the most advanced attack technology to thoroughly test the anti-attack measures and safety performance of its products. In order to demonstrate the value of the target security level, independent security assessment and verification are also of significant importance. The company's research on security methodologies and anti-attacks will never stop. The company is considering the evolution of future attack technologies by designing new security products to provide effective protection and future attack technologies.
As one of the earliest enterprises specializing in meat food processing machinery, Helper Group integrates research and development, production, sales and service in the modern management system. Our company has now set up scores of equipment used in the field of meat processing such as frozen meat breaker series, meat block grinder series, chopper and mixer series, saline injector series, tumbling machine series, smoke oven series, filling machine series, sausage linker series, clips tying machine series etc.We also provide sausage lines,vacuum sausage filler,vacuum stuffer.
Sausage Separator Series,Chopper And Mixer Series,Clipping System Solutions,Sausage Lines,Vacuum Sausage Filler,Vacuum Stuffer
Helper Machinery Group Co., Ltd. , https://www.ihelpergroup.com