Presentation is loading. Please wait.

Presentation is loading. Please wait.

Potential Risks for Smart Cards Firmware

Published byΑλκιππη Ταρσούλη Modified over 6 years ago

Similar presentations

Presentation on theme: "Potential Risks for Smart Cards Firmware"— Presentation transcript:

1 Potential Risks for Smart Cards Firmware
S.ICZ Security and Protection of Information Brno 2005

2 Measuring Arrangement

3

4 Filtering

5 Real SIM Begin End Life Verify

6 Real Attack Life Difference Difference Life Life Difference

7 The Sample of Source Code
private void PulsePIN(APDU apdu, byte[ ] pbuffer) { byte byteRead =(byte)(apdu.setIncomingAndReceive()); byte BlockPWD [ ]={(byte)0x00}; byte BlockPWDLen = 1; MyPin.check(pbuffer, ISO7816.OFFSET_CDATA, byteRead); }

8 The Result 1x private void PulsePIN(APDU apdu, byte[ ] pbuffer) {
byte byteRead =(byte)(apdu.setIncomingAndReceive()); byte BlockPWD [ ]={(byte)0x00}; byte BlockPWDLen = 1; MyPin.check(pbuffer, ISO7816.OFFSET_CDATA, byteRead); } 2x 3x

9 Another Sample of Program
private void PulsePIN(APDU apdu, byte[ ] pbuffer) { byte byteRead =(byte)(apdu.setIncomingAndReceive()); byte BlockPWD [ ]={(byte)0x00}; byte BlockPWDLen = 1; // Good PIN MyPin.check(BlockPWD, (byte)0x , BlockPWDLen); // Try PIN if (!MyPin.check(pbuffer, ISO7816.OFFSET_CDATA, byteRead)) short tries = MyPin.getTriesRemaining(); // send error counter in APDU back ISOException.throwIt( (short) (SW_PIN_FAILED + tries)); }

10 Bad X Good PIN

11 Public Phone Card

12 Conclusion Inexpensive Noninvasive Attacks Complexity X Security
Side channels program tracing MyPin.check(pbuffer, ISO7816.OFFSET_CDATA, byteRead);

Download ppt "Potential Risks for Smart Cards Firmware"

Similar presentations

563.11.1 Java Card Programming: Overview Presented by: Raman Sharykin PISCES Group: Soumyadeb Mitra, Sruthi Bandhakavi, Ragib Hasan, Raman Sharikyn University.

Java Card Programming: Overview Presented by: Raman Sharykin PISCES Group: Soumyadeb Mitra, Sruthi Bandhakavi, Ragib Hasan, Raman Sharikyn University.
Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.

Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.
Jason Javacards as secure objects network by Richard Brinkman.

Jason Javacards as secure objects network by Richard Brinkman.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.

ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.
University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands Secure.

University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands Secure.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
1 Financial Cryptography and Data Security 2013 Risks of Offline Verify PIN on Contactless Cards Martin Emms, Budi Arief, Nick Little, Aad van Moorsel.

1 Financial Cryptography and Data Security 2013 Risks of Offline Verify PIN on Contactless Cards Martin Emms, Budi Arief, Nick Little, Aad van Moorsel.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt Consumers’ Awareness of, Attitudes Towards and Adoption of Mobile Phone Security Stewart Kowalski, Ericsson.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt Consumers’ Awareness of, Attitudes Towards and Adoption of Mobile Phone Security Stewart Kowalski, Ericsson.
Sophos Mobile Security

Sophos Mobile Security
Java Card Open Platform Combines tomorrow's technology and platforms C:\Presentations - JavaCard_OpenPlatform.ppt - bsc - 26.02.02 - page 1 Programming.

Java Card Open Platform Combines tomorrow's technology and platforms C:\Presentations - JavaCard_OpenPlatform.ppt - bsc page 1 Programming.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Masaryk U., Monet+ 8.3.2013 White-box attack resistant cryptography – mobility tickets Petr Švenda Masaryk University,

Masaryk U., Monet White-box attack resistant cryptography – mobility tickets Petr Švenda Masaryk University,
1 How to 0wn the Internet in Your Spare Time First paper in Internet worm research  Right after Code Red in July 2001, very important Showed that a simple.

1 How to 0wn the Internet in Your Spare Time First paper in Internet worm research  Right after Code Red in July 2001, very important Showed that a simple.
Smart Card 李開振, 許家碩 Department of Computer Science National Chiao Tung University.

Smart Card 李開振, 許家碩 Department of Computer Science National Chiao Tung University.

Similar presentations

Ads by Google