Smartcard Defence Technologies
Simon Moore
Computer Laboratory, University of Cambridge
The mass adoption of embedded computing devices (mobile phones, PDAs, smartcards, etc) is moving us rapidly into
the ubiquitous computing age. If these devices are to be a boon rather than a bane then robustness is critical.
Security will be increasingly important, not only for traditional roles like payment mechanisms and access control,
but also for peer to peer transactions and new business structures.
Smartcards are an early embodiment of consumer security devices. They present a harder target for the criminal underworld
than their magnetic strip counterparts. However, for several years now it has been know that microprocessors can leak a
lot of useful information through power and electromagnetic emissions. These emissions (often referred to as "side channels")
are characteristic of conventional clocked digital circuit designs. Fault injection techniques have also been used to trick
devices into fault modes which leak additional information.
As part of an EU funded project (G3Card) we have been collaborating with industrial and academic partners to
develop technologies for the 3rd Generation of Smartcards. In Cambridge we have played both black hat and white hat
roles so that we can evaluate what we have designed in much the same way that a good locksmith must also understand
how to be a good lock pick. This lecture will review our design strategies, from concept to VLSI implementation.
Results will be presented from formal verification of components to bench experiments on naked chips.