Achieving security in Integrated Circuit Card applications: reality or desire?

摘要

It has been always claimed that smart cards provide a really high level of security, considering them as tamper-proof devices, with the possibility to auto-block some or all of the services they provide. Unfortunately, nowadays some hackers appear to have demonstrated the lack of security involved in some applications where Integrated Circuit Cards (ICC) have been used. This has led to expansion of the opinion that smart cards are not secure enough, and their security is only in the minds of the commercial companies involved with the technology. The author explains the reasons why all this hacking has succeeded. For example, sometimes memory cards have been used instead of smart cards, or very old smart cards have been issued and not renewed, or just the development team involved has not used basic security techniques such as diversified keys. The author also gives clues to achieving a high level of security depending on the final application, and the environment where it is going to be used.