Reviving smart card analysis

Smart cards chips -- originally invented as a protection for cryptographic keys -- are increasingly used to keep protocols secret. This talk challenges the chips' security measures to unlock the protocols for public analysis.

Hardened security chips are protecting secret cryptographic keys throughout the virtual and physical worlds. These smart card chips are found in banking cards, authentication tokens, encryption appliances, and master key vaults.

The protection capabilities of the chips is increasingly used to also keep secret application code running on the devices. For example, the protocols of modern EMV credit cards are not publicly known. Such obscurity is hindering analysis, hence letting logic and implementation flaws go unnoticed in widely deployed systems, including credit card systems.

We demonstrate a method of extracting application code from smart cards with simple equipment to open the application code for further analysis.

Presented by