Thursday, 3 November 2011

Smart Card Hacking

According to Abbott [1], the smart card is not perfect but has improved on security. Hacking it necessitate expensive specialize equipment. This condition has made it less prone to attack. It has lower risk than other conventional IT system. The design of the smart card has made it less susceptible.

Common Criteria (CC) or ISO15408 is a standard used to uplift the smart card security. There is an inclusive Protection Profile (PP) [2] to cover smart card security. This is an ideal security technical guideline to follow by the smart card manufacturer.

All of the security features in the Security Target (ST) are tested in a laboratory. The security modules must strictly follow the PP. With this scheme, the smart card security has some sort of assurance.

[1] J.Abbott. “Smart Cards: How Secure Are They?’ The SANS Institute GSEC Practical Submission, 2002.

[2] “Common Criteria For Information Technology Security Evaluation: Protection Profile Smart Card Integrated Circuit With Embedded.” Registered by the French Certification Body under the reference PP/9911, 1999.