Research On Intelligent Card Bypass Analysis And Security Application Programming Design Pattern

Since the first patent of smart card has been approved in1968, the card smart experienced three development stages those are the memory card, only a single application and multi-application card with operating system. And the concomitant, all aspects of security of smart card has been threaten as smart card for daily application. As one of passive attack methods, side channel analysis(SCA) attacks are very dangerous and pervasive, whose target range from protocol, module, and device to even system. Typically, smart card also became the object of SCA attack.This paper presents an information theoretic differential side channel analysis attack. With a secret key embedded device can be modeled as an black box with a leakage function, the attacker through noisy measurement of a physical observable quantity(such as power consumption of device), can capture the output of the leakage function. The article only assume that the measured values is dependent in some way to leak information, and then rely on the word processed by the device. This article will build a distinguisher, which uses the Mutual Information between the observed and leakage as a statistical test object. When the hypothetical key is equal to the key in the smart card, the Mutual Information will reach the maximum. The effectiveness of this approach will be verified by experiment.It’s available for programmable cryptographic smart cards that provide possibility to run application in more secure environment than normal personal computer. However, side channel information leakage leads to side channel attacks which can extract secret key information from cryptographic smart card during program execution. The security of application requires ubiquitous protection throughout the code. Without strict understanding of side channel attacks it is difficult to defend program effectively. Since traditional secure programming methods focus mostly on input validation and output control, it’s necessary to introduce a series of patterns to strengthen security of application programming of smart cards. These patterns can help developers to mitigate the risk of side channel attacks. For those who wish to deploy secure application programming in the presence of side channel attacks, that makes a simple suggestion to improve resistance to it.