Side-Channel Monitoring of Contactless Java Cards
MetadataShow full item record
Smart cards are small, portable, tamper-resistant computers used in security-sensitive applications ranging from identification and access control to payment systems. Side-channel attacks, which use clues from timing, power consumption, or even electromagnetic (EM) signals, can compromise the security of these devices and have been an active research area since 1996. Newer ``contactless'' cards communicate using radio frequency (RF), without physical contact. These contactless smart cards are sometimes grouped with radio frequency identification (RFID) devices in popular usage of the term. This thesis investigates devices that use the ISO 14443 (proximity card) protocol, a large class of contactless/RFID devices. Although contactless smart cards are increasingly common, very few reproducible practical attacks have been published. Presently, there are no known documented side-channel attacks against contactless Java Cards (open standard multi-application cards) using generic unmodified hardware. This thesis develops a research-friendly platform for investigating side-channel attacks on ISO 14443 contactless smart cards. New techniques for measurement and analysis, as well as the first fully documented EM side-channel monitoring procedure, are presented for a contactless Java Card. These techniques use unmodified, commercial off-the-shelf hardware and are both practical and broadly applicable to a wide range of ISO 14443 devices, including many payment cards and electronic passports.