We had a guest lecture today in the OSU colloquium. The guest was Jean-Pierre Seifert from Infineon Technologies AG in Germany. He spoke on "Secure Mobile Solutions: Products and Their Security." Dr. Seifert spent most of his lecture describing smart cards Infineon develops and what they do to make the smart cards secure. This absolutely blew my mind.
For starters, they are concerned about all sorts of physical and electronic attacks on the card, and they want to protect the contents of the card. In order to do this, they have a variety of counter measures to prevent reverse engineering and intrusion. There are heat sensors, light sensors, voltages sensors, etc., and an IC dedicated to simply monitoring the sensors.
To prevent electronic probing, they have a shielding layer surrounding the card that is charged with random electronic pulses. To prevent inferring of the instruction set via voltage readouts on the contacts, they introduce randomized delays in processing and communication. To prevent attacks by monitoring voltage changes, they carefully guard the power draw to make it perfectly consistent no matter what the card is doing. They even put random data on the bus while the CPU is busy with other things! This is crazy stuff!
Now just imagine seeing over 100 slides about this stuff. Crazy! All-in-all, it makes me glad someone thinking about this, but I'm happy simply writing applications.
Posted by enigma at January 29, 2004 09:06 PMLike everywhere dishonesty makes things quite complicated. Thank God for heaven!
Posted by: Bernd Neumann at January 31, 2004 03:43 PM