Why Those Smart-Chip Security in Your Credit Cards Don’t Stop Fraud Online
In today’s day and age can we count on Smart-Chip Security?
Before we go any further with regard to smart-chip security, let us begin to understand what exactly smart chip means.
What is a Smart-Chip?
A smart chip is a tiny piece of hardware that can be used in a credit card or an identification card which contains a microprocessor for computing or for high-level data handling. The smart chip enables the card to function as a computing device or data holder used for purposes such as authentication anddata storage.
The functionality of smart chips vary. Some of them function as a small flash drive or pen drive USB device where it contains memory to store data. Smart chips may handle password protection or other security devices for cards.
Smart chips are embedded in a number of layers that go to make up the actual physical card. The smart chips and smart cards come in different types, but the design of the smart cards need to match the design of the reader system for which it is used.
Since smart cards are self-contained, they are resistant to attacks from vulnerable external resources. For this reason, smart cards are used in those fields where there is strong smart-chip security and authentication needed.
On the other hand, hackers find various means to hack the secure data on cards. The manufacturers have to come up with greater smart-chip security with more sophisticated locks and keys on the cards. Both sides drive each other to come up with better smart-chip security and invent better technology.
Different aspects of Smart-Chip Security
The various aspects of smart-chip security are as follows:
Communication with the outside world and smart-chip security
The communication between a smart card and a card accepting device, also known as CAD is via small data packets called Application Protocol Data Units (APDUs). Hackers find it difficult due to the small bit rate (9600 bits per second) that uses a serial bi-directional transmission line (ISO standard 7816/3), half duplex mode of transmission and a sophisticated protocol.
The vulnerability to attacks increases when external devices communicate with the card.
There is a manual active authentication protocol to identify the smart card with the CAD. A random number that has been generated by the smart card is sent to the CAD, which in turn encrypts the number with a shared encryption key before returning it back to the card. The card will then compare the result with its own encryption. This procedure can be operated in reverse as well. When communication is established, then the message is verified through an authentication code. This is based on the data, an encryption key and a random number. In case data is altered, then the message needs to be retransmitted. The data can also be verified by a digital signature.
Smart-chip security in relation to Hardware Security
The data and passwords on a card are stored in the EEPROM. These can be erased or changed due to an unusual voltage supply. For security reasons sensors were implemented for any environmental changes. This method is not widely used by the hackers as it is not easy to find the accurate level of sensitivity and the voltage fluctuates when power is supplied to the card.
The security lock can be removed by heating the controller to a high temperature or focusing UV light on the EEPROM.
Differential Power Analysis (DPA) is an attack on a cryptographic algorithm where the encryption key from the smart card can be extracted.
Various smart-chip security methods have been developed to protect smart cards. These smart-chip security methods are STMicroelectronics used against SPA/DPA attacks.
-The 0.6 micron technology which reduces the size and power consumption of cards make it hard for external SPA/DPA methods to distinguish between normal and data related card fluctuations.
-Another smart-chip security is a special clock software management facility which results in different software timing when the application program is running.
-There is also a built-in timer with Interrupt capability and an Unpredictable Number Generator to give variations on the behavior of the software execution and subsequently changes the behavior of power consumption.
-There is a smart-chip security in which a modular design allows hardwarevariations which is produced quickly and efficiently in order to respond to any hacking.
-An advanced Memory Access Control system protects the operating system for multi-application cards.
-In case of any hacking, there is an advanced set of smart-chip security mechanisms and firmware functions that allow the application to detect and respond.
Smart-Chip securitywith regard to Operating Systems
The access rights to a dedicated file (DF) and elementary file (EF) have five access levels. They are categorized in the order of increasing security as Always (ALW), Card Holder verification 1 (CHV1), Card Holder Verification 2 (CHV2), Administrative (ADM) and Never (NEV) where access of file is forbidden. Some of the OS provide further levels of access. In case a wrong PIN has been entered for several consecutive times, then the OS blocks the card.
Smart-Chip Security by way of Software Security
Software producers should provide their products with properly encrypted data and transfers. Towards this end, there are hardware-based or OS-based instructions as well as libraries that support advanced cryptographic algorithms.
EMV for smart-chip security
EMV stands for Europay, MasterCard and Visa is basically designed to prevent counterfeiting of cards. Counterfeiting is where the person who has stolen the card, makes a new one by copying the data that has been stored on the magnetic strip.
Visa and MasterCard are in the process of getting the merchants to adopt tokenization. In this case the retailer or service replaces the card data with a unique code. By this method, the retailer can save the customer’s card in his account thereby lessening the risk and tokenization allows the retailer to update data on obtaining a new card. The merchants who shift to tokenization will need to apply AI techniques to ascertain if the transaction is legitimate or not.
Most of the attacks by hackers are classified as class 3 attacks where the cost to hack the system is itself more than the cost of the system itself. Technology in the field of smart-chip security is developing much faster than the methods adopted by hackers. The hackers are finding it far more difficult to hack the system, considering the smart-chip security which is preventing attacks which were previously considered vulnerable.