 |
|
|
 |
||
 |
|
|
Smartcard Security: Essential and Assurable! |
|
|
|
|
|
||||||||||||||||
(1) the provision of state-of-the-art security solutions (2) the use of internationally recognized formal security certifications to verify that its products meet the application's security targets. Many theoretical potential attacks on smartcard security have been publicly desc ribed using techniques such as Differential Power Analysis (DPA) and although th ese typically require resources and expertise far greater than those possessed b y most potential attackers, ST's security strategy is based on worst-case scenar ios. For this reason, the security certifications that ST has pursued via the E uropean ITSEC (IT Security Evaluation Criteria) scheme have all been at level E3 -High, which means, first, that the security functions are designed to defeat at tackers with state-of-the-art expertise and resources far beyond normal practica lity (Strength of Mechanisms = High) and second, that the proofs supplied to th e independent security assessors meet the demanding levels of detail and stringe ncy required by the most security-sensitive commercial applications (Correctness level E3). Security Techniques ST has a long experience of designing products that offer the highest levels of security. The hardware and firmware of its smartcard chips are designed to minim ize the observability of the embedded application's software operations, taking into account all known attack scenarios such as DPA. Hardware and firmware secur ity mechanisms are continually improved to provide the highest levels of securit y within the limits of current technology and they are reinforced by specificati ons that ensure that application software developers can maximize the strength o f the security functions. The techniques that have already achieved great success in the industry standard ST16 family have been further refined in the new ST19 family to provide even gr eater protection against SPA/DPA attack scenarios. These include: (A) the use of advanced 0.6æ technology that greatly reduces the size and power consumption of the devices as well as the relative variations in operating param eters. Coupled with the protection afforded by a third metal layer, this greatly increases the difficulties for SPA/DPA attacks. (B) a special Clock Software Management facility, when properly used, results in highly variable software timing when the embedded application program is execut ing. (C) a built-in timer with Interrupt capability and an Unpredictable Number Gener ator can be used to impose unpredictable variations on software execution behavi or, with consequent changes in the pattern of power consumption. (D) a modular design allows new hardware variations, including custom variations , to be produced quickly and efficiently, thereby allowing fast response to new attack scenarios. (E) an Enhanced Memory Access Control system provides secure operating system su pport for multi-application cards. (F) an enhanced set of security mechanisms and firmware functions allow the appl ication to detect and respond appropriately to the occurrence of conditions that might indicate an attack. These conditions include invalid operating condition s, bad opcodes, bad addresses and violations of chip integrity; the possible res ponses include interrupts, program reset, immediate erasure of all RAM data and flash programming of the entire EEPROM array. Security Certifications As both the security mechanisms employed and the techniques used to attack them grow ever more sophisticated, there is an increasing need for proof that the sec urity mechanisms do all that is claimed for them. As early as 1994, ST became co nvinced that the only effective way to provide the necessary assurances was thro ugh formal verification via independent assessment by accredited security exper ts. ST therefore pioneered the use of the European ITSEC scheme and gained the w orld's first ITSEC certification for a smartcard product (an ST16601 masked with application code developed by Bull for French bank cards). Since then, other key players in the smartcard market have recognized that forma l evaluations and certification are by far the most efficient and the most econo mical way to perform security certifications. However, ST remains the clear lea der in terms of formal security certifications, including no less than four ITS EC certifications covering banking, pay-TV, French patient health cards and Fren ch doctors' health cards, as well as a ZKA certification for German health cards . ST is also at the origin of a new approach to the standardization of the securit y evaluation and certification called Protection Profiles. These use the new Com mon Criteria which will eventually become an ISO standard for IT security evalua tion. The first Protection Profile was elaborated with the assistance of the ex perts from the French IT Security Evaluation and Certification Scheme and was th e work of a group which included all of the most significant suppliers of smartc ard chips. The aim of the Protection Profile was to specify the functional and a ssurance requirements applicable to microcontroller-based smartcard chips, regar dless of the interface and communication protocol i.e. it would be equally appli cable to contact- based, contactless and dual-mode smartcards. The first revision of this Protection Profile was presented in October 1997. The second revision, fully compatible with the Common Criteria Version 2.0 which wi ll become the future ISO standard, is now available and can be downloaded from t he ST website at www.st.com under the product support section. ST remains fully committed to the concept of independent security evaluation and has already started to work on a formal evaluation process for the new ST19 pla tform using this Protection Profile and the Common Criteria. Future methodologies One of the key lessons that was learned during the first pioneering ITSEC evalua tion (which had to be conducted, for business and historical reasons, on an exis ting product that had not been designed with security evaluation in mind!) was t hat security evaluation should be started as early as possible, ideally in paral lel with the development process. To this end, ST is playing a leading role in a project running under the European MEDEA (Micro-Electronic Developments for Eu ropean Applications) program whose goals include not only the development of ad vanced VLSI, sub-micron smartcard chips with high levels of security easy applic ation downloading capability but also new and innovative methodologies for fast development of derivatives with security certification. The project, known as MASSC (Multi-Application Secure Smart card) will develop an open and secure platform for dynamic downloading of applications to be execut ed on an embedded virtual machine. However, because the smartcard market offers a particularly demanding challenge to application developers (due to the need t o ensure high security while meeting increasingly demanding time-to-market and p rice/performance commercial pressures), MASSC is also addressing the methodolog y of product development. In particular, formal methods are being developed to d efine the hardware through high level languages like HDL and test this against s ecurity targets before defining the exact silicon hardware and software program specifications. The result will be a high level of assurance that the developed modules and products will pass security certification. Conclusion Security is a constantly moving target and no chip manufacturer can claim that i ts products are proof against all possible future attacks. ST's success in the smartcard market is due not only to its leading edge technology, customer partne rships and cost-effective manufacturing but also on its uncompromising approach to security, expressed not only through the demonstrable security of its product s but, equally importantly, in pioneering role in demonstrating to the smartcard industry the essential role of formal security evaluation and its commitment to making security both affordable and assurable. |
|
|||||||||||||||||
|
|
 |
|
|
|
|
||
