IMGCAP(1)]
This story appears in the January 2009 issue of Cards&Payments.
As the well-publicized hacks of transit smart cards by university researchers showed last year, when hackers crack payment cards, it gets media and public attention. Though the smart cards they hacked featured old technology and weak security, the event helped focus issuers' minds on card security, including the technology used in banking cards.
Banking smart cards, especially those that support the EMV standard used in Europe and elsewhere outside the United States to improve security, have been holding up well, say experts. The chips banks use for their EMV cards are in a different class from the low-cost Mifare Classic transit and access-control cards researchers hacked last year.
Among other features, EMV chip cards pack microprocessors, which enable the cards to crunch higher-level encryption keys and algorithms.
"I don't think an EMV card has been successfully cloned," says payment-systems consultant Mike Hendry, former technical and operational head for the United Kingdom's Chip-and-PIN program, the world's largest EMV migration to date. "Generally speaking, the fact that Mifare had some insecurities has been very well-known for a quite long time."
Researchers in the UK, however, have demonstrated in the lab they could steal card details, including PIN codes, by tampering with EMV terminals–a discovery they have not been shy about publicizing. And it long has been possible to clone low-end EMV cards and to get away with fraudulent purchases if the transactions stay offline.
Real-world hackers lack a strong business case to do this, however, because it is much cheaper to clone the more-vulnerable magnetic stripe on the cards and use them in terminals not supporting EMV, say experts.
But the Mifare hacks and continued interest in EMV security may be among the reasons smart card chip suppliers believe it is a propitious time to pitch a new set of chips for the banking and ID card markets.
Germany-based Infineon Technologies AG appears to be making the biggest push for what it calls a new "concept" in smart card chip security. The vendor, the largest supplier of smart card chips by revenue last year, says its Integrity Guard product line moves away from a reliance on sensors on chips to ward off laser, radiation and other popular attacks. The attacks seek to disturb the normal functioning of the chip to try to coax it to give up its secrets, such as its encryption keys.
Infineon says it puts a second central processing unit, or CPU, on the new line of chips and encrypts all the data both CPUs store and process. The two processors watch for errors in how the chip is handling code or data that could indicate an attack is taking place.
Infineon and other chip vendors have made this type of error detection an important part of their defenses against hackers in the past. But Infineon says the two CPUs and the encryption throughout the chip plug holes in security that hackers could exploit with new attacks.
"If you have various sensors for different attack measures that exist, you have to manage them all the time," says Helmut Gassel, head of Infineon's smart card chip unit. That becomes difficult because hackers always are developing new attacks.
Though he had not studied the new Infineon chips, Markus Kuhn, a lecturer at the University of Cambridge Computer Laboratory in the UK, says if the vendor's claims are true, they would add a "substantial amount of redundancy to prevent the sort of glitching attacks" the Cambridge lab has demonstrated.
The lab has been a frequent critic of the security of smart cards rolled out by banks and other issuers, such as pay-TV service providers. Payment card industry sources have accused the lab of grandstanding and disagree with its findings.
In any case, other smart card chip vendors, including Infineon competitors NXP Semiconductors of the Netherlands and U.S.-based Atmel Corp., say they have introduced more-secure chips or are in the process of doing so.
For example, NXP has announced its "Secure Fetch" technology, which it claims offers "increased protection" against advanced fault attacks with light and lasers. The vendor declined to describe how the technology works but indicates it is a continuation of past enhancements to security. And it apparently does not use two microprocessors.
NXP also has scrambled to offer upgrades for its Mifare technology for transit and access-control cards.
Whether cost-conscious banks will be interested in the new chips for their EMV cards remains to be seen.
Infineon does not appear to be targeting Integrity Guard directly at the EMV market, in which prices are low and falling. And Gassel declined to say how much the new technology would increase chip costs for the card vendors. However, he did say having two central processing units does not mean the chip would cost twice as much.
But for noncontactless EMV cards that are selling for just 1 euro to 1.50 euros (US$1.29 to $1.94) in some markets, say sources, any chip-price increase may be too much.
"Sometimes the chip vendors offer some chips that are oversized for what we need," says Jerome Ajdenbaum, head of marketing and payment product line at France-based card vendor Oberthur Technologies.
But for banking smart cards, card vendors cannot pack in too much expensive security. Besides needing to keep prices low, they know fraudsters have a limit to how far they will go in trying to crack an EMV card.
"EMV cards should only contain secrets related to a single bank account," says the University of Cambridge's Kuhn. "A thief would have to bring the stolen card quickly into a laboratory for dismantling before the card is canceled by the victim."
In fact, fraudsters spend much more time and effort cracking smart card technology used on pay-TV cards because the keys on the cards unlock the entire network. The pirates can then sell cloned cards to viewers who steal satellite or cable-television service.
Of course, banks and payment card schemes take security concerns seriously. At the very least, a security breach would leave banks red-faced if the story got out.
The desire to avoid that kind of embarrassment may determine just how much banks will want to spend on chip technology to stay ahead of hackers. CP
