Smart card physical security

[Markus Kuhn]

Ian G Batten wrote on 2002-03-14 15:08 UTC:
> To judge from the Canal+ vs Sky wrangle, the idea of the inherent
> physical security of smart cards is going to be very publically
> discussed very soon.

And it might take some time until journalists writing about this will
really understand the very different security requirements that content
protection systems (pay-TV, etc.) and other smartcard applications
(credit/debit authorization cards) have.

The standard reference on the subject that I recommend to everyone
getting interested in smartcard security as the readme.1st paper is:

  Schneier/Shostack:
  Breaking Up Is Hard to Do: Modeling Security Threats for Smart Cards,
  USENIX Workshop on Smartcard Technology, May 10-11, 1999,
  Chicago, Illinois, USA.

  http://www.usenix.org/publications/library/proceedings/smartcard99/schneier.html

A more brief discussion on how more specifically the difference between
tamper-evidence and tamper-resistance requirements for smartcards
relates to different applications can be found in section 2 of

  Kömmerling/Kuhn:
  Design Principles for Tamper-Resistant Smartcard Processors.
  (same conference as above)

  http://www.usenix.org/publications/library/proceedings/smartcard99/kommerling.html

as well as in section 14.6.3 of Security Engineering.

Markus

-- 
Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK
Email: mkuhn at acm.org,  WWW: <http://www.cl.cam.ac.uk/~mgk25/>