Smart Cards: Side-channel attacks on smartcards

The use of smartcards and PINs for two-factor authentication has become a popular - and cost-effective - method for overcoming the limitations of passwords and usernames. But there's a major irony: the cards themselves are susceptible to attack. Smartcards use cryptographic algorithms to protect secret information. But physical crypto-systems have their own vulnerabilities, and smartcards are by no means tamper-proof, merely tamper-resistant. We explore the main forms of attack on smartcards, including 'side-channel' attacks which exploit information leaked by the physical characteristics of the card during execution of the algorithm. This extra information can be used to infer secrets. The much-discussed problem of single-secret authentication for accessing network resources can be overcome by using two-factor authentication systems. But the use of smartcards brings with it risks of its own.