information security technical report 14 (2009) 4656

available at www.sciencedirect.com

www.compseconline.com/publications/prodinf.htm

Attacking smart card systems: Theory and practice

Konstantinos Markantonakisa,*, Michael Tunstallb, Gerhard Hanckea,
Ioannis Askoxylakisc, Keith Mayesa
a

Information Security Group Smart Card Centre, Royal Holloway, University of London, UK
Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol BS8 1UB, UK
c
Institute of Computer Science, Foundation for Research and Technology-Hellas, Heraklion, Greece
b

abstract
Keywords:

Smart card technology has evolved over the last few years following notable improvements

Smart card

in the underlying hardware and software platforms. Advanced smart card microproces-

Security

sors, along with robust smart card operating systems and platforms, contribute towards

Smart card attacks

a broader acceptance of the technology. These improvements have eliminated some of the

Relay attacks

traditional smart card security concerns. However, researchers and hackers are constantly

EMV

looking for new issues and vulnerabilities. In this article we provide a brief overview of the

Satellite TV

main smart card attack categories and their corresponding countermeasures. We also

Contactless

provide examples of well-documented attacks on systems that use smart card technology
(e.g. satellite TV, EMV, proximity identification) in an attempt to highlight the importance
of the security of the overall system rather than just the smart card.
2009 Elsevier Ltd. All rights reserved.

1.

Introduction

Smart cards are typically considered to be tamper resistant,

which means that the intended functionality and data held
within such a device should not be undermined by
tampering. Smart cards also offer a selection of security
mechanisms that could, for example, be used to implement
authentication or ensure data confidentiality. Smart cards
are therefore used in systems that provide security services.
However, a secure and trusted token alone is not enough
to guarantee security within a system. A designer incorporating smart cards into a system should consider both
attacks that apply to the security of the physical smart card
token and the system as a whole. This article provides a brief
overview of selected attacks on smart cards, and also
examines cases where real world systems using smart cards
were attacked because of factors not directly related to the
security of the actual token.

The structure of the article is as follows. In Section 2 we

provide a very brief overview of smart card technology in
terms of the different types of smart cards, their characteristics and related applications. In Section 3 we examine smart
card security at the token level by highlighting the main
attacks and their countermeasures. In Section 4 we discuss
some attacks implemented against EMV payment, satellite TV
and proximity identification systems where the underlying
smart card technology may have been seen to be robust
enough but where weaknesses in other system processes
opened up opportunities for exploitation. Finally, we provide
our concluding remarks in Section 5.

2.

Smart card technology

There are several different types of smart card that can

fulfil different functions in a secure system. The common

* Corresponding author.
E-mail addresses: k.markantonakis@rhul.ac.uk (K. Markantonakis), tunstall@cs.bris.ac.uk (M. Tunstall), gerhard.hancke@rhul.ac.uk
(G. Hancke), asko@ics.forth.gr (I. Askoxylakis), keith.mayes@rhul.ac.uk (K. Mayes).
1363-4127/$ see front matter 2009 Elsevier Ltd. All rights reserved.
doi:10.1016/j.istr.2009.06.001

information security technical report 14 (2009) 4656

types of smart cards are listed below in order of increasing

cost:
Memory cards: These cards contain only memory that can be
initialised once and have few security features. These cards
could be used in systems where a card is pre-loaded with a set
value, such as prepaid phone cards, or where the card simply
contains an identifier linking to data in the back-end system.
These cards have limited functionality and are often discarded once it has been used, e.g. if the credit on prepaid
phone card runs out.
Memory cards with logic: A more versatile version of the
memory card contains some logic that controls access to
memory contained within the card. This gives the card issuer
more freedom to modify, or update, the data stored within the
cards memory during operation, e.g. to recharge a prepaid
phone card. This allows more complex applications to be
implemented and lengthens the life of the card, e.g. it does not
need to be discarded after the initial credit has been used.
Microprocessor cards: Smart cards that can support more
complicated systems are based around a specialised microprocessor. These cards will typically contain an operating
system and allow the issuer to specify his own commands,
functionality and data structures. Customer-specific information is stored in programmable non-volatile memory, such as
Flash or Electrically Erasable Programmable Read Only Memory
(EEPROM), which can be modified by the smart card as required.
The most common uses for such smart cards are bank cards
and Subscriber Identity Modules (SIMs) for mobile phones.
Apart from the conventional contact smart card there are
also different types of smart card communication interfaces
available:
Contactless smart cards: Contactless smart cards are either
based on a microprocessor or a memory chip, and have the
same functionality as the cards described above. The difference, to contact based smart cards, is that communication is
performed using an antenna glued inside the plastic body of
the card. There are two types of contactless smart card,
referred to as vicinity cards (International Organization for
Standardization, 2000a), which have a communication range
up to a metre, and proximity cards (International Organization
for Standardization, 2000b) which have a range of approximately ten centimetres. These cards have mostly been used to
control access to buildings and for public transport ticketing
schemes, where there are several example of large deployments, e.g. the Oyster and Octopus cards (Oyster Card;
Octopus Card) used for the accessing the public transport
systems in London and Hong Kong respectively. At the time of
writing, contactless travel documents and credit cards are also
becoming more prevalent. The contactless interface causes
readers and smart cards to have a longer life when compared
to contact card readers. This is because there is no wear
caused by the repeated insertion of a plastic card to allow
a reader to access a smart cards metal contacts.
Dual interface cards: Some smart cards are able to communicate using the mechanisms employed by both contact and
contactless smart cards. Each communication method can
talk to the same, or separate, chips depending on the smart

47

card. These smart cards are typically designed to support

more than one application, e.g. contact payment and contactless transport ticketing.

3.

Physical smart card attacks

The design of a secure smart card solution requires that more

threats to security to be considered than a typical cryptographic system, because an attacker is able to physically
isolate the device computing a cryptographic algorithm.
In this section we describe the threats and countermeasures
that are particular to cryptographic solutions implemented on
smart cards and similar devices. This is an overview of this
subject and the interested reader is referred to Mayes and
Markantonakis (2007) and Rankl and Effing (2003) for a more
thorough treatment of this topic.

3.1.

Invasive attacks

There are attacks that function by physically gaining access

to, and inspecting, the microprocessor embedded in a smart
card. This can involve such things as trying to reverse engineer secure blocks and attempting to read the contents of
Read Only Memory (ROM). This has recently been conducted
on a MIFARE Classic chip (MIFARE), where the proprietary
cryptographic algorithm used was reverse engineered and
subsequently broken (Nohl and Evans, 2008). This has allowed
the secret key used in any MIFARE Classic chip that uses the
same insecure cryptographic algorithm to be derived through
cryptanalysis. Subsequent generations of MIFARE chips use
standardised cryptographic algorithms, and should not suffer
from the same problems. Another method of physically
attacking a microprocessor is to place a probe on bus lines, so
that values being sent over the bus can be seen on an oscilloscope. The visible information could include cryptographic
keys and/or the operating system present in ROM. The exact
details of how this type of attack is conducted is beyond the
scope of this article, but the interested reader is referred to
Anderson and Kuhn (1996) and Kommerling and Kuhn (1999).
The countermeasures that can be implemented to prevent
invasive attacks include:
Design: The integrated circuit design can include such countermeasures as glue logic, obfuscated logic and buried buses
which make reverse engineering harder. Non-volatile
memory, buses and logic can be scrambled to prevent reverse
engineering of embedded software, or chip design techniques,
through probing.
Silicon features: Some integrated circuits include a shield that
is an extra metal layer above the functional metal layers,
which acts to prevent visual and physical access to the surface
of the chip. Features of this nature can be used over the entire
chip or specific parts that are deemed to be the most sensitive.
Anomaly detectors: There are usually different types of
anomaly detectors present in a smart card. These are used to
detect unusual environmental conditions, such as events in
the voltage or clock supplied to the card. A smart card will
typically reset or execute an infinite loop until the abnormal
condition is removed.

48

3.2.

information security technical report 14 (2009) 4656

Side channel analysis

One method of attacking smart cards that can be conducted

while information is being processed is to observe a side
channel. This means that an attacker seeks to derive information by observing how the characteristics of a smart card
change as it processes different information.
Timing analysis: The simplest form of side channel analysis is
to simply observe how long a given process takes to execute,
and make inferences from these observations. The length of
time that a process takes to complete can leak information
about the data being processed. If, for example, the digits of
a Personal Identification Number (PIN) are checked individually and a negative result returned when a wrong digit is
encountered, an attacker could use this to determine how
many digits of a guessed PIN are correct. This type of attack
was first proposed as a means of attacking cryptographic
algorithms in Kocher (1996).
Simple side channel analysis: Another means of observing the
behaviour of a smart card is to observe the power consumption over time, by simply observing the voltage change over
a resistor in series with a smart card. The amount of power
consumed is typically dependent on the type of instruction
being executed and, to a lesser extent, the data being
manipulated. Fig. 1 shows the power consumption during the
execution of an implementation of AES (NIST, 2001). The AES
block cipher consists of nine identical rounds and a shorter
tenth round, where a plaintext is enciphered using a secret
key. These rounds can be seen in Fig. 1 and can be readily
identified. If the power consumption varies depending on the
value of a secret key an attacker could derive these values by
simply inspecting the power consumption. This is possible
even if the difference is very small (Brier et al., 2004).
Differential side channel analysis: Another method of
exploiting an observed side channel is to conduct a statistical
analysis, as described in Brier et al. (2004) and Kocher et al.
(1999). The AES, mentioned above, has a 128-bit secret key, i.e.
in order to derive a key from an observed plaintext and
ciphertext an attacker would have to test 2128 possibilities.
Using differential side channel analysis an attacker can break
a secret key into smaller portions that can be analysed
separately.

An attacker can attempt to derive the secret key used in an

implementation of AES by acquiring numerous power
consumption traces with a varying plaintext. An attacker can
then predict an intermediate state that is dependent on
a portion of the secret key for each plaintext (the exact size is
dependent on the implementation). The attack then proceeds
by computing the correlation with the Hamming weight of
this predicted value and the instantaneous power consumption. If the key fragment is correctly guessed an attacker
would expect to see a trace similar to the upper trace shown in
Fig. 2, where the peaks in the correlation trace show where
data is manipulated as hypothesised. If the key fragment is
incorrectly guessed no significant correlation will be visible.
The example in Fig. 2 was generated using a series of power
consumption traces. It also has been shown that a similar
analysis can be conducted if the electromagnetic field is
measured (Gandolfi et al., 2001; Quisquater and Samyde, 2001),
by situating a suitable probe next to a microprocessor as it is
computing a cryptographic algorithm.

3.2.1.

Countermeasures

There are a variety of countermeasures that can be included in

an implementation of a cryptographic algorithm to prevent
side channel analysis.
Constant execution: Algorithms can be implemented such
that the same operations will be conducted in the same order
irrespective of the data and key values being used. This
prevents an attacker from conducting timing or simple side
channel analysis.
Random delays: Differential side channel analysis requires
that the same operations are conducted in the same order
irrespective of the data and key values being used. Functions
that do nothing but loop for a random length of time can be
included in implementations, so that an attacker is required to
synchronise acquisitions a posteriori. The problem of
attempting to conduct side channel attacks in the presence of
random delays is described in Clavier et al. (2000).
Randomisation (or data whitening): Differential side channel
analysis also requires that there is a correlation between data
being manipulated and an observed side channel. This is
achieved by manipulating data in such a way that the value
present in memory is always masked with a random value.

Fig. 1 An example of the power consumption during the execution of an implementation of AES.

information security technical report 14 (2009) 4656

49

Fig. 2 The correlation trace (upper) shows at what points in the power consumption trace (lower) data is being
manipulated.

This mask is then removed at the end of the algorithm to

produce the ciphertext. Some ideas for implementing this
countermeasure were first proposed in Chari et al. (1999).
Randomised execution: The execution of functions can also
be executed in a random order, as much as possible within the
constraints of data dependency. This also seeks to remove the
correlation between data being manipulated and an observed
side channel. A discussion of this technique is described in
Messerges (2000).

3.3.

Fault analysis

Another method of attacking a smart card is to attempt to

inject a fault during its normal functioning. This can be
attempted, for example, to change a ciphertext produced by
an implementation of a cryptographic algorithm, which
would allow information to be derived on the key being used.
These types of attacks have been shown to work with both
public key (Boneh et al., 1997) and private key algorithms
(Bar-El et al., 2006).
There are different mechanisms that can be used to
attempt to inject faults into smart cards. An abnormal signal
sent to the smart card could provoke an unusual response
(Anderson and Kuhn, 1996). Some examples of this form of
attack include a glitch on the power supply or a fast clock for
a short period of time. The exact response of a smart card will
depend on how it is designed. A flash of, either white or laser,
light (Bar-El et al., 2006; Skorobogatov and Anderson, 2002)
over an exposed chip surface can also be used to inject a fault.
The advantage over abnormal signals is that an attacker can
attempt to avoid sensors by only illuminating certain portions
of a chip. However, an attacker needs to be able to access the
chips surface, which requires dissolving the resin used to
protect the chip within the plastic body of a smart card. This

requires more resources than sending abnormal signals to

a smart card. There are other mechanisms for injecting faults,
such as temperature, X-rays or gamma radiation. However, it
is hard to control the source of the injection mechanism with
sufficient finesse that a fault can be reliably injected.
The main countermeasure to protect a smart card is
redundancy. This typically involves repeating portions of
algorithms that could be susceptible to a fault attack and
verifying the result. Values stored in memory can also be
protected with a checksum, so that any modification by an
exterior source can be detected. These countermeasures act
alongside the anomaly detectors and hardware features
described above.

4.
Attacks on systems that use smart card
technology
In this section we present three examples of systems that use
smart card technology in order to enhance their product
offerings, and, at the same time, maintain adequate levels of
security. A common characteristic of these systems is that
they have suffered, or could potentially suffer, direct or indirect costs. These may not attributed directly to the selected
smart card technology but to the system and specific operational design decisions.

4.1.

Satellite TV issues

Smart cards have been associated with satellite pay TV

systems almost since their inception. The main role of the
smart card was to act as a trusted token, issued by the Issuer
(i.e. the satellite TV provider), in order to enforce specific
security policies. Although each satellite TV system might use

50

information security technical report 14 (2009) 4656

and implement different methodologies for enforcing strict

issuer control, they all have a common goal, i.e. to only allow
access to protected content to legitimate subscribers.
The satellite TV industry was among the early adopters of
smart card technology, and is also among the most heavily
attacked by hackers. It is highlighted in Wong that The
Canadian Motion Pictures Distribution Association estimates
that the total loss to the industry from satellite piracy in 2001
alone was about $1 billion and that number is likely far
higher today. Therefore, we see that the threat of satellite TV
piracy may have significant direct costs (revenue losses) and
additional indirect costs (bad publicity and lack of confidence
in the underlying smart card technology) to other systems
using smart card technology.
In the following subsections we briefly introduce how
smart card technology is assisting the overall concept of
content protection in the satellite TV industry. Additionally,
we highlight some examples of attacks, which contributed
towards the aforementioned revenue losses and we also
underline their significance. Whenever possible we make
specific references to proposed and implemented
countermeasures.

that the smart card plays an instrumental role in the overall

process of verifying legitimate subscription credentials.
The second observation is the fact that smart cards are not
capable of decrypting the encrypted content signal. They are
responsible for processing the above ECMs and EMMs and
extracting the necessary CKs, or other entitlements, before
forwarding them to the necessary entities (e.g. the receiver)
for further processing. The actual content signal is decrypted
by the satellite TV receiver. It is often the case that the signal
decryption is also linked with the operation of the Common
Interface Module (CIM). This module implements the specifics
of the credential delivery mechanism for Conditional Access
system. Thus, the smart card plays the role of the tamper
resistant device that is responsible for extracting the CK to be
used for decrypting the satellite TV signal.
A more detailed description of how smart card technology
is used to provide security for satellite TV broadcasting can be
found in Mayes and Markantonakis (2007) and Wirt (2005).
In the next subsection we provide an overview of the main
attacks against certain satellite TV signal protection schemes
along with their principal countermeasures.

4.1.2.
4.1.1.

Satellite TV signal protection

The satellite TV broadcasting networks require a secure

infrastructure that will be able to transmit the protected signal
from a single source to a large number of receiving devices
(the satellite TV receivers). These receivers should have access
to a legitimate smart card, which should be able to hold the
necessary privileges of legitimate subscribers. The transmitted digital content is encoded according to the MPEG
standards (ISO/IEC, 1994; ISO/IEC, 1995). The scrambling
algorithm for the transmitted content is often referred to as
Common Scrambling Algorithm (CSA) and it is specified
within the ETSI (ETR 289) standard (ETSI, 1996). Although the
exact details of the algorithm are available only through
a non-disclosure agreement, the general structure is considered to be known. It is believed that a combination of stream
and block ciphers are used along with a Common Key (CK),
known to all legitimate smart cards, in order to decrypt the
transmitted signal. Therefore, smart cards are partially
responsible for decrypting the transmitted signal.
The first observation is that the Common Key is typically
believed to change very frequently (approximately every
530 s). Therefore, keys must be delivered to the receivers in
advance (in order to ensure that the receivers are synchronised with the transmitters), especially when different keys are
needed for different channels. This will eliminate the need to
wait, when the receiver switches from one TV channel to
another, for the specific TV channel keys to be received. This
CK is delivered to set-top-boxes through a series of messages
(e.g. Entitlement Control Messages or ECMs). Although the
structure of these messages is standardised, the exact format
and their protection, remain proprietary for each Conditional
Access system (e.g. Irdeto, VIAccess, etc). Entitlement
Management Messages (EMMs) are responsible for delivering
(to individual receivers) the rights to receive a particular
service, e.g. protected content in the form of TV programme.
The above ECMs and EMMs are forwarded to the smart card
for verification and further processing. Therefore, it appears

Satellite TV attacks and countermeasures

The outlined operation of the satellite TV signal protection

schemes would be less complicated if it was assumed that all
smart cards, receivers and subscribers in general behaved as
expected. However, the aforementioned satellite TV
revenue losses indicate that this is not the case.
The first vulnerability that was exploited relied, to some
extent, on the use of smart card technology that was not
completely tamper resistant. This enabled hackers to extract
sensitive keys and reverse engineer the algorithms behind
specific conditional access control systems. At this point,
these systems were considered broken and illegitimate
users could watch transmitted programs without paying any
subscription fees. This attack was often assisted by inserting
a Season Interface Logger, which was used to log all communications between a smart card and its connected device,
i.e. the CIM. By carefully monitoring and analysing the
messages received and sent by a card, an attacker could
identify the details of the sensitive ECMs and EMMs. This also
enabled an attacker to block any EMMs that should not
(according to their requirements) reach the smart card. For
example, these messages (which were not adequately linked
with the protected content) could downgrade a users
subscription, or block a specific card, because of an unpaid
subscription. Therefore, cards remained operational for
a longer period than originally intended.
The identification of the exact operation of the Conditional
Access control system and being able to extract keys from
legitimate smart cards enabled hackers to pursue a further
exploitation method. They obtained blank smart cards
(e.g. Funcards, Silvercards, etc) and programmed them to
operate according to the specific Conditional Access system
they wanted to attack. Having access to operational keys
(which they could obtain though legitimate cards and share
them through forums on the internet) they could create
cloned smart cards. These cards could operate undetected
as legitimate cards and, as a result, decrypt transmitted
signals.

51

information security technical report 14 (2009) 4656

However, the satellite TV providers realised that they had

to do something to prevent this type of attack, and they
engaged in a number of successful battles against each type of
attack. The most notable counter-attack of a specific satellite
TV provider is known as Black Friday (ECM Attacks) or
Black Sunday. During this counter-attack the satellite TV
provider managed to transmit (along with the transmitted
TV signal) a number of specific (to illegitimate cards)
commands. The aim was to make illegitimate cards
completely unusable. For example, part of the counter-attack
included changing the code in these cards so that an endless
loop was executed during start-up rather than the code
written by a hacker (Dorsey and Hurst). They also succeeded
in writing other information into the memory of these cards to
make them completely unusable (ECM Attacks).
Soon after this counter-attack, the hacking community
launched an assault using the so-called Loader/Unlooper
devices (DSS Programming). These devices are used in order to
cause glitches on the power supply (VCC) or the clock
frequency of a specific hacked smart card, i.e. a fault attack as
described in the previous sections. The ultimate goal was to
overcome the previously introduced (by the satellite TV
providers) end-less loops and as a result make the hacked
cards reprogrammable once more. Therefore, it appears that
the original cards provided by the hackers were modified
(over-the-air) by the legitimate content provider.
The introduction of open (i.e. highly reconfigurable)
satellite TV receivers (DreamBox Multimedia) provided an
environment that enables anyone, with the right skills, to
extend the functionality offered by these devices. These are,
of course, perceived differently by satellite TV providers and
hackers. Some of the advantages for legitimate users include
enhancements in the viewing experience and expansion of
the set-top-box functionality, such as web browsers, email
clients, etc. Advantages for the hackers include the transformation of the set-top-box into a powerful hacking station.
These receivers can be perceived as traditional computers
capable of running stripped down versions of Linux. As
a result, the logging of messages can be performed from
within the receiver without the need of an external device
(e.g. a season interface (Season Interface Logger)). Open
(reprogrammable) CIMs (which can be seen as PCMCIA
(The Official PCMCIA Association) devices with processing
capabilities) could be programmed to emulate conditional
Access Systems and their corresponding smart cards. Therefore, the need to obtain and program a cloned smart card is
almost eliminated.
These open receivers can be connected to the Internet
through their network interfaces. This very feature enables
the convenient implementation of a very effective attack.
Some of these connected receivers (loaded with the necessary
software) act as servers and some others as clients.
Servers have access to a legitimate smart card and run the
necessary software to connect to the Internet. Client
receivers run the corresponding software and are connected
(through the internet) to servers. As a result they may share
the legitimate card present in the server. This attack is often
referred to as a card-sharing-attack (Kuhn, 1997). However,
soon after the attack became widely available a number of
countermeasures (Tunstall et al., 2006; Viaccess to counter

card sharing) were introduced. The card-sharing-attack is

very powerful and can be viewed as a special case of a relay
attack that is applicable in other sectors, as we will explain in
the following sections.

4.2.

EuropayMasterCardVisa (EMV) issues

In 1951, the Franklin National Bank became the first bank to

issue credit cards to customers of rival banks (Wonglimpiyarat, 2004). Shortly after, a number of other banks
adopted the idea of introducing credits cards to VIP customers
as a status symbol. A typical credit card payment infrastructure (e.g. like the ones adopted by Visa and Mastercard)
involves four entities, as presented in Fig. 3.
The cardholder has a relationship with an Issuing Bank
through which a credit card is obtained. We assume that the
cardholder wants to pay, by using their credit card, for some
goods offered by a Merchant. The Merchant also has a relationship with an Acquirer, which is typically a bank. Financial
institutions (like Visa and Mastercard) offer the binding
element between the two banks (i.e. the Issuing Bank and the
Acquirer Bank). The goal of the financial institution is to
enable clearing and settlement of transactions between
institutions that might not have a direct relationship. Otherwise, each bank would have to maintain a countless number
of one-to-one relationships with other banks.
The very first credit cards were simply presented at the
point of sale in order for the transaction to be authorised. As
they lacked any sophisticated security features they were
soon exploited by criminals. Following on from a number of
additional physical security features (e.g. holographs,
embossed card numbers, etc) the next most notable feature
was the introduction of a magnetic stripe on the back of the
card. This magnetic stripe contained cardholder and account
information that could be read by a machine at the point of
sale. In the UK at least, magnetic stripe card technology for
payment purposes reached its limits when it became
extremely easy to copy the magnetic stripe of credit cards and,
as a result, create cloned cards that could be used by fraudsters. This resulted in huge losses from credit card related
fraud. For example, in 2000 UK card fraud cost 292.6 million,
an increase of 55% on the 1999 figure of 188.4 million (APACS,
2002). At the time that fraud was on the rise the number of
issued credit cards and their corresponding transactions was
also on the rise. In 2005 APACS issued a report stating that
.2004 was a remarkable year for plastic. Spending on plastic

Issuer Bank

Financial
Network
For Clearing
and
Settlement

(Transaction Authorisation)

Billing

Cardholder

Acquirer Bank

Shopping
Relationship

Merchant (POS)

Fig. 3 Typical credit card Infrastructure.

52

information security technical report 14 (2009) 4656

cards, at 273 billion, outstripped cash spending

(of 272 billion) for the first time ever in 2004 and this trend is
set to continue. The number of payment cards in issue
reached a record 141 million (APACS).
In the following subsections we highlight the main functionality of the EuropayMastercardVisa (EMV) (Europay)
card specification. Subsequently, we summarise some of the
potential weaknesses (mainly through the work of the
Computer Laboratory in Cambridge University) of the EMV
specifications.

4.2.1.

The EMV specification

The EMV card specifications were introduced by Europay,

Mastercard and Visa in the mid 1990s. The driving force
behind the introduction of the standard was the necessity to
overcome some of the disadvantages and vulnerabilities of
magnetic stripe card technology. The smart card microprocessors with their inherent tamper resistance, and ability to
process data and execute applications was seen to improve
the overall security of financial transactions. At least that was
the assumption. The additional security comes through risk
management decisions that will be enforced both at the smart
card and terminal level. The main security functionality
offered by the EMV card specifications is summarised in the
following key points (Mayes and Markantonakis, 2007):





Terminal/Card Risk Management

Offline PIN Management
On-line Transaction Processing
Authentication of Card Resident Data

The EMV specifications introduce three distinct card

authentication methods in an attempt to enhance the overall
security offered by the cards. The two most notable EMV card
authentication methods are Static Data Authentication (SDA)
and Dynamic Data Authentication (DDA). The main characteristics of these two methods are summarised below.
During a DDA transaction the card generates a digital
signature (on transaction and card specific details) using an
internally stored secret key (created by the issuing bank).
Each card also holds a certificate (generated by the issuer)
containing the cards corresponding public key. This certificate is generated by using the issuers private key. The
corresponding issuers public key is certified by the schemes
(e.g. Visas and Mastercards) private key. The schemes
public key resides in all participating card terminals. Therefore, if a DDA smart card is requesting to participate in
a transaction it will be asked to sign certain transaction
details. The terminal, having access to the schemes public
key will be able to verify the issuers public key and in turn the
cards public key. The cards public key will be used in order to
verify the cards signatures.
Each SDA smart card contains a digital signature (generated by the issuers private key) on static card data. The corresponding issuers public key is certified by the schemes
(e.g. Visas and Mastercards) private key. The corresponding
schemes public key resides in all participating card terminals.
During an SDA transaction the terminal will be able to verify
the public keys in the certificate chain and eventually the
cards static data.

These very characteristics of the SDA card authentication

method have sparked a lot of interest within the academic
community and, in particular, within the Computer Laboratory at the University of Cambridge. They have published
a number of articles and talks that scrutinise some of the EMV
weaknesses. In the following paragraphs we summarise some
of their findings. We note that there are industry claims that
most of these weaknesses were already known (BBC).

4.2.2.

Analysis of EMV card and terminal security

The first type of identified weakness is related to the SDA

method. The lack of a mechanism to update the data being
signed (as the card simply provides the aforementioned digital
certificate on its static data) means that this data can be
copied. During an SDA transaction the card encrypts, using
a secret key shared with the issuer, certain transaction
information. This signed message is forwarded to the issuer
for authentication. As a result, cloned cards (containing the
copied certificate) could be identified whenever the card is
presented in an on-line terminal. Since terminals do not have
access to this key, they will simply forward messages to the
issuer for verification. If the terminal is off-line, then the
message cannot reach the issuer and the transaction might be
accepted with the hope that the cryptogram is genuine and
that it will be processed by the issuer when the terminal goes
on-line.
Among the very well advertised features of EMV cards is
the use of a PIN in order to authorise transactions. However,
we can note that it is not always necessary to know a users
PIN, in order to complete a fraudulent transaction. The card is
responsible for checking the PIN and informing the terminal
as to whether the verification was successful. This means that
an attacker could create a so-called yes-card (Chip and
SPIN), i.e. a card which is programmed to always state that the
PIN was presented correctly. If that is the case, the terminal
will proceed with the transaction. Recall that if the terminal is
off-line and a yes-card is present the transaction will
probably be allowed.
The above weakness can be eliminated if all terminals go
on-line for every transaction. However, this will incur
communication costs, which are a burden for smaller
merchants. The other potential solution would be to eliminate
SDA cards and only use DDA cards. This would, perhaps, be
the most obvious solution especially since DDA cards are
becoming cheaper, and SDA cards will have to be replaced at
the end of the cards life time (i.e. every two-three years).
The next category of identified weaknesses relate to EMV
terminals. There are a large number of terminals that are
capable of accepting EMV smart cards. These terminals are
supposed to have tamper-resistant functionality. However,
the researchers at the University of Cambridge managed to
bypass the physical security mechanisms of specific EMV
terminals (Drimer et al.). Having exploited the physical security of the terminals also enabled them to modify the payment
applications. This resulted into two further issues:
The first involves obtaining the cardholders PIN. A fraudster with a modified terminal may be able to obtain a copy of
the cardholders PIN during a legitimate transaction. If the
magnetic stripe was also copied then the card could be cloned
and used for cross border fraud. The second involves man-in-

53

information security technical report 14 (2009) 4656

the-middle attacks. An example of this type of attack can be

defined if we consider the following scenario. Suppose that
a chess player is engaged in an on-line chess game with
opponent A, and then initiates another on-line chess game
with opponent B. These opponents are very good players and
as a result the player forwards all the moves from opponent A
to opponent B and the other way around. The end result would
be that opponent A and opponent B will think that they are
playing with a specific player but they essentially are playing
between themselves, as a result of the moves being relayed.
A similar scenario could be applied during a financial
transaction. For example, let us suppose that a legitimate card
is presented in a modified terminal. This terminal is modified
(by a fraudster) so that it displays the current value of the
transaction but at the same time if can communicate (e.g. via
a GSM/ Ethernet link) with a card emulator. This card
emulator is presented (by the fraudsters companion) in
another legitimate terminal where the fraudster attempts to
buy some very expensive goods. Essentially, this very expensive transaction is forwarded via the card emulator and the
modified terminal to the legitimate card. The end game is that
the legitimate cardholder believes that he is paying for a low
value transaction but, in reality, a completely different
transaction will be authorised.
The proposed countermeasures (Drimer and Murdoch,
2007) against this type of attack include the use of tamper
resistant terminals that could be easily inspected by cardholders. This is, in principle, very difficult to achieve as there
are many different terminals, and cardholders will have
a difficult task in identifying the security seals for each one.
Additional defences involve allocating a specific timeframe in
which a transaction is expected to be completed. Another
proposal from the same authors suggests the possibility of
banks adding a cardholder controlled device that will allow
cardholders to enter their PIN. Subsequently, the PIN will be
encrypted prior to being transmitted through this device to
the terminal. Another defence mechanism involves thorough
checks at the point of sale. These will verify whether the card
is legitimate or not. However, similar checks were assumed
for magnetic stripe cards but were not always implemented
properly. Therefore, this countermeasure appears to be difficult to implement in practice. The success of chip & PIN has
meant that over the past three years losses on transactions on
the UK high street have reduced by 67% from 218.8 m in 2004
to 73.0 m last year. (Card Fraud Facts and Figures). However,
despite of the well advertised advantages of EMV and chipand-PIN, the same report (Card Fraud Facts and Figures)
highlights the following In 2007, total card fraud losses
increased by 25% to 535 million." This is mainly due to
increased card-not-present (CNP) fraud and fraudsters
copying UK cards and using these stolen cards in countries
which do not yet have chip and PIN.

4.3.

(as described in Section 2). This simple method of proving the

tokens proximity to a reader is, however, vulnerable if an
attacker could simply relay the communication between
a legitimate reader and a token over a greater distance. In this
case the attacker would use two devices that act as a proxy
token and a proxy reader respectively. These devices are
connected via a suitable communication channel in order to
relay information over the required distance.
A relay attack setup is shown in Fig. 4. The proxy-reader is
used to communicate with the real token, while the proxytoken is placed near the real reader. Any information transmitted by the reader is received by the proxy-token and
relayed to the proxy-reader, which will transmit the information to the token. The token will assume that it is
communicating with the reader and respond. The tokens
response is then relayed back to the proxy-token, which will
transmit the information to the reader. The reader is unable to
distinguish between the real token and the proxy, as their
responses are identical. It will therefore assume that the
token, and, therefore, its associated owner, is in close proximity even though they are actually located a distance away
near the proxy-reader. A number of access control, payment
and ticketing systems, based on their assumption of the
proximity of the real token will therefore grant services to the
holder of the proxy.
A successful relay attack, therefore, allows an attacker to
temporarily possess a clone of a legitimate token, thereby
allowing him to gain the associated benefits. Relay attacks are
not that easy to defend against and even though physical
mechanisms, such as the shielding of contactless tokens,
could prevent certain attack scenarios, any application layer
security is effectively circumvented. An attacker never needs
to know the plain-text data or the associated key material as
long as he can continue relaying the respective messages, and
thereby giving the impression that both his proxy devices are
legitimate devices. As a result, it is irrelevant whether the
system implements secure authentication and encryption
mechanisms.
Even though this attack has also been demonstrated on
contact tokens, for example the Pay TV and EMV cases discussed earlier, there are several factors that aid the attack in
the contactless environment. Contactless transactions are
aimed at user convenience and speed so these infrequently
require further user interaction, such as entering a PIN. Not
only does this shorten the transaction time, and, therefore,
the time the attacker needs to have access to the token, but
the attacker can possibly activate the token without the
knowledge of the owner by way of a skimming attack,
i.e. powering up the token of his victims without their
knowledge. The attacker, therefore, does not need to convince

Attackers equipment

Proximity identification systems

Contactless smart card technology is a prevalent method for

providing proximity identification in a number of systems.
Most systems operate on the assumption that a token, and its
owner, are in close proximity to a reader because of the
limited range of the near-field communication channel

Smart
Token

Proxy
Reader

Relay
Channel

Proxy
Token

Fig. 4 Basic relay attack setup.

Token
Reader

54

information security technical report 14 (2009) 4656

the victim to hand over his token for a period of time.

The contactless operation also makes the construction of the
proxy-token easier. In the contact payment card attack the
attacker had to present his card in the presence of the vendor,
so it had to closely resemble a real card. People often scan
their wallet, purse or bag containing the token, which means
that an attacker does not need to reveal his hardware.
The relay attack is not without limitations. Unless there are
vulnerabilities in the security protocol, an attacker cannot
modify the data he relays without being detected. A relay
attack also has limited success against systems that require
additional verification of the holder and needs assistance
from the tokens owner if two factor authentication is
involved. An attacker, for example, would struggle to execute
the attack against contactless passports if the photo read from
his passport does not resemble him. There are, however,
still several ways in which an attacker can benefit from a relay
attack. A relay attack is usually seen as an attack against an
honest merchant and token holder where a fraudulent third
party masquerades as the real holder. The relay attack could,
however, also be used in scenarios that do not involve a third
party. A fraudulent merchant can set up a proxy-token at the
reader supplied by his acquirer. An accomplice could then
wander around outside with the proxy-reader and charge
accessible tokens. The merchant could also have several
proxy-readers sending information to a single proxy-token.
This would allow the merchant to have multiple readers
without purchasing additional hardware from the acquirer,
possibly circumventing expensive licensing agreements.
A fraudulent owner can also benefit from a relay attack by
setting up a proxy-reader close to his own token. He then
creates several proxy-tokens that all communicate with the
proxy-reader. Each of the proxy-tokens now acts as a virtual
clone of the original. Theoretically, this allows several
holders to share the same valuable token. For example, if
one owner is issued with a valuable concession card or loyalty
card he can issue proxy-tokens to some of his friends. Another
advantage the owner can gain by implementing an attack
against his own token is the ability to control the communication. The owner can therefore implement an active relay
attack and selectively modify the communication in real-time
have, such as the bit-flipping attack against MIFARE Classic
(Hancke, 2008).
An attacker can choose a number of different approaches
to practically implement an attack depending on his skill
and resources. An attacker can implement his own custom
hardware for the contactless proxy token and reader or
alternatively use existing hardware. Hancke (2008) and
Kasper (2006) have both described hardware designs capable
of performing a relay attack. If an attacker does not have the
engineering skills to build hardware he could possibly use
existing NFC devices when they become available. The ISO
18092, or NFCIP, standard (ISO/IEC) allows active devices,
such as mobile phones, to communicate using near-field
communication. A device can act as either a contactless
reader or a token and already has additional communication
channels suitable for relaying information, e.g. Bluetooth or
GPRS. Even though the deployment of NFC devices is
currently limited, they could provide an attacker with an
ideal hardware platform for executing a relay attack. A

possible relay attack setup using modified NFC devices was

proposed by Kfir et al. (Kfir and Wool, 2005), although this
method of attack has not yet been practically demonstrated.
Alternatively, an attacker could use an open source reader
and token such as the OpenPCD and OpenPICC (Project) to
act as proxy devices.

5.

Conclusions

Smart cards are often used in systems in order to provide

tamper-resistant and security functionality. As there are
many different types of smart cards, with different capabilities, there are also many different types of attack strategies.
In this report we highlight the importance of smart card
technology in providing security services, briefly discussing
the basic card types, while also making the reader aware of
the possible security pitfalls in both the overall system design
and the physical smart token.
Smart cards are seen as a good way of adding a trusted
hardware token that offers additional security services. The
implementation of secure applications on smart cards is
different to development on other platforms as it requires
knowledge of both the capabilities of different smart card
products and possible attack strategies targeting these cards.
Choosing a smart card product that is considered weak, based
on legacy technologies or is (in general) inadequate for your
system, or failing to design the system to allow for any
possible limitations in smart card technology could introduce
vulnerabilities that could be exploited, as is evident from the
real life attacks described above.
A smart card is often considered as a prominent system
security component, e.g. satellite subscriber card, mobile
phone SIM or credit card, the importance of which will
immediately be recognised by an attacker. Currently the
majority of systems that use smart card technology assume
that the environment in which a smart card will be placed is
hostile. Attackers over the years have attempted an array of
approaches to exploit smart card systems, which vary from
physical attacks to taking advantage of weak security mechanisms in the system surrounding the smart card. To
discourage physical attacks that are particular to smart cards,
the design of a secure system requires that numerous countermeasures be implemented. System designers should,
therefore, decide on the level of security they require and take
care to choose a smart card product that meets their needs.
Choosing a product that has been subjected to Common
Criteria certification, should provide some security assurance.
Similarly, choosing algorithms and protocols that have been
subjected to peer reviews (by experts or the academic
community) along with following best practices (e.g. for
cryptographic key lengths and key management processes)
should also provide some further assurance against possible
attacks.
Although the physical security of the card remains
important, smart cards alone cannot guarantee the security of
a system, as illustrated in Section 4, and in many cases the
security weaknesses being exploited cannot be attributed
directly to smart card technology. This means that the security of a system should extend beyond the physical smart

information security technical report 14 (2009) 4656

token and provide several further layers of audits, policies or

checks. These checks are not only for trying to prevent
attacks, but they should also constantly monitor new attack
trends that may need to be addressed. The ingenuity of
attackers should never be underestimated and providing
security is an on-going process. For example, the EMV standard used in bank cards, as is the case for most security
systems, has been shown to contain some weaknesses, but it
presents a relatively well defined method for limiting card
related fraud (especially when compared to magnetic stripe
tokens). However, increasing the security of card present
(when the card holder is physically present at a point of sale)
transactions encourages fraudsters to turn their attention to
other areas, i.e. card-not-present transactions such as
internet orders, mail-to-order, etc. At the same time the
financial industry is increasing its efforts in combating CNP
fraud through the wider adoption of the relevant standards,
i.e. Verified by Visa (Visa Europe).
The difficulty of monitoring and detecting attacks also
differs from system to system. Fraud in credit cards might be
brought to the attention of the issuer fairly quickly, as the
customer who has lost money will immediately complain,
while satellite TV companies might only learn about widespread fraud once they experience a noticeable drop in
subscriber numbers. Satellite TV and conditional access
system providers could therefore also be monitoring, as much
as possible, sources outside their own systems, such as relevant communication forums, in order to keep track with
recent developments.
In order to attempt to highlight the main factors that will
influence the overall security of a smart card based system we
summarise the following: Smart card technology should come
from respectful smart card manufacturers. The products
should be properly evaluated and, if possible, peer reviewed.
The system architects should keep the overall system security
in mind rather than concentrating too much on the security of
just one component. In the end a system is only as strong as
its weakest link. The capabilities or motivation of the
attackers should not be underestimated. As a result, a system
should maintain the necessary flexibility that will allow
smooth and fast upgrades. Smart card technology is becoming
more powerful and offers additional functionality which
means that smart card system developers are presented with
a wider choice of tools (e.g. hardware, software, evaluation
processes, etc) that will enable them to provide added security
functionality in their systems. With the appropriate tools
available it is up to the developers to make the right decisions
in terms of what technology is right for their systems, offering
required performance at a chosen price point and within the
appropriate timeframe.

Acknowledgements
The work of Michael Tunstall is supported in part by the
European Commission IST Programme under Contract IST2002-507932 ECRYPT and EPSRC grant EP/F039638/1. Keith
Mayes, Konstantinos Markantonakis and Gerhard Hancke
would like to thank the Information Security Group Smart

55

Card Centre founding sponsors, Vodafone and Giesecke and

Devrient.

references

Anderson R, Kuhn M. Tamper resistance a cautionary note. In:

Proceedings of the second USENIX workshop of electronic
commerce; 1996, pp. 111.
APACS. Card fraud the facts, http://www.apacs.org.uk/; 2002.
APACS. 22 million UK consumers use cards to buy online in 2004;
08/09/05. http://www.apacs.org.uk/media_centre/press/05_09_
08.html.
Bar-El H, Choukri H, Naccache D, Tunstall M, Whelan C. The
sorcerers apprentice guide to fault attacks. Proc IEEE 2006;
94(2):37082.
BBC Two Newsnight, Segment on vulnerabilities in Chip and
PIN PIN entry devices (PEDs), http://video.google.com/
videoplay?docid7109740591622124830, 2/2008.
Boneh D, DeMillo RA, Lipton RJ. On the importance of checking
computations. In: Proceedings of advances in cryptology.
LNCS, vol. 1233. Springer-Verlag; 1997. p. 3751.
Brier E, Clavier C, Olivier F. Correlation power analysis with
a leakage model. In: Proceedings of cryptographic hardware
and embedded systems. LNCS, vol. 3156. Springer-Verlag;
2004. p. 1629.
Clavier C, Coron JS, Dabbous N. Differential power analysis in the
presence of hardware countermeasures. In: Proceedings of
cryptographic hardware and embedded system. LNCS, vol.
1965. Springer-Verlag; 2000. p. 25263.
Chari S, Jutla CS, Rao JR, Rohatgi P. Towards approaches to
counteract power-analysis attacks. In: Proceedings of
advances in cryptology. LNCS, vol. 1666. Springer-Verlag; 1999.
p. 398412.
Card fraud facts and figures. http://www.apacs.org.uk/resources_
publications/card_fraud_facts_and_figures.html.
Chip and SPIN !. http://www.chipandspin.co.uk/.
Drimer S, Murdoch SJ, Anderson R. Optimised to fail: card readers
for online banking. http://www.cl.cam.ac.uk/wsjm217/
papers/fc09optimised.pdf.
Drimer S, Murdoch S. Keep your enemies close: distance
bounding against smartcard relay attacks. In: Proceedings of
16th USENIX security symposium, August 2007.
Dorsey N, Hurst S. ECE4112 smart card security. http://users.ece.
gatech.edu/wowen/Academic/ECE4112/Spring2005/Projects_
Spring2005/ECE4112%20Smart%20Card%20Security.ppt.
DSS Programming. http://www.geocities.com/dssprogg/Guides/
hunewbie.html.
DreamBox Multimedia Worldwide. http://www.
dreammultimedia-tv.de/Bereiche/Produkte/DM7000.php.
ETSI. Digital Video Broadcasting (DVB); support for use of
scrambling and conditional access (CA) within digital
broadcasting systems. ETSI Technical Report ETR 289,
European Telecommunications Standards Institute (ETSI),
Sophia Antipolis, France; Oct. 1996.
ECM attacks, many dish network cards are now DEAD!.
http://www.freetvblog.com/archives/2006/12/14/many-bellexpress-vu-and-dish-network-cards-are-now-dead/.
EuropayMasterCardVisa. EMV96 integrated circuit card
specification for payment systems, Version 3.0, from:
http://www.europay.com/Pdf/EMV_card.pdf.
Gandolfi K, Mourtel C, Olivier F. Electromagnetic analysis:
concrete results. In: Proceedings of cryptographic hardware
and embedded systems. LNCS, vol. 2162. Springer-Verlag;
2001. p. 25161.
Hancke GP. Security of proximity identification systems. PhD
dissertation, University of Cambridge, February 2008.

56

information security technical report 14 (2009) 4656

International Organization for Standardization. ISO/IEC 15693

Identification cards contactless integrated circuit(s) cards
vicinity cards; 2000a.
International Organization for Standardization. ISO/IEC 14443
Identification cards contactless integrated circuit(s) cards
proximity cards; 2000b.
Irdeto. http://www.irdetoaccess.com.
ISO/IEC. Information technology generic coding of moving
pictures and associated audio: audio. In: International
Standard ISO/IEC 13818-3, International Organization for
Standardization (ISO), Geneva, Switzerland; 1994.
ISO/IEC. Information technology generic coding of moving
pictures and associated audio: video. In: International
Standard ISO/IEC 13818-2, International Organization for
Standardization (ISO), Geneva, Switzerland, 1995.
ISO/IEC 18092. Information technology telecommunications and
information exchange between systems near field
communication interface and protocol (NFCIP-1).
Kasper T. Embedded security analysis of RFID devices. Diploma
thesis, Ruhr-University Bochum, July 2006.
Kfir Z, Wool A. Picking virtual pockets using relay attacks on
contactless smartcard systems. In: Proceedings of IEEE/
CreateNet SecureComm; 2005, pp. 4758.
Kommerling O, Kuhn M. Design principles for tamper resistant
smartcard processors. In: Proceedings of USENIX workshop on
smartcard technology; 1999, pp. 920.
Kocher P. Timing attacks on implementations of DiffieHellman,
RSA, DSS, and other systems. In: Proceedings of advances in
cryptology. LNCS, vol. 1109. Springer-Verlag; 1996. p. 10413.
Kocher P, Jaffe J, Jun B. Differential power analysis. In:
Proceedings of advances in cryptology. LNCS, vol. 1666.
Springer-Verlag; 1999. p. 38897.
Kuhn MG. Attacks on pay-TV access control systems. University
of Cambridge, Computer Laboratory, Security Seminar talk,
1997-12-09.
Mayes K, Markantonakis K. Smart cards, tokens, security and
applications. Springer Verlag; 2007.
Messerges TS. Using second-order power analysis to attack DPA
resistant software. In: Proceedings of cryptographic hardware
and embedded systems. LNCS, vol. 1965. Springer-Verlag;
2000. p. 717.
MIFARE, http://www.mifare.net.
Nohl K, Evans D. Reverse-engineering a cryptographic RFID tag.
In: Proceedings of the 17th USENIX security symposium; 2008,
pp. 18593.
NIST. Advanced Encryption Standard (AES) (FIPS{197). National
Institute of Standards and Technology; 2001.
Oyster Card, http://www.tfl.gov.uk/tube/.
Octopus Card, http://www.hong-kong-travel.org/Octopus.asp.
OpenPCD Project. http://www.openpcd.org.
Quisquater JJ, Samyde D. Electromagnetic analysis (EMA):
measures and countermeasures for smart cards. In:
Proceedings of smart card programming and security,
international conference on research in smart cards. LNCS,
vol. 2140. Springer-Verlag; 2001. p. 20010.
Rankl W, Effing W. Smart card handbook. Wiley; 2003.
Skorobogatov S, Anderson R. Optical fault induction attacks. In:
Proceedings of cryptographic hardware and embedded
systems. LNCS, vol. 2523. Springer-Verlag; 2002. p. 212.
Season Interface Logger. http://www.satshop.tv/en/
Programmers/Season-Interface-Logger::456.html.
The Official PCMCIA Association. Website: http://www.
pcmcia.org/.
Tunstall M, Markantonakis K, Mayes K. Inhibiting card sharing
attacks. In: Proceedings of advances in information security

and computer science. LNCS, vol. 4266. Springer-Verlag; 2006.

p. 23951.
VIAccess http://www.viaccess.com.
Viaccess to counter card sharing. http://www.eurocardsharing.
com/f214/new-viaccess-counter-card-sharing-70051.
Visa Europe. Verified by Visa. http://www.visaeurope.com/
merchant/handlingvisapayments/cardnotpresent/
verifiedbyvisa.jsp.
Wong T. Satellite piracy costing TV industry billions. http://www.
abadss.com/forum/91-fta-news-announcements/97216satellite-piracy-costing-tv-industry-billions-2009-03-15-a.
html.
Wirt K. Fault attack on the DVB common scrambling
algorithm. In: Proceedings of international workshop on
information security & hiding (ISH05). Springer Verlag;
2005.
Wonglimpiyarat J. Strategies of competition in the bank card
business: innovation management in a complex economic
environment. Sussex Academic Press; 2004.

Konstantinos Markantonakis is a Reader in the Information

Security Group at Royal Holloway University of London. His
main research interests include smart card security and
applications; secure cryptographic protocol design, Public Key
Infrastructures, key management, mobile phone security.
More information can be obtained from http://www.scc.rhul.
ac.uk/people.php.
Michael Tunstall is a researcher in the Department of
Computer Science at the University of Bristol. His current
research interests are based around applied cryptography;
specifically side channel attacks, fault analysis and developing efficient countermeasures.
Gerhard Hancke is a researcher with the Smart Card Centre,
which forms part of the Information Security Group at Royal
Holloway University of London. His main interests are proximity identification and the security of RFID/contactless
systems. Other interests include pervasive computing and
sensor networks.
Keith Mayes is the Director of the Information Security Group
Smart Card Centre at Royal Holloway, University of London.
His current interests are smart card/RFID/NFC security,
protocols and applications; mobile communications systems;
transportation systems security and risk assessment. More
information can be obtained from http://www.scc.rhul.ac.uk/
people.php.
Ioannis Askoxylakis is a Research Scientist at the Institute
of Computer Science of the Foundation for Research and
Technology-Hellas (FORTH-ICS). His research interests lie in
the fields of secure wireless communications and systems
security with emphasis in security of mobile ad hoc and
wireless mesh networks, cryptographic algorithms and
protocols and mobile/electronic commerce applications.
More information can be obtained from http://www.ics.
forth.gr/wasko.