Smartcards, such as those provided to their customers by many banks across the world, use a microcontroller to encrypt or decrypt data, in order to authenticate a person (e.g. verify a PIN) or a transaction (e.g. generate an electronic transaction certificate), based on a secret key stored in the microcontroller. However, the physical implementation of a microcontroller leaks information via a side-channel, such as the power-supply current or electromagnetic emanations. This leakage may allow an attacker to recover the secret key of a microcontroller, and use that to generate valid certificates for unlawful commercial transactions. To reduce this threat, microcontrollers used in the smartcards provided by banks have several layers of countermeasures to limit the amount of side-channel information available to an attacker. But, to develop efficient countermeasures, and to have a correct assessment of the level of security provided by such smartcards, it is important to have a good understanding of the potential of side-channel attacks.
展开▼
