KR101697266B1 - Smart card defensing electromagnetic fault injection attack - Google Patents
Smart card defensing electromagnetic fault injection attack Download PDFInfo
- Publication number
- KR101697266B1 KR101697266B1 KR1020150172887A KR20150172887A KR101697266B1 KR 101697266 B1 KR101697266 B1 KR 101697266B1 KR 1020150172887 A KR1020150172887 A KR 1020150172887A KR 20150172887 A KR20150172887 A KR 20150172887A KR 101697266 B1 KR101697266 B1 KR 101697266B1
- Authority
- KR
- South Korea
- Prior art keywords
- frequency information
- unit
- power
- control unit
- card
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
- G06K19/07318—Means for preventing undesired reading or writing from or onto record carriers by hindering electromagnetic reading or writing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
- G06K19/07345—Means for preventing undesired reading or writing from or onto record carriers by activating or deactivating at least a part of the circuit on the record carrier, e.g. ON/OFF switches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/077—Constructional details, e.g. mounting of circuits in the carrier
- G06K19/07749—Constructional details, e.g. mounting of circuits in the carrier the record carrier being capable of non-contact communication, e.g. constructional details of the antenna of a non-contact smart card
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Electromagnetism (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a smart card that protects against an electromagnetic wave error injection attack.
The present invention relates to a wireless communication device, which includes an RF antenna for receiving an RF signal transmitted from the outside, a power generator for converting a RF signal received by the RF antenna to generate a DC power source, And an application unit operable to receive the DC power from the power generation unit and a control unit that controls the operation of the application unit based on whether the frequency information transmitted from the frequency information sensing unit matches registration frequency information, And a control unit for controlling whether or not DC power is supplied.
According to the present invention, when frequency information inconsistent with the registered frequency information used in normal operation is detected in the smart operation process, the card power source is shut off, thereby effectively preventing an external electromagnetic wave error injection attack at an early stage at a low cost There is an effect.
Description
The present invention relates to a smart card that protects against an electromagnetic wave error injection attack. More particularly, the present invention relates to a method and a device for preventing an external electromagnetic wave error injection attack from occurring at an initial stage in an initial stage by blocking the card power source itself when frequency information inconsistent with the registered frequency information used in a normal operation in a smart card operation is detected The present invention relates to a smart card that can be defended.
In general, an IC card such as a smart card stores important information such as a user's private key, personal information, and a main code in a card system, and is widely used in a secure payment system and an ID system. In addition, the non-contact type operation method of the IC card operation method is used in many application fields because it has an advantage that it is more convenient to use than the conventional magnetic tape card or contact type IC card, and it is expected to be applied to more applications in the future. The noncontact type IC card drives the internal circuit of the card by generating a power from an RF signal transmitted from the card reader wirelessly without an additional power source using the electromagnetic induction principle.
There are several methods of attacking smart cards, such as power or electromagnetic wave analysis methods and error injection attack methods. The power analysis attack technique is called Paul. Using the characteristics of the contact IC card, which is dependent on the external power supply as an independent module by C. Kocher's method, the change in the amount of power used during the operation of the contact type IC card is analyzed, As a means of differential power analysis attack, many experiments and methods have been proposed and carried out to derive confidential information stored in IC card using power analysis attack technique.
An error injection attack technique is a method of inducing a malfunction by injecting an error by applying an impact upon a smart card operation, and there are power error injection, clock error injection, laser error injection, and electromagnetic wave error injection attack. In the case of power error injection, clock error injection, and laser error injection, the attack method has been proposed for more than 10 years and is already protected by power sensor, clock sensor, optical sensor, etc. inside and outside the IC chip. However, although the electromagnetic wave error injection attack has been actively studied as the proposed attack method in the year 2012, there is little known research on the device and the method that can cope with such an attack.
The most common countermeasures against electromagnetic wave analysis attacks are partial redesign of an algorithm that performs overall circuit redesign or computation and perform computation. However, these methods have a problem of reducing overall circuit performance, requiring a long time for circuit design, and deteriorating system performance.
Korean Patent Registration No. 10-1025421 discloses a method for preventing electromagnetic wave analysis attacks in which a first IC chip that performs a card-inherent function, a first antenna, a random number generation And a second antenna connected to the second IC chip and performing RF communication with the terminal. The smart card includes a first IC chip and a second IC chip.
However, according to the technique disclosed in Korean Patent Registration No. 10-1025421, since a separate IC chip and an antenna must be provided in order to prevent an electromagnetic wave analysis attack, there is a problem that the cost of manufacturing a card increases and the internal structure of the card becomes complicated And there is a problem that it is not possible to defend against an error injection attack.
The present invention can effectively prevent an external electromagnetic wave error injection attack at an initial stage by blocking an external electromagnetic wave error injection attack when frequency information inconsistent with the registered frequency information used in a normal operation in a smart card operation is detected, A technical problem is to provide a smart card.
In addition, the present invention can provide a card with a very low-complexity control means for controlling frequency information, means for interrupting the power supply of the card, and a control means for controlling them, thereby effectively preventing the electromagnetic- A technical problem is to provide a smart card.
A smart card for protecting against an electromagnetic wave error injection attack according to the present invention includes: an RF antenna for receiving an RF signal transmitted from the outside; a power generator for converting a RF signal received by the RF antenna to generate a DC power source; A frequency information sensing unit for sensing frequency information of an RF signal received by the RF antenna; an application unit for receiving the DC power from the power generator; And a controller for controlling whether the DC power is supplied to the application unit based on whether the DC power is supplied or not.
The smart card for defending against an electromagnetic wave error injection attack according to the present invention further includes a switch unit provided between the power generation unit and the application unit and the control unit detects the frequency information other than the registration frequency information The control unit turns off the switch unit to disconnect the electric power supply between the power generating unit and the application unit, thereby controlling the supply of the DC power to the application unit to be interrupted.
The smart card for defending against an electromagnetic wave error injection attack according to the present invention further includes a switch unit provided between the power generation unit and the application unit and the control unit detects the same frequency information as the registration frequency information The control unit turns on the switch unit to electrically connect the power generator to the application unit so that the DC power is supplied to the application unit.
The smart card for defending an electromagnetic wave error injection attack according to the present invention further includes a frequency information storage unit for storing the registered frequency information and the control unit controls the frequency information transmitted from the frequency information sensing unit and the frequency information storage unit And controls whether or not power is supplied based on whether or not the stored registration frequency information matches.
The smart card for defending the electromagnetic wave error injection attack according to the present invention further comprises a switch unit provided between the power generation unit and the application unit and a frequency information storage unit storing the registered frequency information, When the sensing unit senses frequency information other than the registered frequency information over a set time range by turning off the switch unit and disconnecting the electrical connection between the power generating unit and the application unit, And the supply of power is cut off.
In the smart card for defending an electromagnetic wave error injection attack according to the present invention, when the frequency information transmitted from the frequency information sensing unit does not match the registration frequency information stored in the frequency information storage unit, The frequency information transmitted from the information sensing unit is classified into suspect frequency information and is stored in the frequency information storage unit.
In the smart card for defending against an electromagnetic wave error injection attack according to the present invention, the control unit controls the suspicious frequency information stored in the frequency information storage unit to be transmitted to a management server at a remote location via a card terminal .
According to the present invention, when the frequency information that is inconsistent with the registered frequency information used in a normal operation is detected during the operation of the smart card, the card power itself is shut off, so that the smart card capable of defending an external electromagnetic- There is an effect that a card is provided.
In addition, since it is possible to add to the card a control means for detecting the frequency information, a means for interrupting the power supply of the card, and a very low computational amount for controlling the card, it is possible to provide a smart There is an effect that a card is provided.
1 is a diagram illustrating a smart card for defending against an electromagnetic wave error injection attack according to an embodiment of the present invention.
2 is a view for explaining an example of a concrete operation of a smart card for defending an electromagnetic wave error injection attack according to an embodiment of the present invention.
It is to be understood that the specific structural or functional description of embodiments of the present invention disclosed herein is for illustrative purposes only and is not intended to limit the scope of the inventive concept But may be embodied in many different forms and is not limited to the embodiments set forth herein.
The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that it is not intended to limit the embodiments according to the concepts of the present invention to the particular forms disclosed, but includes all modifications, equivalents, or alternatives falling within the spirit and scope of the invention.
The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element, The component may also be referred to as a first component.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like are used to specify that there are features, numbers, steps, operations, elements, parts or combinations thereof described herein, But do not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.
Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.
1 is a diagram illustrating a smart card for defending against an electromagnetic wave error injection attack according to an embodiment of the present invention.
Referring to FIG. 1, a smart card for defending an electromagnetic wave error injection attack according to an embodiment of the present invention includes an
The
More specifically, the
For example, the
The
The frequency
For example, when a normal smart card operation is performed, the
In addition, when an abnormal smart card operation is performed, for example, the
The
The
The frequency
The
As an example, when the smart card according to an embodiment of the present invention includes the
For example, when the smart card according to the embodiment of the present invention includes the
In a case where the smart card according to an embodiment of the present invention includes the frequency
In a case where the smart card according to an embodiment of the present invention includes the
In another example, when the frequency information received from the frequency
2 is a view for explaining an example of a concrete operation of a smart card for defending an electromagnetic wave error injection attack according to an embodiment of the present invention. Although an example of the non-contact type operation will be described with reference to Fig. 2, the present invention is not limited to this, and can also be applied to the contact type operation.
Referring to FIG. 2, in step S10, a process of bringing a smart card according to the present invention to a card terminal is performed. This step can be classified into normal operation and abnormal operation. 1) When a legitimate card user brings the card close to a normal card terminal, it corresponds to a normal operation. In this case, the
In step S20, a process is performed in which the
In step S30, the
In step S40, the frequency
In step S50, the process of transmitting the frequency information of the RF signal sensed by the frequency
In step S60, the
The
If it is determined in step S60 that the two frequency information do not coincide with each other, the process proceeds to step S80. In step S80, a process of determining whether or not a preset time has elapsed is performed. That is, in step S80, it is determined whether the frequency
The
In step S100, the
In step S110, a process of controlling the
As described in detail above, according to the present invention, when the frequency information that is inconsistent with the registered frequency information used in a normal operation is detected in the smart operation process, the card power source itself is shut off so that an external electromagnetic- There is an effect that a smart card capable of defending is provided.
In addition, since it is possible to add to the card a control means for detecting the frequency information, a means for interrupting the power supply of the card, and a very low computational amount for controlling the card, it is possible to provide a smart There is an effect that a card is provided.
10: RF antenna
20: Power generator
30: frequency information sensing unit
40:
50:
60:
70: Frequency information storage unit
Claims (7)
A power generator for converting a RF signal received by the RF antenna to generate a DC power;
A frequency information sensing unit for sensing frequency information of an RF signal received by the RF antenna;
An application unit operable to receive the DC power from the power generator; And
And a controller for controlling whether the DC power is supplied to the application unit based on whether the frequency information received from the frequency information sensing unit matches the registration frequency information.
Further comprising a switch unit provided between the power generation unit and the application unit,
The control unit
Wherein when the frequency information sensing unit senses frequency information other than the registration frequency information, the switch unit is turned off to disconnect an electrical connection between the power generation unit and the application unit, So as to block the supply of the electromagnetic wave error injection attack.
Further comprising a switch unit provided between the power generation unit and the application unit,
The control unit
Wherein the control unit turns on the switch unit to electrically connect the power generator to the application unit when the frequency information sensing unit senses the same frequency information as the registration frequency information so that the DC power is supplied to the application unit A smart card for defending against an electromagnetic wave error injection attack.
And a frequency information storage unit in which the registration frequency information is stored,
The control unit
Wherein the control unit controls whether power is supplied based on whether the frequency information received from the frequency information sensing unit matches registration frequency information stored in the frequency information storage unit.
A switch unit provided between the power generation unit and the application unit; And
And a frequency information storage unit in which the registration frequency information is stored,
The control unit
When the frequency information sensing unit senses frequency information other than the registration frequency information over a predetermined time range by turning off the switch unit and disconnecting the electrical connection between the power generation unit and the application unit, Wherein the controller is configured to control the supply of the DC power of the first power supply to the second power supply.
The control unit
And a control unit for classifying the frequency information received from the frequency information sensing unit as suspect frequency information when the frequency information transmitted from the frequency information sensing unit does not match the registration frequency information stored in the frequency information storage unit, Wherein the smart card is protected against electromagnetic wave error injection attacks.
The control unit
Wherein the controller controls the suspicious frequency information stored in the frequency information storage unit to be transmitted to a management server at a remote location via the card terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150172887A KR101697266B1 (en) | 2015-12-07 | 2015-12-07 | Smart card defensing electromagnetic fault injection attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150172887A KR101697266B1 (en) | 2015-12-07 | 2015-12-07 | Smart card defensing electromagnetic fault injection attack |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101697266B1 true KR101697266B1 (en) | 2017-02-01 |
Family
ID=58109288
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150172887A KR101697266B1 (en) | 2015-12-07 | 2015-12-07 | Smart card defensing electromagnetic fault injection attack |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101697266B1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20050027377A (en) * | 2003-09-15 | 2005-03-21 | 삼성전자주식회사 | Contactless integrated circuit card with real-time protocol switching function and card system including the same |
KR20060109308A (en) * | 2005-04-15 | 2006-10-19 | 주식회사 케이티프리텔 | Non contact type integrated circuit card and method for communicating data by multiprotocol |
KR20080079143A (en) * | 2007-02-26 | 2008-08-29 | 고려대학교 산학협력단 | Radio frequency identification card with esay security function and system for reading tag with this |
KR20090121457A (en) * | 2008-05-22 | 2009-11-26 | 김범규 | Power control unit with rfid |
KR101025421B1 (en) | 2009-11-27 | 2011-03-30 | 한국조폐공사 | Smart card system for defending electromagnetic analysis attack in smart card system |
-
2015
- 2015-12-07 KR KR1020150172887A patent/KR101697266B1/en active IP Right Grant
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20050027377A (en) * | 2003-09-15 | 2005-03-21 | 삼성전자주식회사 | Contactless integrated circuit card with real-time protocol switching function and card system including the same |
KR20060109308A (en) * | 2005-04-15 | 2006-10-19 | 주식회사 케이티프리텔 | Non contact type integrated circuit card and method for communicating data by multiprotocol |
KR20080079143A (en) * | 2007-02-26 | 2008-08-29 | 고려대학교 산학협력단 | Radio frequency identification card with esay security function and system for reading tag with this |
KR20090121457A (en) * | 2008-05-22 | 2009-11-26 | 김범규 | Power control unit with rfid |
KR101025421B1 (en) | 2009-11-27 | 2011-03-30 | 한국조폐공사 | Smart card system for defending electromagnetic analysis attack in smart card system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9813116B2 (en) | Secure near field communication solutions and circuits | |
CA2668333C (en) | Device for protecting contactless communication objects against fraud | |
EP3394781B1 (en) | Biometric device | |
US20180253634A1 (en) | Security protected passive rfid device | |
US20150006378A1 (en) | User devices, systems and methods for use in transactions | |
JP5523388B2 (en) | IC card with fingerprint authentication | |
KR101706592B1 (en) | Fingerprint type radio frequency smart card with enhanced security function and control method thereof | |
US8718552B2 (en) | Contactless communication with authorization by human contact | |
JP2010504580A (en) | RFID device expansion function | |
US20130211607A1 (en) | Power supplying apparatus and power supplying method | |
WO2017102984A1 (en) | Device | |
US20120149335A1 (en) | Contactless communication with authorization by human contact and visual indicator | |
JP2009031877A (en) | Contactless ic card, portable terminal equipment, start control method, and start control program | |
CN103391117A (en) | Secure near field communication solution and circuit | |
CA2752104C (en) | Smartcard protection device | |
KR101697266B1 (en) | Smart card defensing electromagnetic fault injection attack | |
CN101438303A (en) | Sensor with a circuit arrangement | |
CN105225105A (en) | The method for security protection that NFC pays and system | |
CN107451645B (en) | Near field communication circuit, method for operating the same, communication device and chip card | |
EP2264632B1 (en) | Electronic device with two communication interfaces and associated method for securing such device | |
US20230334131A1 (en) | Biometrically protected device | |
US11934502B2 (en) | RF communication device equipping with biometric sensor and preventing physical antenna hacking | |
Yuan et al. | A fast and simple method for obtaining microcircuit card information | |
Chernenko et al. | TECHNOLOGY AND DEVELOPMENT PROSPECTS OF BANK CARDS | |
JP5263890B2 (en) | Non-contact information medium communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GRNT | Written decision to grant |