Scientists of the CTIT research institute at the University of Twente have together with their colleagues of the University of Leuven succeeded in securing chip cards against leaking confidential information. Through the use of smart algorithms it is now possible to better secure, for instance, bank cards, public transport chip cards and electronic keys of buildings and cars against hackers.
Every day, all around the world, we use billions of chip cards such as bank cards, electronic keys for buildings, cars or garage doors, and public transport chip cards. These cards are relatively simple to hack, as has happened with the OV-chipkaart (Dutch public transport card). After a chip card has been hacked, restoring the damage comes with a very high cost. Prof. Dr. Pieter Hartel, UT professor of Services, Cybersecurity and Safety research: "It's not just about the costs made to replace the entire system, for example, all bank cards; it's also the costs of everything that comes with it, such as reputation damage. The actual costs are therefore many times the millions of euros it costs to create all the new cards." UT PhD candidate Begül Bilgin developed clever ways to make chip cards more secure against the leaking of confidential information.
Bilgin especially looked into the leaking of confidential information from the chips. This leaking happens in several different ways. Hartel: "For example through energy consumption. Only by looking at how much energy the chip consumes during specific activities you can already discover what the chip is doing. The way and manner of energy consumption are really difficult to hide. In addition, by measuring the duration of the activity you can already draw conclusions about what the chip is doing." Bilgin drafted some smart algorithms to prevent information leaks. The techniques have initially been developed for hardware, but can also be used in software.
They are based on multi-party computation. Prof. Vincent Rijmen, Bilgin's thesis supervisor: "Simply put, multi-party computation is the splitting of confidential information into several parts. The sum of the parts together creates the key to the confidential information, but each separate part has no relation to the key. The processes are also split up, so that all separate parts of the key are never used in conjunction. Because of this, the energy consumption of the chip may be related to the processes that the chip is performing, but not to the secret key." Hartel: "You could compare it with a piece of paper that contains secret information. If you tear the paper in two you have two halves of a secret. In this case it's not a piece of paper, but a number. Bilgin has found a way with which you can divide the number and still use it in your processes." Bilgin's algorithms can be applied in future systems, which ensures that chip cards are secure against hackers.
Bilgin obtained her doctoral degree with distinction on 13 May with a double degree from the Services, Cybersecurity and Safety research department at the University of Twente and the Computer Security and Industrial Cryptography department at the University of Leuven. Her doctoral thesis is called "Threshold implementations."
Cite This Page: