ABSTRACT
Smart card–based applications typically involve storing or processing user- or transaction-specific data or information, including user credentials, personal identification numbers (PINs), cryptographic keys, system software files, application-related data, and so forth, on the smart card or remote servers. These data are confidential in nature and become the prime target of various security attacks that may lead to breach of confidentiality, integrity violation, and lack of availability of the data to valid and authorized parties. The attacks can be conducted by internal or external sources of the operational scenario and require adequate system planning in a secure fashion. Considering the sensitivity of the data and the nature of impact, various countermeasures can be adopted to deal with security threats. This chapter discusses various data-level security attacks on smart card–based systems and applications and outlines some of the effective countermeasures for them.
