Smart card, the stealth leaker

Abstract

Information leakage is a major issue for homeland security. When entering and leaving certain countries which are particularly concerned by their national security, electronic devices such as mobile phones and laptops are examined, as well as data storage devices such as USB sticks and mobile hard drives. Technical investigations can be more or less thorough, and might lead up to confiscation of the material in case of doubt. At the same time, the use of smart cards is spreading over the world, mainly as a mode of payment, in public transportation or as SIM cards in mobile phones. These usages are widely adopted, in particular due to the security benefits delivered by these systems. But smart card technologies can also be used in an unconventional way to efficiently hide information crossing national borders. Smart cards have been designed as objects which ensure security in an untrustworthy environment. Their main function is to protect from the outside world and to hide their ways of working. A smart card is a programmable device, close to a very small computer, in which it is possible to hide functionalities impossible to detect. Today, it becomes possible to use a smart card in an unconventional manner, by using its storage and cryptographic capacities to carry information in an undetectable way, under the cover of a harmless common object. The following action could take place in any international airport: a sensitive list of identities and codes which should not been intercepted has to leave the country, the carrier even does not know he brings such of list within his SIM card. In the same way, one could use a smart card as a vector of infection in a closed environment, as modern operating systems now include the protocol layers necessary for their usage.