Smart card security evaluation: Community solutions to intractable problems

Evaluation of smart card security faced seemingly intractable problems of consistency and repeatability in its early days. The deeply specialised technologies, large parameter spaces for attacks, and the evolving attack types and countermeasures mean that the scope for variation in evaluation practice, and hence in evaluation conclusions, is potentially huge. The situation is further complicated by the fact that countermeasures against some types of attacks depend on both hardware and software, but there is also a need to evaluate hardware without specific software present at the time of evaluation. Stakeholders in the smart card world have formed a Community that has successfully created and applied interpretation of Common Criteria (ISO 15408) to deal with this problem and to achieve international mutual recognition of evaluation results. This paper discusses examples of the smart card security problem in order to illustrate some of the difficulties, and describes some of the interpretation that has been defined for rating the difficulty of an attack via calculation of an attack potential. It also considers the nature of the Community that has enabled the interpretation to be both defined and put into practice successfully.