Breaking Up Is Hard to Do: Modeling Security Threats for Smart Cards

B. Schneier and A. Shostack

USENIX Workshop on Smart Card Technology, USENIX Press, 1999, pp. 175-185.

ABSTRACT: Smart card systems differ from conventional computer systems in that different aspects of the system are not under a single trust boundary. The processor, I/O, data, programs, and network may be controlled by different, and hostile, parties. We discuss the security ramifications of these "splits" in trust, showing that they are fundamental to a proper understanding of the security of systems that include smart cards.

[full text - PDF (Acrobat)] [full text - Postscript]

This paper is also available in a German translation by Philipp Gühring, and a Hungarian translation [PDF] by Kincses Zoli.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..