ID WORLD International Congress: Eva van Niekerk

This site will work and look better in a browser that supports web standards.

middleAbout ID WORLD 2011
middleID People Awards 2011
middleMedia Partners
middlePress Area
middleOther Events:
middleID WORLD Abu Dhabi
middleID WORLD Rio de Janeiro
middleVertical Forums
middleID WORLD 2010
middleID WORLD 2009
middleID WORLD 2008
middleID WORLD 2007
middleID WORLD 2006
middlePast Events

Eva van Niekerk

Security evaluator – Brightsight

Speaks at ID WORLD on Chip Security

Eva van Niekerk is security evaluator at Brightsight and active member of the R&D team. She is responsible for Brightsight’s knowledge management on cryptographic implementations and attack methodologies and regularly attends conferences to related topics. She has been involved in e-Passport security evaluation projects under the Common Criteria standard. Eva holds a Master in Mathematics and a Professional Doctorate in Engineering from the University of Eindhoven.

Key issues regarding privacy and security in e-Passports


Many smart cards are using proximity technology (RF) nowadays. Smart cards that perform cryptographic operations use secret keys, which are used for example in mobile payment applications. These applications are often put on a dual-interface card. Another example of the use of secret keys is for ensuring the confidentiality and integrity of the data in an e-passport, which generally is a contactless-only device. In both applications, and in many more, the secret keys are an asset and are of interest to an attacker.

There are several known attack possibilities, which must be countered by developer of the e-passport. Brightsight has investigated the possibilities to apply power analysis attack techniques to dual interface and contactless smart cards. Opposed to other attack methods this method is non-invasive, leaving no evidence on the smart card packaging.

This presentation addresses:

 Examples of interesting secret keys used in the e-passport ICAO specification;

 The attack characteristics (i.e. how to perform an attack);

 The tools and expertise necessary to perform an attack;

 Known techniques and implementation guidelines to counter an attack.

This presentation will show that the technique for performing DPA on contactless

smart cards should be considered mature. We will also explain why the attack should be considered in a dual-interface smart card even when the contact interface is already investigated. Concluding, we will argue there is a need for sufficient, proven measures to counter this attack, since RF is not an intrinsically secure technology.



Speaking on November 17

Access to the Conference requires the payment of the delegate fee: click here

Platinum Sponsor

Gold Sponsors

Silver Sponsor

Standard Sponsor

Morpho Hirsch SCM Jarltech Datalogic