Risks The smart card may involve many risks.

y Database errors: The DBMS may crash at a processing node. Executing the same transaction on a processing node with a replica may cause the backup to crash. Similarly the OS may crash at a node, generating the blue screen of death. A hardware failure in a local cluster may occur which includes memory failures, disk failures etc.A network failure in the WAN connecting clusters together and clusters may no longer all communicate with each other. Microprocessor Chip error and damage (Hardware issues): Although it is difficult to disrupt the data stored on smart cards, the chips can break, thus losing the data embedded on them. As the data on smart cards is stored in an electrically erasable format, the information stored on the cards can be erased on the application of voltage. Moreover, their security can be dampened by heating their controller to a high temperature. Probably the most severe disadvantage of smart cards is the fear of their theft. Security issues: Chips inside a smart card use different amounts of power to perform different operations. By hooking a card up to an oscilloscope, a pattern of power consumption can be measured. Particular computations create particular patterns of spikes in power consumption. Careful analysis of the peaks in a power consumption pattern can lead to the discovery of information about secret keys used during cryptographic computations. Sometimes the analysis is straightforward enough that a single transaction provides sufficient data to steal a key. More often, thousands of transactions are required through the canteen and shop keepers. The types of sensitive information that can leak include PINs and private cryptographic keys. Figure 8.2 is a conceptual diagram of DPA.

There are many myths associated with smart cards, such as students' concerns that their activities are being monitored by the University. This is typically not possible and the universities have no wish to collect this information. However, 25 percent of respondents mentioned that the students perception is that private information would be more freely accessible to university administrators/internal bodies. The students perception is that the private information would be more freely accessible to external bodies (example: off campus transactions) and this perception is crucial. Power glitching microprocessors: These form a part of security issues as they are designed to operate from a stable voltage wherein interruptions of the power supply are likely to crash running applications or reset the circuit. A power glitch will affect both the

stored and the threshold values. Different internal capacities will cause the values to be influenced differently, possibly resulting in a misinterpretation of the actual value. y Cost issue: Smart card readers are to be needed by every institution or college in order to implement the smart cards. These readers are expensive in comparison to the traditional methods followed by the college. So many of the colleges may not be able to collaborate with us. Operational risks:

1. Risk: We cannot deploy across multiple server types.  Result: Service will be inconsistent and inefficient.  Response: You can use multiple card vendors and servers if the cards are International Organization for Standardization (ISO) compatible and the certificates are recognizable throughout the installation process. The Windows for Smart Cards operating system is used by an increasing number of smart card vendors. Any vendor that uses Windows for Smart Cards can supply cards that you can prepare and deploy. You can also employ third-party management tools that are compliant with Windows for Smart Cards and compatible with Windows 2000. 2. Risk: Aggregate domain/card password overhead and maintenance becomes excessive.
 Result: You risk work stoppage and an overall increase in support overhead.  Response: The level of security agreed to in the vision/scope document sets the

tone for card support and maintenance, which will be an added layer for the support organization. Smart cards do not directly affect domain passwords. Smart cards add an extra layer that results in a more secure domain. The card has its own password. 3. Risk: Uncertain of certificate types to put on the card.
 Result: Security goals are not met.  Response: You can put Verisign, Microsoft Windows NT Certificate Server, and

Microsoft Exchange Key Manager certificates on a smart card. You must determine how much space you will need and locate a vendor that can supply you with cards of the necessary capacity. 4. Risk: Lost, forgotten, or locked card. Lack of consistency throughout the company.
 Result: You risk losing secured data.  Response: The response will vary depending on what the reader already has in

place with respect to corporate identification and building and asset access, compared with the level of security declared in the vision/scope document. In a strong environment, the user may need to visit the enrollment center. If the card is lost in a very strong environment, and the certificates are not available from a central repository, data secured by the card will be lost, and a new card is needed. In a more casual scenario, receptionists, group assistants, and managers may have the ability to recover the card or grant a temporary card. 5. Risk: Managing multiple card types will not be coordinated.

 Result: Security will be diluted to the extent that you grant control to a greater

number of people.
 Response: In general, three types of cards are used during deployment: a

master card, an enrollment card, and a user card. The user card can be further divided into two categories: permanent and temporary.