© Dreamstime
Experimental feature

Listen to this article

Experimental feature

If you have used a mobile phone or a credit card, then you should thank Joan Daemen and Pierre-Yvan Liardet for making them safer.

The Belgian and French cryptologists, who were among the finalists for the European Inventor of the Year awards, are responsible for rethinking the chips found in sim cards and credit cards.

Before their breakthrough, these chips suffered from a major flaw. Each chip stemmed from a “master card”, which — if it fell into the wrong hands — could be used to clone other cards in a bank’s network.

If this happened, then the companies that issued them — ranging from mobile phone operators to the world’s biggest banks — had little choice but to scrap all the cards stemming from the master card and send out new ones.

With about 9bn cards in circulation, this could prove expensive and inconvenient. The solution devised by the duo who work at Franco-Italian chipmaker STMicroelectronics, was simple.

Their idea was that a master card should be able to communicate with a user’s card only once, when it sends an encryption key to the new card. Once the card has responded, and the data has been transferred, the channel is closed and cannot be accessed again — even by the master card. While this does not stop hackers from being able to access the master cards, it makes it practically pointless to do so.

In the end, it is brutal economics that finally defeats hackers, says Mr Daemen.

While the costs of security should plunge thanks to such inventions, the cost of trying to break safeguards should increase, meaning that “the adversary has to spend a billion to deliver himself millions”. “We have to remove the business case of the attacker,” declares Mr Daemen.

This is how he sees his role at STMicroelectronics. “It is a process of trying continuously to improve the security and make it more cost effective,” he explains.

While the technology behind “chip and pin” cards has been the norm in Europe for a while, it is only now becoming common in the US.

“There is a big investment to migrate to chip cards,” says Mr Daemen. “It would cost more to migrate than the frauds we are having. But the frauds are going up.”

Get alerts on Cyber Security when a new story is published

Copyright The Financial Times Limited 2018. All rights reserved.

Follow the topics in this article