However, I don’t believe that the smart card industry has yet found a way to live without it. Among the problems mentioned in the post, the “long lifecycle, no possible updates, new attacks” is the really annoying one. We can’t shrink the lifecycle, we can’t avoid new attacks, so the only workaround is to allow updates.

It seems easy, but an update mechanism introduces its own range of weaknesses. I can think about a few ways to make a really secure update mechanism, which resists to all the attacks I know. But then, I can’t think about designing one that will work against attacks that I don’t know.

About countermeasures, there is no clear boundary between hardware and software, and most hardware attacks are countered by a combination of hardware and software, so restricting obscurity to the hardware does not help.

Finally, I still believe that things have to evolve slowly, and that the first step cannot be to open source an industrial product. This means that we have to start with some kind of academic work, and first ensure that some license allows them to do so.

I still want to stress one point. You state that smart cards are built to withstand that kind of threat level. So wouldn’t it be sufficient just to keep the hardware counter measures secret? I mean if new kinds of attack appear anyway. And the ones you listed are not of the software kind (malicious/evil applets). My idea is that the community reviews the OS code and finds flaws now, which is better than later in the field. Sorry, but still don’t agree on: Obscurity is an interesting layer of defense.