In a general smart card system, neither the card nor the reader its inserted into, is supposed to trust the other, as either could be a fake.
Further, the mechanism used to establish the trust (eg challenge-response) could be observed by a "man in the middle", so should be designed to resist replay attack.
Yet its scary how easy it is to get this wrong -- e.g. some of the satellite TV conditional access hacks came about as a result of random number generators always yielding a predictable (short) sequence, facilitating a basic replay attack without the hackers even realizing there was an otherwise-passable challenge-response at work.
Even more scary, on a related note, not that long ago I witnessed the implementation of a network security "protocol" for a rather prominent US defense contractor, where the latter insisted that authentication was to be achieved by encrypting an access password with AES256 using a static shared secret, refusing to allow any type of challenge-based auth, and failing to see any problem with always encrypting the same plaintext with the same key (which obviously yields the same result on the wire every time, making it a breeze to replay without needing any understanding of the underlying "encryption").
Further, the mechanism used to establish the trust (eg challenge-response) could be observed by a "man in the middle", so should be designed to resist replay attack.
Yet its scary how easy it is to get this wrong -- e.g. some of the satellite TV conditional access hacks came about as a result of random number generators always yielding a predictable (short) sequence, facilitating a basic replay attack without the hackers even realizing there was an otherwise-passable challenge-response at work.
Even more scary, on a related note, not that long ago I witnessed the implementation of a network security "protocol" for a rather prominent US defense contractor, where the latter insisted that authentication was to be achieved by encrypting an access password with AES256 using a static shared secret, refusing to allow any type of challenge-based auth, and failing to see any problem with always encrypting the same plaintext with the same key (which obviously yields the same result on the wire every time, making it a breeze to replay without needing any understanding of the underlying "encryption").