Smart Card Introduction

1
Smart Card Introduction

• Pieter Hartel

( Read K. M. Shelfer, J. D. Procaccino, Smart
Card Evolution, CACM 45(7)83-88, Jul. 2002 D.
Huseman, The Smart Card, IEEE Concurrency
7(2)24-27, Apr. 1999 D. Praca, C. Barral, From
smart cards to smart objects, Computer Networks,
36(4)381-389, Jul. 2001 Ch14 of R. Anderson,
Security Engineering, Wiley, 2001)
2
Overview

• Past Phone card
• Present Java Card
• Future Multi function card

3
History

• Dethloff (1968), Arimura (1970), Moreno (1974)
• First chip by Motorola Bull (1977)
• France Telecom phone card (1984)
• Java Card (1995)
• SCIA 2.8 Billion cards (2000)

4
Form factors
53.98 mm
85.6 mm
0.76 mm
5
Gartner Group
Max. Data Capacity Processing Power Cost of Card Cost of Reader
Mag Stripe 140 bytes None 0.20-0.75 750
Memory 1 Kbyte None 1-2.50 500
IC 8 Kbyte 8/16/32 7-15 500
Optical 5 Mbyte None 7 - 12 3,500 - 4,000
6
What makes the card smart?

• CPU (8-bit, 16/23 bit)
• Memory (RAM, ROM, EEPROM/Flash)
• I/O channel (Contact/Contact less)
• Cryptographic co-processor
• On card devices (Fingerprint, display)
• Standards (ISO 7816, GSM, EMV, VOP, CEPS)

7
A variety of terminals

• Embedded system
• Standards (ISO 7816, PC/SC, OCF)

8
Applications

• Bank card ()
• GSM SIM card gt 200 Million (EU)
• Health card gt 100 Million (D, F)
• Pay-TV gt 100? Million ()
• ID card gt 5 Million (USA)
• Transport (HK)
• Campus card (UK,)

9
Considerations for use?

• Value to be protected
• On-line / off-line -- Mondex
• What do we trust?
• Management flexibility
• Tamper resistance
• Mobility
• Cost

10
Security features

• Symmetric crypto fast
• Asymmetric crypto slow
• Hardware random number generator
• Hardware tamper resistance (passive, active)

11
Research issues
How many cards do you Have? Own?

• Who owns the card?
• Which logo?
• Backups?
• Privacy?
• Attacks

12
Attacks not specifically on smart cards

• Operational problems
• Blackmail
• Burglary
• Bribery
• Software bugs
• Hardware attacks

13
Attacker classification (IBM)

• I Clever outsiders
• II Knowledgeable insiders
• III Funded Organisations

14
Low cost attacks (I)

• Stop cancellation messages
• Block EEPROM writes by isolating Vpp
• Single step the processor

15
Low cost attacks continued (I)

• Remove passivation layer use probing station

16
Sophisticated attacks (II or I)

• Focused Ion beam
• Microscope
• Milling
• Deposit conductors Insulators
• Can be rented for few hundred per hour

17
Protection

• Know what to protect
• Procedures
• Protocols
• Know who your opponents are
• Security by obscurity does not work

18
Software

• Java Card (to be continued)
• Smart Cards for Windows
• Basic card
• Mondex
• Proprietary

19
Future

• Display
• Biometrics
• 32-bit CPU
• Large memory
• Battery
• Comms

20
Communication

• ISO 7816-4 typically 9600 bps
• USB PC based
• Bluetooth power

www.fingerchip.com
21
Displays

• Plastic/ glass
• Emissive/ non-emissive
• Refresh/ bi-stable
• Segment/ dot-matrix/ graphic
• Problems connections, yield, power, thickness

22
Clock Power

• Cristal 0.6 mm/ MEMS
• Problems thickness, power density, when to
  recharge

23
Conclusions

• Affordable tamper resistance technology
• Versatile technology
• Getting it right is difficult

24
Assignment

• Do you have a problem that smartcards can help
  solve?
• Each to write idea(s) on post-it
• Group post-its
• Give the requirements
• Sketch a specification
• Calculate the cost