SMART CARDS

1
SMART CARDS

• Contents of todays lecture
• 1. Introduction
• What is a smart card?
• Use of SMs
• Objectives
• Future views
• HST-project
• 2. Technology
• Physical structure
• Different types of SMs
• Chip
• Standards

• 3. Security issues
• Features
• Authentication
• Signatures
• SET
• 4. Applications
• Multiple Application Smart Card Systems
• Electronic Smart Passport/Visa
• Different applications of the future

2
Introduction to smart cards- What is a smart
card?

• A credit card-sized plastic token with an
  embedded microchip (integrated circuit chip)
• Provides
• Persistent, protected storage
• Memory capacity (4K - 32K is typical)
• Computational capability and Processing power (a
  small CPU)
• Self-contained
• ? Doesnt need to depend on potentially
  vulnerable external resources
• Today, smart cards are used by millions of
  cardholders worldwide and are at work in more
  than 90 countries, primarily in Europe and the
  Far East, processing point-of-sale transactions,
  managing records, and protecting computers and
  secure facilities.

3
SMART? Usage of smart cards

• In different applications which require strong
  security protection and authentication
• Identification card
• Medical card
• Credit/debit bank card (as an electric wallet)
• All require sensitive data to be stored on the
  card, such as
• biometrics information
• personal medical history
• cryptographic keys for authentication
• Logging on to networks
• Wirelessly
• Public transport payments (tickets) etc.

4
Objectives

• Accelerate and harmonize the development and the
  use of sms
• Interoperability
• - Build a consensus for system interoperability
• - Harmonize smart cards based infrastructures
  across sectors
• Multi-application cards
• - Advance smart card technology for seamless use
  of multi-application cards.
• - Contribute to the development of innovative
  applications and services.
• Security of transactions
• - Agree on common protection profiles and
  specifications.
• - Develop certification services and
  cryptography support.
• User Acceptance of Smart cards
• Accessibility

5
Interoperability

• different cards are usually not interchangeable
• Memory cards usually have different interface
  characteristics from microprocessor cards
• different data formats and/or electrical signals
  across the interface between card and terminal
• provide the different mixes of applications that
  various types of cardholder will want (BUT
  rarely accepted at the moment)
• A rare example of an attempt at interoperability
• The UK EMV bank debit/credit card scheme demands
  interchangeability from its various suppliers -
  and gets it at the level at which the cards are
  used by the cardholder.

6
Future views

• Smart cards are the keys to the media and
  information revolution no matter whether it is
  wired or wireless
• magnetic strip card will be replaced and
  integrated together into a multi-application card
• Use becomes daily
• Will be used to carry a lot of sensitive and
  critical data
• issues about whether or not the smart card is
  secure and safe enough to store that information

7
HST-project (Finnish research in 1999)

• A Governmental project in Finland to build
  national Public Key Infrastructure (PKI).
• Key concept in HST is Electronic ID-card, smart
  card which contains users cryptographic keys and
  certificates.
• With this card and other PKI components person
  can be digitally identified in Internet where he
  or she can use it for example to sign documents.
• Card contains its own operating system, special
  RSA-processor, specific software and
  certificates. In the card there are two
  certificates and private keys one for
  authentication and encryption, other one for
  digital signature. Certificates are protected
  with PIN-codes which are only known to the card
  owner.
• More of this can be read at
• http//www.tcm.hut.fi/Opinnot/Tik-110.401/1999/Tut
  kielmat/kolsi/HST.pdf

8
Technology

• Physical structure
• Different types of SMs
• Chip / Standards

9
Physical Structure

• Made up of three elements
• A physical card (plastic)
• A printed circuit chip
• An integrated circuit chip (microcontroller)
• (Chips are embedded on the card)
• Printed circuit conforms to ISO standard 7816/3
  which provides five connection points for power
  and data
• The printed circuit protects the circuit chip
  from mechanical stress and static electricity
• The capability of a smart card is defined by its
  integrated circuit chip.
• Chip made from silicon which is not flexible and
  particularly easy to break
• In general, the size, the thickness and bend
  requirements for the smart card are designed to
  protect the card from being spoiled physically

10
Different types of SMs

• Java cards
• SIM cards
• eCash cards
• Contact / Contactless Smart Cards
• Proximity cards
• Hybrid/twin cards
• Combi cards

11
Contact / Contactless Smart Cards

• CONTACT
• Cards the size of a conventional credit or debit
  card with a single embedded integrated circuit
  chip that contains just memory or memory plus a
  microprocessor.
• Popular Uses Network security, vending, meal
  plans, loyalty, electronic cash, government IDs,
  campus IDs, e-commerce, health cards

• CONTACTLESS
• Cards containing an embedded antenna instead of
  contact padsattached to the chip for reading and
  writing information contained in the chip's
  memory.
• Popular Uses Student identification, electronic
  passport, vending, parking, tolls, IDs

12
Proximity cardsHybrid/twin cardsCombi cards

• "Prox cards" communicate through an antenna
  similar to contactless smart cards except that
  they are read-only.
• Uses Security, identification and access control
  
• Cards containing two or more embedded chip
  technologies such as a prox chip with its antenna
  and a contact smart chip with its contact pads
  are Hybrid/twin cards.
• Uses Accommodates legacy system infrastructure
  while adding applications that require different
  e-card technologies
• The combi card has one smart chip embedded in the
  card that can be accessed. This form of smart
  card is growing in popularity because it provides
  ease-of-use and high security in a single card
  product. 
• Uses Mass transit and access control combined
  with other applications such as network security,
  vending, meal plans, loyalty, etc.

13
Java card

• The Java Card specifications enable Java
  technology to run on smart cards and other
  devices with limited memory
• Multi-Application Capable
• - Java Card technology enables multiple
  applications to co-exist securely on a single
  smart card
• Dynamic
• - New applications can be installed securely
• Secure
• - relies on the inherent security of the Java
  programming language to provide a secure
  execution environment.
• - platform's proven industry deployments and
  security evaluations ensure that card issuers
  benefit from the most capable and secure
  technology available today.

14
CHIP - What does the chip contain and what is it
made for?

• Made for the portable storage and retrieval of
  data
• Used memory types
• ROM Read only memory (mask ROM)
• PROM Programmable read only memory
• EPROM Erasable programmable ROM
• EEPROM Electrically erasable PROM
• RAM Random access memory
• Memory-only chips are functionally similar to a
  small floppy disk.
• Chips that contain both memory and a
  microprocessor are also similar to a small floppy
  disk, except they contain an "intelligent"
  controller used to securely add, delete, change,
  and update information contained in memory.

15
Standards

• The standardization of smart card systems is an
  ongoing process. One of the standards most
  referred to is the ISO-7816 standard. It is
  divided as follows
• Part 1 Physical characteristics
• Part 2 Dimensions and location of the contacts
• Part 3 Electronic signals and transmission
  protocols
• Part 4 Industry commands for interchange
• Part 5 Number system and registration procedure
  for application identifiers
• Part 6 Interindustry data elements
• Present projects
• Smart MEIJI is a joint project designed to
  reinforce co-operation between Europe and Japan
  in the field of smart cards

16
SECURITY ISSUES

• - Features
• - Authentication
• - Signatures
• - SET

17
Security features

• An important aspect to smart cards to prevent
  unauthorized users from gaining access to
  information contained on the card.
• The advantage smart cards have over magnetic
  stripe cards is that the smart card contains the
  computer chip which stores the password or PIN.
• the password is not sent over a communication
  line to a computer system for verification, which
  can easily be tapped.
• most important part of a smart card is the
  software that provide the applications
• It has been established that any secure
  transaction involves 6 generic functions
• Data Protection
• Identification of the cardholder
• Mutual authentication
• Secure writing
• Certification or signature
• Encryption
• The security imposed to protect the transmission
  between the card and the outside world by the
  mean of cryptographic technique in order to
  control the
• writing operation
• authentication the card or the terminal
• origin of the message
• transmission of cryptographic keys

18
Authentication

• The most common method used for cardholder
  verification at present is to give the cardholder
  a PIN (Personal Identification Number) which he
  or she has to remember.
• PINs can be stolen or abused.
• The only truly effective method of Cardholder
  Verification is the measurement of a
  physiological characteristic unique to an
  individual and incapable of fraudulent
  replication or abuse.
• Biometrics
• Iris and Retinal scans,
• Face or Hand geometry,
• DNA,
• most acceptable attribute is the fingerprint.

19
Signatures

• Electronic signatures in combination with a PKI.
• Loaded with private key(s), public key
  certificates and some ways to point securely to
  non-repudiation policies
• The loading procedure and the data formats need
  to be specified.
• The use of standardized APIs to allow electronic
  signature enabled applications to interface with
  any kind of smart card is to be considered
• Blind signatures allow privacy features to be
  built into applications.
• Ecash, for instance, uses blind signatures to
  offer payer anonymity.
• Privacy issues are certain to play an
  increasingly important role in the continuing
  development of digital signature applications.

20
SET (Secure Electronic Transaction)

• When a purchase is made
• - the user's credit card account information is
  verified as authentic to the vendor and then
  debited at the user's financial institution.
• - All transmissions of information are secure
  through the use of the SET (Secure Electronic
  Transaction) Protocol 1.0, developed by Visa and
  MasterCard, which encrypts all data during
  transmission.

21
APPLICATIONS

• Application areas
• Multiple Application Smart Card Systems
• Different applications of today and the future

22
Applications

• With advanced technologies special solutions for
  various applications have been created with smart
  cards, for example in the fields of
• Mobile telephony
• Gaming and Wagering
• Healthcare systems
• Network security
• Personnel access
• Logistics management
• Multiple basic application areas and industries
  in our daily lives

23
Multi-application sms

• Most of the smart card systems in use today serve
  one purpose and are related to just one process
• smart telephone card
• electronic money
• medical card
• electronic identification card
• All of these applications are stored in different
  smart card systems separately ? require users to
  carry multiple cards for multiple applications
• The smart card has the capability to integrate
  those applications together to form a multiple
  application card by utilizing its embedded
  microprocessor and memory storage spaces.
• 3 different infrastructures of multiple
  application smart card systems

24
LAST SLIDE

• Any questions ?
• Thank you for your time!

25
2. Security

• 2.1 Introduction
• 2.2 Life cycle of smart card
• 2.3 Logical Structure
• 2.4 Access Control

26
2.1 Introduction

• What makes the smart card better than normal
  magnetic stripe card?
• The advantage smart cards have over magnetic
  stripe cards is that the smart card contains the
  computer chip which stores the password or PIN
• Therefore, the password is not sent over a
  communication line to a computer system for
  verification, which can easily be tapped.

27
2.2 Life cycle of smart card

• Divided into five phases (on most smart cards)
• These phases justified by
• Limitation of transfer and access of data is
  incremental throughout different phases
• Different areas of smart card protected
  throughout the life cycle

28
2.2.1 Fabrication phase

• Carried out by the chip manufacturers
• A Fabrication Key (KF) is added to protect the
  chip
• unique and is derived from a master manufacturer
  key
• Fabrication data will be written to the circuit
  chip

29
2.2.2 Pre-personalisation phase

• Done by Card manufacturers
• Chip will be mounted on the plastic card
• The connection between the chip and the printed
  circuit will be made
• Fabrication key (KF) changed to Personalisation
  key (KP)
• Personalisation lock Vper
• No further modification of the KF
• Physical memory access instructions will be
  disabled
• Access of the card can be done only by using
  logical memory addressing

30
2.2.3 Personalisation phase

• Conducted by the card issuers
• Data files contents and application data are
  written to the card
• Information of card holder stored to the chip
  (PIN, Unlocking PIN)
• Utilisation lock Vutil
• No further modification of the KP

31
2.2.4 Utilisation phase

• Phase for the card owners use of the card
• Access of information on the card will be limited
  by the security policies set by the application

32
2.2.5 End-of-Life phase

• Two ways
• 1. invalidation lock
• All operations will be disabled (except read)
• 2. Control system irreversibly blocks access
• All operations will be disabled

33
2.2.6 Summary of life-cycle
Areas/Phases Fabrication Pre-personalisation Personalisation Utilisation End-of-Life
Access mode Physical addressing Physical addressing Logical addressing Logical addressing Logical addressing
System Not accessible Not accessible Not accessible Not accessible Not accessible
Fabrication (keys) Write KF Write KP Not accessible Not accessible Not accessible
Fabrication (data) Read, write, erase Read Read Read Read
Directory Read, write, erase Read, write, erase According to logical file access conditions According to logical file access conditions According to logical file access conditions
Data Read, write, erase Read, write, erase According to logical file access conditions According to logical file access conditions According to logical file access conditions
Optional code Read, write, erase Read, write, erase Not accessible Not accessible Not accessible
Table 1 Phases and access rights of smart
card's life cycle(Source Philips DX smart card
reference manual, 1995)
34
2.3 Logical Structure

• After a smart card is issued to the consumer,
  protection of the card will be controlled by the
  application operating system mainly
• Access of data has to be done through the logical
  file structure on the card

35
2.3 Logical Structure (2)

• A smart card can be viewed as a disk drive,
  including
• master file (MF) (similar to root in e.g. MS-DOS)
• dedicated files (DFs) (similar to normal folder)
• elementary files (EFs) (similar to normal files)

36
2.3 Logical Structure (3)
                                                
            Figure 2 Logical file structure of
smart card
37
2.3 Logical Structure (4)

• In short,
• the file structure of the smart card OS is
  similar to other common OS such as UNIX
• However, it provides a greater security control
• accessing conditions and file status field for
  each file header
• file lock

38
2.4 Access Control

• Each file attached with a header which indicates
  the access conditions
• The fundamental principle of the access control
  is based on the correct presentation of PIN
  numbers
• Primarily, the access conditions can be divided
  into five following non-hierarchical levels -gt

39
2.4 Access Control (2)

• Always (ALW)
• no restrictions
• Card holder verification 1 2 (CHV1 2)
• Access granted if valid CHV presented
• Administrative (ADM)
• Allocation and administrative authority
• Never (NEV)
• Access always forbidden

40
2.4 Access Control (3)

• PIN presentations
• PIN and unblocking PIN
• Stored in separate elementary files (EF)
• Access conditions prevent changes
• Changes can be made by issuing old and new PIN
• If both PINs fail, irreversible blockage will
  occur

41
3. Attacks

• 3.1 Introduction
• 3.2 Logical attacks
• 3.3 Physical attacks
• 3.4 Mathematical attacks
• 3.5 Conclusions

42
3.1 Introduction

• Target of attacks
• The secret of the cryptographic algorithm
• The keys stored
• The access control
• Information strored on card

43
3.2 Logical attacks

• Starting point
• EEPROM (electrically erasable programmable read
  only memory) write operations can be affected by
  unusual voltages and temperatures -gt
• information can be trapped by raising or dropping
  the supplied voltage to the microcontroller

44
3.2 Logical attacks (2)

• Example 1. Attack of PIC16C84 microcontroller
• Erasing the memory by raising the voltage VCC
  (Supply voltage) to VPP (Programming voltage) -
  0.5V

45
3.2 Logical attacks (3)

• Example 2. Attack on DS5000 security processor
• A short voltage drop can release the security
  lock without erasing the secret data sometimes

46
3.2 Logical attacks (4)

• Example 3. Usage of analogue random generator
• Creates cryptographic keys that will produce an
  output of almost all 1s when the supply voltage
  is lowered slightly.

47
3.2 Logical attacks (5)

• Prevention of logical attacks
• some security processors implemented sensors
  which will cause an alarm when there is any
  environmental changes

48
3.3 Physical attacks

• Invasive physical attacks
• Reverse engineering of the circuit chips
• erasing the security lock bit by focusing UV
  light on the EPROM
• probing the operation of the circuit by using
  microprobing needles
• using laser cutter microscopes to explore the chip

49
3.3 Physical attacks (2)

• Example 1. Invasive physical attacks
• Circuit chip removed from the plastic card
• The resin dissolved
• The acid and resin washed away
• gtgtgtgtgt The chip can be examined and attacked
  directly (only for US 30)

50
3.3 Physical attacks (3)

• Example 2. Attacking by reverse engineering
  circuit chips (High quality laboratory needed)
• etching away a layer of a chip at a time
• thin film of a metal attached to chip creating a
  diode -gt filmed with electron beam
• PCs image processing system software used to
  analyze the pictures
• ?The layout and function of the chip can then be
  identified

51
3.3 Physical attacks (4)

• also
• Technique developed by IBM can be used to observe
  the operation of the chip. As a result its secret
  can be fully revealed

52
3.3 Physical attacks (5)

• Prevention of physical attacks
• Acid added to chip ?when the chip is tampered,
  acid destroys all vital information on the chip

53
3.4 Mathematical attacks

• Done by mathematical geniuses
• Fully theoretical
• Usage of complicated mathematical calculations
  and formulas

54
3.5 Conclusions

• Today's, most of the attacks available are
  classified as attacks where the cost associated
  to break the system are far more than the cost of
  the system itself, or it has to spend several or
  hundred years of computing power to break into a
  single transaction

55
3.5 Conclusions (2)

• ..but still questions remain
• Can the PIN code be downloaded by the card reader
  and then stored somewhere?
• When signature is used it is still possible that
  you dont know what youre signing?!