Smart card
VaibhawMishra1
2,258 views
27 slides
Feb 21, 2017
Slide 1 of 27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
About This Presentation
smart cards for traznsactions
Slide Content
1
ABSTRACT
Smart card are often touted as “ secure” portable storage devices. A complete,
high level design methodology has been proposed for embedded information systems based on
smart card devices. However this methodology takes as granted that information stored on the
card will be really securely stored, and access control will be correctly maintained.
Unfortunately, standard and specifications, created by hardware and software vendors for the
both the card hardware and micro operating system which run it have been repeatedly proven
not have secure as they are, commonly supposed to be.
In this report we try to analyze the fault in existing standards and implementation
of content security for smart card embedded information system, and we try to suggest possible
ways(both hardware and software) to prevent security leaks. This report does not provide
breaking news, but rather tries to sum up the known techniques to attack smart card devices.
ABSTRACT
Smart card are often touted as “ secure” portable storage devices. A complete,
high level design methodology has been proposed for embedded information systems based on
smart card devices. However this methodology takes as granted that information stored on the
card will be really securely stored, and access control will be correctly maintained.
Unfortunately, standard and specifications, created by hardware and software vendors for the
both the card hardware and micro operating system which run it have been repeatedly proven
not have secure as they are, commonly supposed to be.
In this report we try to analyze the fault in existing standards and implementation
of content security for smart card embedded information system, and we try to suggest possible
ways(both hardware and software) to prevent security leaks. This report does not provide
breaking news, but rather tries to sum up the known techniques to attack smart card devices.
2
INDEX
Contents Page No.
1. Introduction 6-11
1.1 What is smart card? 6
1.1.1 Memory vs. Microprocessor
1.1.2 Contact vs. Contactless
1.2 Why Smart Card? 7
1.3 Classification of cards 8
1.4 OS based classification 8
1.5 Physical & Electrical Properties of Smart Card 9
1.5.1 Physical Dimension
1.5.2 Electrical properties
2. Smart Card CPU Architecture 12-17
2.1 Cryptographic capabilities 13
2.2 Data Transmission 13
2.3 Instruction Sets 13
2.4 Data Storage 14
2.5 Smart Card Readers Ports 15
2.6 Overview Current Smart Card Interfaces 16
3. Security Mechanisms 18-20
3.1 Password Verification 18
3.2 Cryptographic Verification 18
3.3 Biometric Technique 18
3.4 Working of Smart Card 19
3.5 Smart cards for Data Security 19
3.5.1 Host based system security 19
3.5.2 Card based system security 20
3.6 The Smart Card Security Advantage 20
INDEX
Contents Page No.
1. Introduction 6-11
1.1 What is smart card? 6
1.1.1 Memory vs. Microprocessor
1.1.2 Contact vs. Contactless
1.2 Why Smart Card? 7
1.3 Classification of cards 8
1.4 OS based classification 8
1.5 Physical & Electrical Properties of Smart Card 9
1.5.1 Physical Dimension
1.5.2 Electrical properties
2. Smart Card CPU Architecture 12-17
2.1 Cryptographic capabilities 13
2.2 Data Transmission 13
2.3 Instruction Sets 13
2.4 Data Storage 14
2.5 Smart Card Readers Ports 15
2.6 Overview Current Smart Card Interfaces 16
3. Security Mechanisms 18-20
3.1 Password Verification 18
3.2 Cryptographic Verification 18
3.3 Biometric Technique 18
3.4 Working of Smart Card 19
3.5 Smart cards for Data Security 19
3.5.1 Host based system security 19
3.5.2 Card based system security 20
3.6 The Smart Card Security Advantage 20
3
4. The Future : Internet Smart Card 21
4.1 What IP connectivity means 21
4.2 Security challenges with IP connectivity 21
5. Features of Smart Card 22-25
5.1 Advantages 22
5.2 Disadvantages 22
5.3 Special Features 23
5.4 Applications 23
5.6 Smart Card Examples 24
Conclusion
Figure Index
Figure 1: Examples of smart card 6
Figure 2: Smart card physical dimension 9
Figure 3: Inside a smart card 10
Figure 4: Connection diagram of smart card 10
Figure 5: architecture of smart card 12
Table Index
Table 1: Functional description 11
Table 2: sample Instruction Types 14
Table 3: Parts of various readers 15
Table 4: Some special features 23
4. The Future : Internet Smart Card 21
4.1 What IP connectivity means 21
4.2 Security challenges with IP connectivity 21
5. Features of Smart Card 22-25
5.1 Advantages 22
5.2 Disadvantages 22
5.3 Special Features 23
5.4 Applications 23
5.6 Smart Card Examples 24
Conclusion
Figure Index
Figure 1: Examples of smart card 6
Figure 2: Smart card physical dimension 9
Figure 3: Inside a smart card 10
Figure 4: Connection diagram of smart card 10
Figure 5: architecture of smart card 12
Table Index
Table 1: Functional description 11
Table 2: sample Instruction Types 14
Table 3: Parts of various readers 15
Table 4: Some special features 23
4
History
The smart card is one of the latest additions to the world of information technology. Similar in
size to today’s plastic payment card, the smart card has a microprocessor or memory chip
embedded in it that, when coupled with a reader, has the processing power to serve many
different applications. As an access-control device, smart cards make personal and business
data available only to the appropriate users. Another application provides users with the ability
to make a purchase or exchange value. Smart cards provide data portability, security and
convenience.
In 1968, German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent
for using plastic as a carrier for microchips.
In 1970, Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card
concept
In 1974, Roland Moreno of France files the original patent for the IC card, later dubbed the
“smart card.”
In 1977, three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger began
developing the IC card product.
In1979, Motorola developed first single chip Microcontroller for French Banking
In 1982,World's first major IC card testing is done.
In 1992,Nationwide prepaid card project started in Denmark
In 1999 ,Federal Government began a Federal employee smart card identification
History
The smart card is one of the latest additions to the world of information technology. Similar in
size to today’s plastic payment card, the smart card has a microprocessor or memory chip
embedded in it that, when coupled with a reader, has the processing power to serve many
different applications. As an access-control device, smart cards make personal and business
data available only to the appropriate users. Another application provides users with the ability
to make a purchase or exchange value. Smart cards provide data portability, security and
convenience.
In 1968, German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent
for using plastic as a carrier for microchips.
In 1970, Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card
concept
In 1974, Roland Moreno of France files the original patent for the IC card, later dubbed the
“smart card.”
In 1977, three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger began
developing the IC card product.
In1979, Motorola developed first single chip Microcontroller for French Banking
In 1982,World's first major IC card testing is done.
In 1992,Nationwide prepaid card project started in Denmark
In 1999 ,Federal Government began a Federal employee smart card identification
5
SMART CARD TECHNOLOGY
1. Introduction
Plastic ID cards are used extensively for identification and authentication purposes in various
applications such as driving licenses, Bank ATM card, Credit card, Club membership card, and
in various Academic and commercial organizations as well. Some of these cards contain a
magnetic-strip to make it machine readable. However these cards are not secure enough and
given the right kind of equipment, the information on these cards can be modified easily.
Smart card is the youngest and cleverest one in the family of identification card. Its
characteristic feature is in an integrated circuit embedded in the card, which has components
for the transmission, storage and processing of data. Smart card offers many advantages
compared to magnetic-strip card. One of the important advantages is that stored data can be
protected against unauthorized access and modification. Smart cards can be divided into two
groups according to the underlying technology. Cards in the first group use memory based
technology and provides a secure storage of data. Cards in the second group use
microprocessor cards and provide a standardized exchange of information to implement
authentication, verification, secure storage, encryption and decryption etc. Cards in this
category use an Operating System interface.
Fig 1: Example of smart card
SMART CARD TECHNOLOGY
1. Introduction
Plastic ID cards are used extensively for identification and authentication purposes in various
applications such as driving licenses, Bank ATM card, Credit card, Club membership card, and
in various Academic and commercial organizations as well. Some of these cards contain a
magnetic-strip to make it machine readable. However these cards are not secure enough and
given the right kind of equipment, the information on these cards can be modified easily.
Smart card is the youngest and cleverest one in the family of identification card. Its
characteristic feature is in an integrated circuit embedded in the card, which has components
for the transmission, storage and processing of data. Smart card offers many advantages
compared to magnetic-strip card. One of the important advantages is that stored data can be
protected against unauthorized access and modification. Smart cards can be divided into two
groups according to the underlying technology. Cards in the first group use memory based
technology and provides a secure storage of data. Cards in the second group use
microprocessor cards and provide a standardized exchange of information to implement
authentication, verification, secure storage, encryption and decryption etc. Cards in this
category use an Operating System interface.
Fig 1: Example of smart card
6
1.1 What is Smart Card?
A device that includes an embedded secure integrated circuit that can be either a secure
microcontroller or equivalent intelligence with internal memory or secure memory chip alone.
The card connects to a reader with a physical contact or with a remote contactless radio
frequency interface. With an embedded microcontrollers, smart cards have the unique ability to
secure the large amount of data, carry out their own on-card function & interact intelligently
with a smart card reader. Smart card confirms to international standards(ISO/IEC 7810
andISO/IEC 14443) and is available in variety of form factors,including plastic cards,SIM used
in GSM mobile phones and USB-based tokens.
1.1.1 Memory vs. microprocessor
Smart cards come in two varieties: memory and microprocessor. Memory cards simply store
data and can be viewed as a small floppy disk with optional security. A microprocessor card, on
the other hand, can add, delete and manipulate information in its memory on the card. Similar
to a miniature computer, a microprocessor card has an input/output port operating system and
hard disk with built-in security features.
1.1.2 Contact vs. contactless
Smart cards have two different types of interfaces: contact and contactless. Contact smart cards
are inserted into a smart card reader, making physical contact with the reader. However,
contactless smart cards have an antenna embedded inside the card that enables communication
with the reader without physical contact. A combi card combines the two features with a very
high level of security.
1.2 Why Smart Cards ?
High physical protection of the stored data, especially the private key.
Flexible configuration of access conditions to use the private key for signature operations.
Duplication of private keys can be prevented (this is not so with a soft PSE).
Security evaluation according ITSEC E4 high or CC EAL 4+ or even higher
Use of already available smart card infrastructures e.g. future ECC (European Citicen Cards) or
eHealth cards.
1.1 What is Smart Card?
A device that includes an embedded secure integrated circuit that can be either a secure
microcontroller or equivalent intelligence with internal memory or secure memory chip alone.
The card connects to a reader with a physical contact or with a remote contactless radio
frequency interface. With an embedded microcontrollers, smart cards have the unique ability to
secure the large amount of data, carry out their own on-card function & interact intelligently
with a smart card reader. Smart card confirms to international standards(ISO/IEC 7810
andISO/IEC 14443) and is available in variety of form factors,including plastic cards,SIM used
in GSM mobile phones and USB-based tokens.
1.1.1 Memory vs. microprocessor
Smart cards come in two varieties: memory and microprocessor. Memory cards simply store
data and can be viewed as a small floppy disk with optional security. A microprocessor card, on
the other hand, can add, delete and manipulate information in its memory on the card. Similar
to a miniature computer, a microprocessor card has an input/output port operating system and
hard disk with built-in security features.
1.1.2 Contact vs. contactless
Smart cards have two different types of interfaces: contact and contactless. Contact smart cards
are inserted into a smart card reader, making physical contact with the reader. However,
contactless smart cards have an antenna embedded inside the card that enables communication
with the reader without physical contact. A combi card combines the two features with a very
high level of security.
1.2 Why Smart Cards ?
High physical protection of the stored data, especially the private key.
Flexible configuration of access conditions to use the private key for signature operations.
Duplication of private keys can be prevented (this is not so with a soft PSE).
Security evaluation according ITSEC E4 high or CC EAL 4+ or even higher
Use of already available smart card infrastructures e.g. future ECC (European Citicen Cards) or
eHealth cards.
7
1.3 Classification Of Cards
Embossed : Textual information or designs on the card can be transferred to paper.
Magnetic-Stripe: Advantage over embossing is a reduction in the flood of paper documents.
Smart Cards: Greater capability to store.
Stored data can be protected against unauthorized access and tampering.
Memory functions such as reading, writing, and erasing can be done.
More reliable and have longer expected lifetimes.
Memory-Cards: Less expensive and much less functional than microprocessor cards. Contain
EEPROM and ROM memory, as well as some address and security logic. Applications are pre-
paid telephone cards and health insurance cards.
Microprocessor-Cards:Components of this type of architecture include a CPU, RAM, ROM,
and EEPROM.
Cryptographic-Coprocessor-Cards:A cryptographic coprocessor reduces the time required
for various operations. The coprocessors include additional arithmetic units developed
specifically for large integer math and fast exponentiation.
Drawback is the cost.
Beneficial for security.
Contactless-Smart Cards : Contacts are one of the most frequent failure points any
electromechanical system due to dirt, wear, etc.
Cards need no longer be inserted into a reader, which could improve end user acceptance.
No chip contacts are visible on the surface of the card.
Optical-Memory-Cards: These cards can carry many megabytes of data, but the cards can
only be written once and never erased with today’s technology.
1.4 OS Based Classification
Smart cards are also classified on the basis of their Operating System. There are many Smart
Card Operating Systems available in the market, the main ones being:
1.MultOS
1.3 Classification Of Cards
Embossed : Textual information or designs on the card can be transferred to paper.
Magnetic-Stripe: Advantage over embossing is a reduction in the flood of paper documents.
Smart Cards: Greater capability to store.
Stored data can be protected against unauthorized access and tampering.
Memory functions such as reading, writing, and erasing can be done.
More reliable and have longer expected lifetimes.
Memory-Cards: Less expensive and much less functional than microprocessor cards. Contain
EEPROM and ROM memory, as well as some address and security logic. Applications are pre-
paid telephone cards and health insurance cards.
Microprocessor-Cards:Components of this type of architecture include a CPU, RAM, ROM,
and EEPROM.
Cryptographic-Coprocessor-Cards:A cryptographic coprocessor reduces the time required
for various operations. The coprocessors include additional arithmetic units developed
specifically for large integer math and fast exponentiation.
Drawback is the cost.
Beneficial for security.
Contactless-Smart Cards : Contacts are one of the most frequent failure points any
electromechanical system due to dirt, wear, etc.
Cards need no longer be inserted into a reader, which could improve end user acceptance.
No chip contacts are visible on the surface of the card.
Optical-Memory-Cards: These cards can carry many megabytes of data, but the cards can
only be written once and never erased with today’s technology.
1.4 OS Based Classification
Smart cards are also classified on the basis of their Operating System. There are many Smart
Card Operating Systems available in the market, the main ones being:
1.MultOS
8
2.JavaCard
3.Cyberflex
4.StarCOS
5.MFC
Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM
and usually occupy lesser than 16 KB . SCOS handle:
• File Handling and Manipulation.
• Memory Management
• Data Transmission Protocols.
1.5 Physical and Electrical Properties of a Smart Card
1.5.1 Physical Dimensions The physical size of a smartcard is designated as ID-1. The
dimensions are 85.6 mm by 54 mm, with a corner radius of 3.18 mm and a thickness of
0.76mm. Specifications address such things as UV radiation, X-ray radiation, the card’s surface
profile, mechanical robustness of card and contacts, electromagnetic susceptibility,
electromagnetic discharges, and temperature resistance.
Fig2. Smartcard physical dimensions.
2.JavaCard
3.Cyberflex
4.StarCOS
5.MFC
Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM
and usually occupy lesser than 16 KB . SCOS handle:
• File Handling and Manipulation.
• Memory Management
• Data Transmission Protocols.
1.5 Physical and Electrical Properties of a Smart Card
1.5.1 Physical Dimensions The physical size of a smartcard is designated as ID-1. The
dimensions are 85.6 mm by 54 mm, with a corner radius of 3.18 mm and a thickness of
0.76mm. Specifications address such things as UV radiation, X-ray radiation, the card’s surface
profile, mechanical robustness of card and contacts, electromagnetic susceptibility,
electromagnetic discharges, and temperature resistance.
Fig2. Smartcard physical dimensions.
9
1.5.2 Electrical Properties The electrical specifications for smart cards are defined in
ISO/IEC 7816 and GSM 11.11. Most smart cards have eight contact fields on the front face;
however, two of these are reserved for future use.
ISO 7816 Design and use of identification cards having integrated circuits with contacts
(1987)
This standard in its many parts is probably the most important specification for the lower layers
of the IC card. The first 3 parts in particular are well established and allow total physical and
electrical interoperability as well as defining the communication protocol between the IC card
and the CAD (Card Acceptor Device).
Fig 3: Inside a Smart Card
Vcc
RST CLK
RFU
Vpp
I/O
GND
RFU
1.5.2 Electrical Properties The electrical specifications for smart cards are defined in
ISO/IEC 7816 and GSM 11.11. Most smart cards have eight contact fields on the front face;
however, two of these are reserved for future use.
ISO 7816 Design and use of identification cards having integrated circuits with contacts
(1987)
This standard in its many parts is probably the most important specification for the lower layers
of the IC card. The first 3 parts in particular are well established and allow total physical and
electrical interoperability as well as defining the communication protocol between the IC card
and the CAD (Card Acceptor Device).
Fig 3: Inside a Smart Card
Vcc
RST CLK
RFU
Vpp
I/O
GND
RFU
10
Fig 4: Connection Diagram of Smart Card
Table1: Functional description
Position Technical Abbreviation Function
C1 Vcc Supply Voltage
C2 RST Reset
C3 CLK Clock Frequency
C4 RFU Reserved for future use
C5 GRD Ground
C6 RFU Reserved for future use
C7 I/O Serial input/output communications
C8 RFU Reserved for future use
Fig 4: Connection Diagram of Smart Card
Table1: Functional description
Position Technical Abbreviation Function
C1 Vcc Supply Voltage
C2 RST Reset
C3 CLK Clock Frequency
C4 RFU Reserved for future use
C5 GRD Ground
C6 RFU Reserved for future use
C7 I/O Serial input/output communications
C8 RFU Reserved for future use
11
The Vcc supply voltage is specified at 5 volts ± 10%. There is an industry push for smartcard
standards to support 3-volt technology because all mobile phone components are available in a
3-volt configuration, and smartcards are the only remaining component, which require a mobile
phone to have a charge converter.
2. Smart card CPU Architecture
A smart card is a plastic card that contains an embedded integrated circuit (IC).Examples: Our
very Own T-Card!,Credit Cards,Cell Phone SIM Cards.They store and process Information.
Smart Cards Can be used to add authentication and secure access to information systems that
require a high level of security.
The different elements of the smart card are:
CPU( Central Processing Unit ): It is the heart of the chip.
Security logic: It detects abnormal conditions,e.g. low voltage.
Serial i/o interface: Used for contact to the outside world.
Test logic: self-test procedures.
ROM: Rom is card operating system, self-test procedures and have typically 16 kbytes, future
32/64 kbytes.
RAM:‘scratch pad’ of the processor, typically 512 bytes, in future 1 kbyte.
EEPROM: It is used as cryptographic keys,PIN code,biometric template,balance,application
code. It is typically 8 kbytes & in future 32 kbytes.
The Vcc supply voltage is specified at 5 volts ± 10%. There is an industry push for smartcard
standards to support 3-volt technology because all mobile phone components are available in a
3-volt configuration, and smartcards are the only remaining component, which require a mobile
phone to have a charge converter.
2. Smart card CPU Architecture
A smart card is a plastic card that contains an embedded integrated circuit (IC).Examples: Our
very Own T-Card!,Credit Cards,Cell Phone SIM Cards.They store and process Information.
Smart Cards Can be used to add authentication and secure access to information systems that
require a high level of security.
The different elements of the smart card are:
CPU( Central Processing Unit ): It is the heart of the chip.
Security logic: It detects abnormal conditions,e.g. low voltage.
Serial i/o interface: Used for contact to the outside world.
Test logic: self-test procedures.
ROM: Rom is card operating system, self-test procedures and have typically 16 kbytes, future
32/64 kbytes.
RAM:‘scratch pad’ of the processor, typically 512 bytes, in future 1 kbyte.
EEPROM: It is used as cryptographic keys,PIN code,biometric template,balance,application
code. It is typically 8 kbytes & in future 32 kbytes.
12
Fig 5: Architecture of smart card
2.1 Cryptographic Capabilities
Smart cards have sufficient cryptographic capabilities to support popular security applications
and protocols.
RSA signatures and verifications are supported with a choice of 512, 768, or 1024 bit key
lengths.
The Digital Signature Algorithm (DSA) is less widely implemented than RSA.
Smart cards support the ability to configure multiple PINs that can have different purposes.
Random number generation (RNG) varies among card vendors. Some implement a pseudo
RNG where each card has a unique seed. Some cards have a true, hardware based RNG using
some physical aspect of the silicon.
CPU
RAM
test logic
ROM
EEPROM
serial i/o
interface
security
logic
databus
s
Fig 5: Architecture of smart card
2.1 Cryptographic Capabilities
Smart cards have sufficient cryptographic capabilities to support popular security applications
and protocols.
RSA signatures and verifications are supported with a choice of 512, 768, or 1024 bit key
lengths.
The Digital Signature Algorithm (DSA) is less widely implemented than RSA.
Smart cards support the ability to configure multiple PINs that can have different purposes.
Random number generation (RNG) varies among card vendors. Some implement a pseudo
RNG where each card has a unique seed. Some cards have a true, hardware based RNG using
some physical aspect of the silicon.
CPU
RAM
test logic
ROM
EEPROM
serial i/o
interface
security
logic
databus
s
13
2.2 Data Transmissions
All communications to and from the smartcard are carried out over the C7 contact.
1.A card is inserted into a terminal; it is powered up by the terminal, executes a power-on-reset,
and sends an Answer to Reset (ATR) to the terminal.
2.The ATR is passed, various parameters are extracted, and the terminal then submits the initial
instruction to the card.
3.The card generates a reply and sends it back to the terminal.
The client/server relationship continues in this manner until processing is completed and the
card is removed from the terminal.
There are several different protocols for exchanging information in the client/server
relationship. They are designated "T=" plus a number.
The two protocols most commonly seen are T=0 and T=1, T=0 being the most popular.
2.2 Data Transmissions
All communications to and from the smartcard are carried out over the C7 contact.
1.A card is inserted into a terminal; it is powered up by the terminal, executes a power-on-reset,
and sends an Answer to Reset (ATR) to the terminal.
2.The ATR is passed, various parameters are extracted, and the terminal then submits the initial
instruction to the card.
3.The card generates a reply and sends it back to the terminal.
The client/server relationship continues in this manner until processing is completed and the
card is removed from the terminal.
There are several different protocols for exchanging information in the client/server
relationship. They are designated "T=" plus a number.
The two protocols most commonly seen are T=0 and T=1, T=0 being the most popular.
14
2.3 Instruction Sets
More than 50 instructions and their corresponding execution parameters are defined. .
Typically, a smartcard will implement only a subset of the possible instructions, specific to its
application. This is due to memory or cost limitations. Instructions can be classified by function
as follows:
Table 2:- sample Instruction Types
File selection
File reading and writing
File searching
File operations
Identification
Authentication
Cryptographic functions
File management
Instructions for electronic purses or credit cards
Operating system completion
Hardware testing
Special instructions for specific applications
Transmission protocol support
2.3 Instruction Sets
More than 50 instructions and their corresponding execution parameters are defined. .
Typically, a smartcard will implement only a subset of the possible instructions, specific to its
application. This is due to memory or cost limitations. Instructions can be classified by function
as follows:
Table 2:- sample Instruction Types
File selection
File reading and writing
File searching
File operations
Identification
Authentication
Cryptographic functions
File management
Instructions for electronic purses or credit cards
Operating system completion
Hardware testing
Special instructions for specific applications
Transmission protocol support
15
2.4 Data Storage
Data is stored in smart cards in E2PROM. Card OS provides a file structure mechanism.
File types may be in the form of Binary file (unstructured), Fixed size record file, Variable size
File structure
There are three categories of files,
Master file (MF)
Dedicated file (DF)
Elementary file (EF)
The Master file(MF) is a mandatory file for conformance with the standard and represents the
root of the file structure. It contains the file control information and allocable memory.
Depending on the particular implementation it may have dedicated files and /or elementary
files as descendants .
A dedicated file(DF) has similar properties to the master file and may also have other dedicated
files and/orelementary files as descendants.
MF
DF DF
DF
EF EF
EF
EF EF
2.4 Data Storage
Data is stored in smart cards in E2PROM. Card OS provides a file structure mechanism.
File types may be in the form of Binary file (unstructured), Fixed size record file, Variable size
File structure
There are three categories of files,
Master file (MF)
Dedicated file (DF)
Elementary file (EF)
The Master file(MF) is a mandatory file for conformance with the standard and represents the
root of the file structure. It contains the file control information and allocable memory.
Depending on the particular implementation it may have dedicated files and /or elementary
files as descendants .
A dedicated file(DF) has similar properties to the master file and may also have other dedicated
files and/orelementary files as descendants.
MF
DF DF
DF
EF EF
EF
EF EF
16
An elementary file(EF) is the bottom of any chain from the root MF file and may contain data
as well as file control information. An elementary file has no descendants. A number of
elementary file types are defined as follows,
. Working file
. Public file
. Application control file
2.5 Smart Card Readers Ports
All smartcard-enabled terminals, by definition, have the ability to read and write as long as the
smartcard supports it and the proper access conditions have been fulfilled.
Mechanically, readers have various options including: whether the user must insert/remove the
card versus automated insertion/ejection mechanism, sliding contacts versus landing contacts,
and provisions for displays and keystroke entry.
Table 3:- Parts of various readers
PCMCIA Excellent for traveling users
with laptop computers
Can be slightly more expensive. Many
desktop systems don't have PCMCIA
slots.
PS/2
Keyboard
Port
Easy to install with a wedge
adapter. Supports protected PIN
path.
Slower communication speeds.
Floppy Very easy to install Requires a battery. Communications
speed can be an issue.
USB Very high data transfer speeds. Not yet widely available. Shared bus
could pose a security issue.
Built-in No need for hardware or
software installation.
Not yet widely available.
An elementary file(EF) is the bottom of any chain from the root MF file and may contain data
as well as file control information. An elementary file has no descendants. A number of
elementary file types are defined as follows,
. Working file
. Public file
. Application control file
2.5 Smart Card Readers Ports
All smartcard-enabled terminals, by definition, have the ability to read and write as long as the
smartcard supports it and the proper access conditions have been fulfilled.
Mechanically, readers have various options including: whether the user must insert/remove the
card versus automated insertion/ejection mechanism, sliding contacts versus landing contacts,
and provisions for displays and keystroke entry.
Table 3:- Parts of various readers
PCMCIA Excellent for traveling users
with laptop computers
Can be slightly more expensive. Many
desktop systems don't have PCMCIA
slots.
PS/2
Keyboard
Port
Easy to install with a wedge
adapter. Supports protected PIN
path.
Slower communication speeds.
Floppy Very easy to install Requires a battery. Communications
speed can be an issue.
USB Very high data transfer speeds. Not yet widely available. Shared bus
could pose a security issue.
Built-in No need for hardware or
software installation.
Not yet widely available.
17
2.6 Overview current Smart Card Interfaces
Interface
Available
Smartcard
Functionality
Supported
PC
Operating
Systems
Availability Integration
Efforts
Timing
CT-API Whole smartcard
functionality
Always
Win32
and on
several
Unix
systems
Available for
all
smartcards
and
terminals
Strongly
dependent on
the
desired
functionality
Fast smartcard
access, but no
resource
management
PC/SC Dependence on
the
ServiceProviders
functions
Mostly
Win32
Available for
most
terminals and
smartcards
Different
smartcards
can
be supported
Strongly
dependent on
the
implementation
PKCS#11 Interface only
for PKI
applications
Win32,
Linux,
Solaris
Only
available for
some
combinations
Easy to use
in
combination
with PKI
Strongly
dependent on
the
implementation
2.6 Overview current Smart Card Interfaces
Interface
Available
Smartcard
Functionality
Supported
PC
Operating
Systems
Availability Integration
Efforts
Timing
CT-API Whole smartcard
functionality
Always
Win32
and on
several
Unix
systems
Available for
all
smartcards
and
terminals
Strongly
dependent on
the
desired
functionality
Fast smartcard
access, but no
resource
management
PC/SC Dependence on
the
ServiceProviders
functions
Mostly
Win32
Available for
most
terminals and
smartcards
Different
smartcards
can
be supported
Strongly
dependent on
the
implementation
PKCS#11 Interface only
for PKI
applications
Win32,
Linux,
Solaris
Only
available for
some
combinations
Easy to use
in
combination
with PKI
Strongly
dependent on
the
implementation
18
of smartcards
and
terminals
applications
OCF Strongly
dependent on the
different Card
Services
All systems
with a
Java runtime
environment
Available for
a few
terminals, all
CardServices
are seldom
implemented
Easy
integration
in Java
applications
and
Applets
Not very fast,
because of
Java-
Interpreter
3. Security Mechanisms
Password:For Card holder’s protection
Cryptographic challenge Response: Entity authentication
Biometric information: Person’s identification.
3.1 Password Verification
Terminal asks the user to provide a password. Password is sent to Card for verification.
Scheme can be used to permit user authentication. Not a person identification scheme.
3.2Cryptographic verification
Terminal verify card (INTERNAL AUTH)
Terminal sends a random number to card to be hashed or encrypted using a key. Card provides
the hash or cyphertext. Terminal can know that the card is authentic.
of smartcards
and
terminals
applications
OCF Strongly
dependent on the
different Card
Services
All systems
with a
Java runtime
environment
Available for
a few
terminals, all
CardServices
are seldom
implemented
Easy
integration
in Java
applications
and
Applets
Not very fast,
because of
Java-
Interpreter
3. Security Mechanisms
Password:For Card holder’s protection
Cryptographic challenge Response: Entity authentication
Biometric information: Person’s identification.
3.1 Password Verification
Terminal asks the user to provide a password. Password is sent to Card for verification.
Scheme can be used to permit user authentication. Not a person identification scheme.
3.2Cryptographic verification
Terminal verify card (INTERNAL AUTH)
Terminal sends a random number to card to be hashed or encrypted using a key. Card provides
the hash or cyphertext. Terminal can know that the card is authentic.
19
Card needs to verify (EXTERNAL AUTH)
Terminal asks for a challenge and sends the response to card to verify Card thus know that
terminal is authentic.Primarily for the “Entity Authentication”.
3.3 Biometric Technique
Finger print identification: Features of finger prints can be kept on the card (even verified on
the card). Photograph/IRIS pattern etc.such information is to be verified by a person. The
information can be stored in the card securely.
3.4 Working of Smart Card
3.5 Smart Cards For Data Security
There are two methods of using cards for data system security, host-based and card-based. The
safest systems employ both methodologies.
3.5.1Host Based System Security
It treats a card as a simple data carrier. All protection of the data is done from the host
computer. The card data may be encrypted but the transmission to the host can be vulnerable to
attack. A common method of increasing the security is to write in the clear (not encrypted) a
Card is inserted in the terminal
Card gets power. OS boots up. Sends
ATR (Answer to reset)
ATR negotiations take place to set up
data transfer speeds, capability
negotiations etc.
Terminal sends first command to
select MF
Card responds with an error (because
MF selection is only on password
presentation)
Terminal prompts the user to provide
password
Terminal sends password for
verification
Card verifies P2. Stores a status “P2
Verified”. Responds “OK”
Terminal sends command to select MF
again
Terminal sends command to read EF1
Card responds “OK”
Card needs to verify (EXTERNAL AUTH)
Terminal asks for a challenge and sends the response to card to verify Card thus know that
terminal is authentic.Primarily for the “Entity Authentication”.
3.3 Biometric Technique
Finger print identification: Features of finger prints can be kept on the card (even verified on
the card). Photograph/IRIS pattern etc.such information is to be verified by a person. The
information can be stored in the card securely.
3.4 Working of Smart Card
3.5 Smart Cards For Data Security
There are two methods of using cards for data system security, host-based and card-based. The
safest systems employ both methodologies.
3.5.1Host Based System Security
It treats a card as a simple data carrier. All protection of the data is done from the host
computer. The card data may be encrypted but the transmission to the host can be vulnerable to
attack. A common method of increasing the security is to write in the clear (not encrypted) a
Card is inserted in the terminal
Card gets power. OS boots up. Sends
ATR (Answer to reset)
ATR negotiations take place to set up
data transfer speeds, capability
negotiations etc.
Terminal sends first command to
select MF
Card responds with an error (because
MF selection is only on password
presentation)
Terminal prompts the user to provide
password
Terminal sends password for
verification
Card verifies P2. Stores a status “P2
Verified”. Responds “OK”
Terminal sends command to select MF
again
Terminal sends command to read EF1
Card responds “OK”
20
key that usually contains a date and/or time along with a secret reference to a set of keys on the
host. Each time the card is re-written the host can write a reference to the keys. This way each
transmission is different.
3.5.2 Card Based System Security
These systems are typically microprocessor card-based. A card, or token-based system treats a
card as an active computing device. The Interaction between the host and the card can be a
series of steps to determine if the card is authorized to be used in the system. The access to
specific information in the card is controlled by A) the card’s internal Operating System and
B) The preset permissions set by the card issuer regarding the files conditions. There are
predominately two types of card operating systems. First type of card OS is Classic approach .
The second methodology is the Disk Drive approach
3.6 The Smart Card Security Advantage
Some reasons why smartcards can enhance the security of modern day systems are:
PKI is better than passwords ,
Portability of Keys and Certificates,
Auto-disabling PINs Versus Dictionary Attacks,
Counting the Number of Private Key Usages.
4. The Future : Internet Smart Card
Internet smart cards is one of the latest additions to the world of information technology.
Similar in size to today’s plastic payment card, the smart card has a microprocessor or memory
chip embedded in it that, when coupled with a reader, has the processing power to serve many
different applications. This card is connected with Internet protocols & having some IP
Address. It is connected as like a GSM –SIM cards.
key that usually contains a date and/or time along with a secret reference to a set of keys on the
host. Each time the card is re-written the host can write a reference to the keys. This way each
transmission is different.
3.5.2 Card Based System Security
These systems are typically microprocessor card-based. A card, or token-based system treats a
card as an active computing device. The Interaction between the host and the card can be a
series of steps to determine if the card is authorized to be used in the system. The access to
specific information in the card is controlled by A) the card’s internal Operating System and
B) The preset permissions set by the card issuer regarding the files conditions. There are
predominately two types of card operating systems. First type of card OS is Classic approach .
The second methodology is the Disk Drive approach
3.6 The Smart Card Security Advantage
Some reasons why smartcards can enhance the security of modern day systems are:
PKI is better than passwords ,
Portability of Keys and Certificates,
Auto-disabling PINs Versus Dictionary Attacks,
Counting the Number of Private Key Usages.
4. The Future : Internet Smart Card
Internet smart cards is one of the latest additions to the world of information technology.
Similar in size to today’s plastic payment card, the smart card has a microprocessor or memory
chip embedded in it that, when coupled with a reader, has the processing power to serve many
different applications. This card is connected with Internet protocols & having some IP
Address. It is connected as like a GSM –SIM cards.
21
4.1 What IP Connectivity Means
Future smart cards will act as network devices (server or client):
i. Implementation of a TCP/IP stack on the smart card.
ii. Support of network management/configuration
iii. Availability of on-card services via application-level
iv. protocols (at least HTTP)
v. Triggering of different applications via communication channels, allowing concurrent
program execution
4.2 Security Challenges with IP Connectivity
i. A simple port scan cannot be misused to analyze the smart card and gain information about
active services and servers on the smart card.
ii. Typical attacks which use buffer overflows in a server to execute malicious code will be
impossible on smart cards.
iii. Unauthorized commands which manipulate input in HTML forms processed by a Common
Gateway Interface (CGI) on the smart card will be impossible.
iv. The network management necessary for organizing the IP connectivity of the smart cards
cannot be used for attacks, as the case in other IT systems.
v. Authentication and encryption is mandatory for safe connections which are resistant against
known attacks (e.g., Man-In-The-Middle prevented from sniffing and spoofing).
vi. Standard security protocols such as SSL/TLS are used in a high-performance
implementation to ensure interoperability to other network devices.
vii. Vendors of smart card operating systems will assure that the wide variety of network
attacks (e.g., spoofing, sniffing, fragmentation attacks, session hijacking, D/DoS, etc.)
cannot be transferred to the future TCP/IP based smart card world.
4.1 What IP Connectivity Means
Future smart cards will act as network devices (server or client):
i. Implementation of a TCP/IP stack on the smart card.
ii. Support of network management/configuration
iii. Availability of on-card services via application-level
iv. protocols (at least HTTP)
v. Triggering of different applications via communication channels, allowing concurrent
program execution
4.2 Security Challenges with IP Connectivity
i. A simple port scan cannot be misused to analyze the smart card and gain information about
active services and servers on the smart card.
ii. Typical attacks which use buffer overflows in a server to execute malicious code will be
impossible on smart cards.
iii. Unauthorized commands which manipulate input in HTML forms processed by a Common
Gateway Interface (CGI) on the smart card will be impossible.
iv. The network management necessary for organizing the IP connectivity of the smart cards
cannot be used for attacks, as the case in other IT systems.
v. Authentication and encryption is mandatory for safe connections which are resistant against
known attacks (e.g., Man-In-The-Middle prevented from sniffing and spoofing).
vi. Standard security protocols such as SSL/TLS are used in a high-performance
implementation to ensure interoperability to other network devices.
vii. Vendors of smart card operating systems will assure that the wide variety of network
attacks (e.g., spoofing, sniffing, fragmentation attacks, session hijacking, D/DoS, etc.)
cannot be transferred to the future TCP/IP based smart card world.
22
5. Features of Smart Card
5.1 Advantages
In comparison to it’s predecessor, the magnetic strip card, smart cards have many advantages
including:
i. Life of a smart card is longer
ii. A single smart card can house multiple applications. Just one card can be used as your
license, passport, credit card, ATM card, ID Card, etc.
iii. Smart cards cannot be easily replicated and are, as a general rule much more secure than
magnetic stripe cards
iv. Data on a smart card can be protected against unauthorized viewing. As a result of this
confidential data, PINs and passwords can be stored on a smart card. This means,
merchants do not have to go online every time to authenticate a transaction
v. Chip is tamper -resistant
- information stored on the card can be PIN code and/or read-write protected
- capable of performing encryption
- each smart card has its own, unique serial number
vi. Capable of processing, not just storing information
- Smart cards can communicate with computing devices through a smart card reader
- information and applications on a card can be updated without having to issue new
cards
vii. A smart card carries more information than can be accommodated on a magnetic stripe
card. It can make a decision, as it has relatively powerful processing capabilities that
allow it to do more than a magnetic stripe card (e.g., data encryption).
5.2 Disadvantages
i. Can be lost/stolen
ii. Lack of user mobility – only possible if user has smart card reader every he goes
iii. Working from PC – software based token will be better
iv. No benefits to using a token on multiple PCs to using a smart card
v. Still working on bugs
5. Features of Smart Card
5.1 Advantages
In comparison to it’s predecessor, the magnetic strip card, smart cards have many advantages
including:
i. Life of a smart card is longer
ii. A single smart card can house multiple applications. Just one card can be used as your
license, passport, credit card, ATM card, ID Card, etc.
iii. Smart cards cannot be easily replicated and are, as a general rule much more secure than
magnetic stripe cards
iv. Data on a smart card can be protected against unauthorized viewing. As a result of this
confidential data, PINs and passwords can be stored on a smart card. This means,
merchants do not have to go online every time to authenticate a transaction
v. Chip is tamper -resistant
- information stored on the card can be PIN code and/or read-write protected
- capable of performing encryption
- each smart card has its own, unique serial number
vi. Capable of processing, not just storing information
- Smart cards can communicate with computing devices through a smart card reader
- information and applications on a card can be updated without having to issue new
cards
vii. A smart card carries more information than can be accommodated on a magnetic stripe
card. It can make a decision, as it has relatively powerful processing capabilities that
allow it to do more than a magnetic stripe card (e.g., data encryption).
5.2 Disadvantages
i. Can be lost/stolen
ii. Lack of user mobility – only possible if user has smart card reader every he goes
iii. Working from PC – software based token will be better
iv. No benefits to using a token on multiple PCs to using a smart card
v. Still working on bugs
23
5.3 Special Features:
Table 4: Some special features
Hardware Software
Closed package decoupling applications and operating system
memory encapsulation application separation (Java card)
Fuses restricted file access
Curity logic (sensors) life cycle control
cryptographic coprocessors and random
generator
various cryptographic algorithms and
protocols
5.4 Applications
People worldwide are now using smart cards for a wide variety of daily tasks, these include:
1. Loyalty And Stored Value: Stored value is more convenient and safer than cash.
2. Security Information And Physical Assets: Smart cards achieve great physical security,
because the card restricts access to all but the authorized user(s).
E-mail and PCs are being locked-down with smart cards.
3. E-Commerce: Smart cards make it easy for consumers to securely store information and
cash for purchasing.
4. Personal Finance: This will improve customer service by availing 24-hour electronic funds
transfers over the Internet.
Reduction in cost as transaction can be managed electronically saving time and paperwork.
5. Health Care: Smart cards provide secure storage and distribution of everything from
emergency data to benefits status.
6. Telecommuting And Corporate Network Security: Users can be authenticated and
authorized to have access to specific information based on preset privileges.
7. Campus Badging And Access: Identity cards of employees and students can be enhanced to
incorporate identity with access privileges and store value for cafeterias and stores.
5.3 Special Features:
Table 4: Some special features
Hardware Software
Closed package decoupling applications and operating system
memory encapsulation application separation (Java card)
Fuses restricted file access
Curity logic (sensors) life cycle control
cryptographic coprocessors and random
generator
various cryptographic algorithms and
protocols
5.4 Applications
People worldwide are now using smart cards for a wide variety of daily tasks, these include:
1. Loyalty And Stored Value: Stored value is more convenient and safer than cash.
2. Security Information And Physical Assets: Smart cards achieve great physical security,
because the card restricts access to all but the authorized user(s).
E-mail and PCs are being locked-down with smart cards.
3. E-Commerce: Smart cards make it easy for consumers to securely store information and
cash for purchasing.
4. Personal Finance: This will improve customer service by availing 24-hour electronic funds
transfers over the Internet.
Reduction in cost as transaction can be managed electronically saving time and paperwork.
5. Health Care: Smart cards provide secure storage and distribution of everything from
emergency data to benefits status.
6. Telecommuting And Corporate Network Security: Users can be authenticated and
authorized to have access to specific information based on preset privileges.
7. Campus Badging And Access: Identity cards of employees and students can be enhanced to
incorporate identity with access privileges and store value for cafeterias and stores.
24
8. Retail: Sale of goods using Electronic Purses, Credit / Debit
Vending machines, Loyalty programs, Tags & smart labels
9.Entertainment: Pay-TV & Public event access control & Car Protection
10. Government: Identification ,Passport & Driving license & Copiers
5.6 Smart Card Examples
5.6.1 Travel Card Example
An example of the services that might be included on a multi-function travel card:
Services that are permanently installed in the card by the card issuer might include:
Electronic ticketing ,Air miles ,Cash replacement
Services that might be added for a particular trip include: Hotel coupons & Car vouchers
8. Retail: Sale of goods using Electronic Purses, Credit / Debit
Vending machines, Loyalty programs, Tags & smart labels
9.Entertainment: Pay-TV & Public event access control & Car Protection
10. Government: Identification ,Passport & Driving license & Copiers
5.6 Smart Card Examples
5.6.1 Travel Card Example
An example of the services that might be included on a multi-function travel card:
Services that are permanently installed in the card by the card issuer might include:
Electronic ticketing ,Air miles ,Cash replacement
Services that might be added for a particular trip include: Hotel coupons & Car vouchers
25
5.6.2 Student Card Example
An example of the services that might be included on a Student card:
Services that are permanently installed in the card by the card issuer might
include: School computer access ,Vending machines ,Phone, & Library
Services that might be added on later include: E-mail security & Carpool
roster .
5.6.2 Student Card Example
An example of the services that might be included on a Student card:
Services that are permanently installed in the card by the card issuer might
include: School computer access ,Vending machines ,Phone, & Library
Services that might be added on later include: E-mail security & Carpool
roster .
26
Conclusion
Smart cards have proven to be useful for transaction, authorization, and
identification media.
They will soon replace all of the things we carry around in our wallets, including
credit cards, licenses, cash, and even family photographs.
Smart cards could be used to voluntarily identify attributes of ourselves no matter
where we are or to which computer network we are attached.
Smart card technology is emerging, applications are everywhere.
Smart cards enhance service and security.
Perfect security does not exist, even not for smart cards.
Risk analysis is essential.
Conclusion
Smart cards have proven to be useful for transaction, authorization, and
identification media.
They will soon replace all of the things we carry around in our wallets, including
credit cards, licenses, cash, and even family photographs.
Smart cards could be used to voluntarily identify attributes of ourselves no matter
where we are or to which computer network we are attached.
Smart card technology is emerging, applications are everywhere.
Smart cards enhance service and security.
Perfect security does not exist, even not for smart cards.
Risk analysis is essential.
27
References
1.G. Gaskell. Integrating Smart Cards into Kerberos, Masters Thesis, Queensland
University of Technology, February 2000. [PDF]
2.Victor S. Miller. Use of elliptic curves in cryptography. In H.C. Williams,
editor, Advances in Cryptology -- CRYPTO '85, vol. 218 of Lecture Notes in
Computer Science, pp. 417--426. Springer-Verlag, 1986. [PDF]
3.. Abadi, M. Burrows, C. Kaufman, and B. Lampson. Authenticationand
delegation with smart-cards. Technical Report 67, DEC Systems Research
Center, October 1990. [PDF] In order to delegate authority across a network, a
user must have encryption capabilities. Smart cards can solve this problem. This
paper looks at various authentication techniques and protocols using smart cards.
References
1.G. Gaskell. Integrating Smart Cards into Kerberos, Masters Thesis, Queensland
University of Technology, February 2000. [PDF]
2.Victor S. Miller. Use of elliptic curves in cryptography. In H.C. Williams,
editor, Advances in Cryptology -- CRYPTO '85, vol. 218 of Lecture Notes in
Computer Science, pp. 417--426. Springer-Verlag, 1986. [PDF]
3.. Abadi, M. Burrows, C. Kaufman, and B. Lampson. Authenticationand
delegation with smart-cards. Technical Report 67, DEC Systems Research
Center, October 1990. [PDF] In order to delegate authority across a network, a
user must have encryption capabilities. Smart cards can solve this problem. This
paper looks at various authentication techniques and protocols using smart cards.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 2,258
- Slides 27
- Favorites 3
- Age 3209 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views