La Carte à Puce - Nicolas Courtois · 25 Nicolas T. Courtois 2006-2009 Vocabulary magnetic stripe card IC= Integrated Circuit ICC, chip card : • memory card • wired logic card

La Carte à Puce

Nicolas T. Courtois 1, ex. 2

1 - University College of London, UK2 = [Axalto+Gemplus]

Smart Cards

2 Nicolas T. Courtois 2006-2009

Scope and References

Smart Cards


What are Smart Cards ?The eternal tension in the industry:

competition � cooperation.

1. huge set of standards:• public bodies: ISO/IEC, ETSI, etc.• 10s of intra-industry standard bodies such as

GlobalPlatform, TCG

2. many industrial/commercial/trade/security secrets

Smart Cards


Books About Smart Cards

1) Security Engineering [Cambridge]• by Ross Anderson• MUCH larger scope, may selectively read

Chapters 3-5,10,11,16, 22,26 etc.

2) Smart Card Handbook [Germany, 2002]• by Wolfgang Rankl and Wolfgang Effing

3) Smart Card Applications [Germany, 2007]• by Wolfgang Rankl

4) LATEST BOOK [RHUL, 2008]Smart Cards, Tokens, Security and Applications

• by Keith Mayes and Konstantinos Markantonakis (Editors)

Smart Cards


RemarkWhat do we learn from these books:• A lot of things [1000s of pages].But still many things are missing:• Full specs of products?• Full specs of chips?• Details of advanced security countermeasures?• Secret crypto algorithms + padding• Details of authentication protocols• Some little tricks that make big difference…The industry cultivates a lot of secrecy(!).

But at the same they publish 100s of papers they have 1000s of patents, and runs 10s of standard bodies… Many things are not that secret. Just obscure.

Smart Cards


Motivation in a Nutshell

Smart Cards


Key RemarkSoftware CANNOT be protected by software.

Smart Cards


Main Function of a Smart Card = = to be “a secure hardware device”.

1. ”intelligent” (Smart): the card – handles computations (e.g. crypto)– manages data (OS, file system, access rights)– takes informed security decisions (…block itself !)

2. Hopefully ”unbreakable”: nobody can know/modify what is inside.

USB interface ISO, [USB], [RF]

ISO, [USB,RFRFRF]

USB Token form factorSIM card form factor

credit card form factor

Smart Cards


“The Loophole”

Smart Cards


Magnetic Stripe Cards [since 60s]

Which one is counterfeit ?

Chip cards: much harder to read, much harder to counterfeit.

Smart Cards


Recall:Two sorts of technologies:A) Those that are effective if deployed at 20%:

Examples: 1. virus detection (as opposed to removal / fighting the viruses), 99 %2.2.2. email / hard disk encryption, 20 %email / hard disk encryption, 20 %email / hard disk encryption, 20 %3.3.3. making the entry/authentication harder, as an option for the usemaking the entry/authentication harder, as an option for the usemaking the entry/authentication harder, as an option for the user, 20%r, 20%r, 20%

B) Those that are totally ineffective even at 99%:Examples:Examples:Examples:

1.1.1. virus removal,virus removal,virus removal,2.2.2. buggy antibuggy antibuggy anti---virus: virus: virus: “““your antiyour antiyour anti---virus has just restarted due to an internal virus has just restarted due to an internal virus has just restarted due to an internal

errorerrorerror”…”…”…3.3.3. we click YES for 1 % of the security alerts out of fatiguewe click YES for 1 % of the security alerts out of fatiguewe click YES for 1 % of the security alerts out of fatigue………

••• certificates are frequently invalidcertificates are frequently invalidcertificates are frequently invalid………••• it invalidates the 99 % of the time we did prevent the intrusionit invalidates the 99 % of the time we did prevent the intrusionit invalidates the 99 % of the time we did prevent the intrusion………

we lost our timewe lost our timewe lost our time4.4.4. if some ATMs still accept a blankif some ATMs still accept a blankif some ATMs still accept a blank magmagmag---stripe only cards, the whole stripe only cards, the whole stripe only cards, the whole

purpose of chips on bank cards is nearly defeatedpurpose of chips on bank cards is nearly defeatedpurpose of chips on bank cards is nearly defeated………

Smart Cards


Magnetic Stripe Bank Cards - Loophole:

As long as some merchants accept them, they will be fraud…

In France:Since the introduction of smart cards: Fraud decreased 10 times

in 10 years.

Smart Cards


Philosophy / Model for Security of Smart Cards

Smart Cards


Why Smart Cards Are Good

Or are they?

The classical model for smart card security[Schneier and Schostack 1999]

is about • Splitting the security perimeter:

• One entity cannot breach the other people’s security?

• Hardware barriers that cannot be breached by software,• Motto: Software cannot protect software.

• Physical control of the card, • By the user, if it is in my pocket, it is not being hacked…

• And trusting the entities involved…• Companies/people involved in this business can compromise it’s security (backdoors etc!)

slightproblem..

Smart Cards


“Slight Problem” - Example:

The secrecy of the product spec can be:• An extra security layer,

– if hackers need 3 months more to get it, this can be worth millions of dollars in revenue…

• A source of unexpected and critical security vulnerabilities – that by the fact of being hidden

gives an utterly false sense of security.

Smart Cards


History

Smart Cards


Short Plastic Card History1878 US fiction writer Bellamy: In 2000 everybody will be paying

by a credit card (!). Cf. Edward Bellamy “Looking Backward, 2000 to 1887”.

1914-1940 Metal credit cards in the US, forbidden during WW2forbidden during WW2forbidden during WW21950 Invention of plastic money (PVC): Frank McNamara@Diners Club

[NY, USA] issues first universal plastic [charge] credit cards .

1967 First cash machines [DeLaRue] with punch cards.

1967 France: first magnetic stripe card for access control.

1972 [UK] First on-line ATM with magnetic stripe cards.

Smart Cards


History - Chip Cards1960s1. French science-fiction book “La nuit de temps” by

René Barjavel: A portable object/jewel that opens doors.

2. Plastic credit cards were standardized and used since the 50s [plastic money].

1970s: 1+2 = Embedding electronic components in credit cards: Many patents in USA, Germany, Japan and then France.

Smart Cards


Historical Patents

Smart Cards


Smart Card Odyssey

Two Key Patents:• Roland Moreno [France]:

– chip card [1974]– security limitations [1975]

• Michel Ugon, Bull CP8: – microprocessor card [1977]

10 years ago, half of chip cards in the world were French. Wider adoption around 2000.

Smart Cards


First Smart Card - Bull CP8

Around 1980, 2 chips, CPU+RAM, not very secure!

CP8 = Circuit Programmable 8 bits, CP8 = Circuit Programmable 8 bits, CP8 = Circuit Programmable 8 bits, Carte Carte Carte ààà Puce 8 bitsPuce 8 bitsPuce 8 bits

Smart Cards


SPOM, October 1981 - Bull CP8

Patented• NMOS 3,5 µ, • 42 K Transistors,• RAM: 36 bytes (!), • ROM: 1,6 Kbytes, • EPROM: 1 Kbyte

Smart Cards


History of Electronic Bank Cards - in 1984:Schlumberger pilot in Lyon, France: • a simple wired logic card

Bull CP8 pilot in Blois, France: • a microprocessor card

The banks adopted the Bull CP8 solution, the fore-father of current smart bank cards (EMV).

100% in France in 1992. 100% in the world around 2010 ?

=> Close the loophole.

Gemplus

Smart Cards


Vocabulary, Typology, Features

Smart Cards


Vocabulary

magnetic stripe card

IC= Integrated CircuitICC, chip card :• memory card

• wired logic card• smart card

carte à piste magnétique

puce, circuit intégrécarte à puce :• carte à mémoire• c. à logique câblée• carte à microprocesseur[+crypto co-processeur]

Smart Cards


More Vocabulary

card reader, CAD (Card Acceptance Device)

BO’ card [1985-2004]EMV card [1996-2020?]

lecteur carte

carte bancaire françaisenouveau standard

Smart Cards


Types of cards

memory/wired logic microprocessor

micropr.+crypto contactless

Source: Gartner, 2005

0 CPU

2 CPU

1 CPU

1-2 CPU

Smart Cards


Memory/Wired Logic CardMemory/Wired Logic Card

• Primitive• NVM – non-

volatile memory(E2PROM, Flash

memory)• simple function• e.g. prepay card

Smart Cards


Smart CardSmart Card

• Microcontroller = CPU+memory

• Universal, Turing machine, software driven

• flexibility• security features• [Hardware DES]

Smart Cards


CryptoCrypto--processor IC Cardsprocessor IC Cards

• Additional crypto-processor for RSA or elliptic curves

• Hardware security counter-measures

Smart Cards


ContactContact--less Smart Cardless Smart Card

• with RF transceiver• 0.1 s transaction

– much less energy– even less computing

power

Smart Cards


Memory on Smart Cards• ROM (‘hard mask’: C/Assembly, contains OS,

secure file access, I/O, libraries[crypto!], JVM) = 100 - 300 Kbytes now

• RAM = 4-16 K now(expensive, first Bull CP8 card had 36 bytes)

• NVM: (‘soft mask’, compiled C, more libraries…)– EPROM: 1980s, high voltage needed to erase it– E2PROM: 8-64 Kbytes,

recently 128-256 K GSM SIM.– New trend: Flash memory:

• Much cheaper, dense and shrinkable process.• Random read, harder to manage,

hard to re-write and very slow to erase.• Spansion 2006: 1 Giga in a SIM card!

≈≈≈≈≈≈≈≈10001000 times slower times slower to writeto write than RAMthan RAM

Smart Cards


Memory – R/Erase Memory

• Exists in Certain Memory Cards• In E2PROM,the transition from 0->1 is VERY

VERY slow. – But this is a security feature!– Read-Erase Memory (cannot 0->1):

≈≈≈≈≈≈≈≈10001000 times slowertimes slower

Smart Cards


Life Cycle of a Smart Card [ISO 10202-1]• Manufacturing: [e.g. Infineon, Gemalto]

– ROM <= ‘hard mask’, remove test functionality

• Initialize: [e.g. Gemalto, Card Issuer]– E2PROM <= ‘soft mask’, completing O.S. install

• Personalize: [Card Issuer]– Init apps– E2PROM <= data, keys etc. for an individual user!

• Use it: [e.g. ATM]– issue commands (APDUs)

• Death: [e.g. local bank]– invalidate the chip / destroy the card.

Smart Cards


****Perso Process

Smart Cards


Functionalities of Chip/Smart Cards

Smart Cards


Advantages of Smart Card

• storage capacity• security functionalities• multiple functions• user acceptability, effective packaging• successful business model

Smart Cards


Crypto Functionalities of a Smart Card (1)

• Cardholder verification by the card. – Check PIN or biometric data.– Not always done with crypto, but otherwise

necessary to activate the crypto capabilities of the card.

• Key generation, its secure storage, safe “usage” and (why not) erasure.

• Encrypt data (public and secret key)– emails, files, etc… e.g. PGP PKI badge– secure messaging

Smart Cards


Crypto Functionalities of a Smart Card (2)Authentication – from weaker to stronger:• Integrity checks (CRC, or better: cryptographic hash).• Origin checks (storing a static signature)• Dynamic Challenge-Replay card authentication (proof of

identity, should be a Zero-knowledge mechanism).• Dynamic authentication of any data with a 3-DES

cryptogram or a MAC (symmetric-key signatures).• Dynamic authentication of any data with a “real” (=public-

key) digital signature. – Provides authenticity and non-repudiation of every individual action

taken in a complex protocol !

• Also verification: the authenticity of a terminal / external word.

Smart Cards


Smart Card Applications

Smart Cards


Some Applications of a Smart Card

• PayTV - Broadcast Encryption and Traitor Tracing.– First PayTV Card: Philips+Bull, 1980-81

• Storing private data (emails, passwords etc…)• First phone cards with a chip: [1983 Schlumberger

Télécarte, France], [1984 G&D Telekarte, Germany], Remark: wired logic, contact placement later changed

• GSM / 3G phones – First SIM card: Gemplus 1989, MANY billions sold since

• Electronic passport, ID– PKI, Belgium by Axalto.– Biometric passports: required since October 2005.

Smart Cards


More Applications of a Smart Card

• Bank Cards [since 1984, Bull CP8]• Home Banking, Internet Shopping• PC access, corporate badge, secure email

PGP• Electronic purse, parking: [1996-] Proton[Be],

Geldkarte, later integrated with bank cards• First student card [restaurant, library, etc.]

– First in 1988, Italy, Bull CP8

Smart Cards


Smart Cards Market

Smart Cards


**Actors and Value Chain

Smart Cards


2004 Market Shares [before merger]


Microprocessor cards Market

1,566 million units

Axalto

Gemplus

G&D

OCSOrga

Incard

Others

23%

13%

5%

26%

20%

9%

4%

Smart Cards


***2007 Market Segments


[source: eurosmart.com]

Smart Cards


Market GrowthIn Volume: in M units shipped

In Value: in M €

Smart Cards


Industrial Standards [1]:=> Cards

Smart Cards


What is a Smart Card ?Set of standards ISO.• cards with contacts:

– ISO 7816-1..3

• contact-less:– ISO 14443 (proximity <10 cm)

– ISO 15693 (vicinity <1 m)– more…

• with and without contact:– ISO 7816-4..16

Smart Cards


ISO 7816-1

Size matters! Like a credit card.

Smart Cards


ISO 7816-1

Physical Characteristics:• operating temperature, humidity, etc…

» below are very severe requirements:

• bending properties (the chip can break• torsion properties or take-off)

» Consequences for the chip:

• silicon surface ≤ 25 mm2, ≤ 0.3 mm depth• small computing power, not Pentium 4…

Smart Cards


Manufacturing

Smart Cards


Bare Connectors

• The chip will be glued to the contact.

Smart Cards


Die Bonding

• Connections with gold wire (20 µm)

Smart Cards


Encartage

• Embed in a ¾ mm card.

Smart Cards


Encapsulation

• Embed in a ¾ mm card.(Encartage (Encartage (Encartage FrFrFr)))

Smart Cards


Plastic Matters

Smart Cards


ISO 7816-2

Contacts1.7 x 2 mm

[changed in 1990]

old AFNOR standard

Smart Cards


ISO 7816-2=> Freedom

Smart Cards


Contact Quality

• “Friction force” readers scratch the cards [contacts frottants]

• Landing contacts – much better [contacts atterrissants]

Smart Cards


ISO 7816-2 - Historical

C1 – VCC (+) C5 – GND (-)C2 – Reset C6 – VPP for EPROMC3 – CLK C7 – I/O (serial port a.k.a. ISO)C4 – ??? C8 - ???

Smart Cards


ISO 7816-2 – Evolution@2005-2009

C1 – VCC C5 – GNDC2 – RST C6 – [SWP -> antenna]C3 – CLK C7 – I/OC4 – [USB] C8 - [USB]

USB USB Samsung S-SIMsupports both+NAND+InterChip USB

Smart Cards


ISO 7816-3 and EMV/GSMVoltage and current supplied [I~clock freq.]:

• Class A: 5 V ±10% / 60 mA @5 MHz [ex. 200 mA]

• Class B: 3 V ±10% / 50 mA @ 4 MHz• Class C: 1.8 V ±10% / 30 mA @ 4 MHz

• EMV bank cards: always 5V, 50 mA• GSM cards: class A-C max current respectively:

10 / 6 / 4 mA ONLY! (heat, phone battery life).

Smart Cards


Power MattersSummary: • …• Bank card: 5 V, 50 mA• GSM SIM class C card (the latest): 4 mA• …• Even much less for contact-less cards !!!

(power supplied by an alternative magnetic field)

=>Very Low computing power !!! In contrast: modern PC CPU – up to 50 000 mA !

Smart Cards


Power MattersSummary: • Several 1000 x less power than an Intel CPU…

• Low surface (≤ 25 mm2)• Lower density (0.09 µm

vs. 0.065 µ SOI process for recent CPUs)

• 8 and 16-bit CPUs for very long time• 32 bits CPU only since 2003-4

Smart Cards


****Electrical behavior of contactsI/O: • Z=high- A=low, remains Z unless in transmissionCLK: • in/out capacity < 30 pF,

To switch on (no electricity until all are connected): • RST low, VCC high, no VPP, I/O = Z, CLK = 1…5 MHzTo switch off: • RST low, CLK low, VPP inactive, I/O = A, VCC low

Smart Cards


ISO 7816-3

CLK: • transition time < Max( 0,5 µs, 9% x period T)• at 1 during 40 % - 60 % of time.

– The card security should block if short impulses !

Clock speed:• First cards [1996]: 3.579545 MHz

(still@begin)

Smart Cards


Clock and Maximum Computing Power Avail.

Clock speed, NO co-processor:• 1990: 3.5 MHz, RSA-512, 2 minutes

Clock speed with co-processor:• 1996: 3.5 MHz, RSA-1024 in 500 ms• 2000: 7 MHz, RSA-2048 in 500 ms• 2004: 60-100 MHz, RSA-2048 in 50 ms • 200-400 MHz today, RSA-2048 in 10 ms

Smart Cards


I/O - ISO 7816-3Known as “ISO interface” of a card: simplified UART (serial port)Transmission of bytes:

Time duration of 1 bit = 1 Elementary Time Unit [etu]

N specified by TC1 in ATR

Smart Cards


ETU

etu = duration of 1 bit, by default 1 etu = 372 / Clock frequency Examples:• 3.5712 MHz/372=9600 bit/s• 3.5712 MHz/186=19200 bit/s• 3.5712 MHz/93=38400 bit/s• 3.5712 MHz/32=111600 bit/s

Smart Cards


ISO 7816-3Defines the ATR: answer to reset. Up to 33 bytes.

Must happen at 400 … 40,000 clocks after RST. ATR = a series of bytes transmitted in order b8..b1:• TS • T0 [presence of TA1-TD1 and 0..15 historical bytes]

– TA1– TB1 – TC1– TD1: like T0, specifies the presence of extra objects…

• TA2• etc…

Smart Cards


ATR Structure

XOR checksum

Smart Cards


TS specifies:TS [A+8+Z bits]: specifies the relationship between A/Z and 0/1 Z=high voltage, A=low voltage• Direct convention [Germany], where A=0, Z=1:

TS = ‘3B’; b1:b8= A(ZZAZZZAA)Z• Inverse convention [France], with A=1, Z=0:

TS = ‘3F’; b8:b1= A(ZZAAZZZZ)Z

Smart Cards


ISO 7816-3 - Highlights

In particular ATR specifies the comm. capacities: • T=0 or T=1• half[/full] duplex• clock speed• baud rate

Smart Cards


ISO 7816-3Communication Protocols Main two: synchronous, half/duplex

– T=0 (byte-oriented, e.g. GSM SIM), – T=1 (block-oriented, e.g. bank cards)

––– T=14 (proprietary for German phone cards)T=14 (proprietary for German phone cards)T=14 (proprietary for German phone cards)Recent developments: • T=2 (block-oriented, full duplex, cf. ISO 10536-4).

••• T=4, expansion of T=0T=4, expansion of T=0T=4, expansion of T=0

••• T=USBT=USBT=USB

Smart Cards


T=CL

• T=CL is used for talking to ISO 14443A/B cards with APDUs translated by the reader (totally hides the RF interface from the programmer, the card seems to be a card with contact!)

Smart Cards


T=0 or T=1?

Remark: – T=0 (byte-oriented)

• parity bits only

– T=1 (block-oriented) is ‘more modern’. • More error detection too: parity +

each block also has a CRC.

Smart Cards


ISO 7816-3

Baud rate:• 1996: 9.6 K bit/sec default, @beginning.• Then: 115 K bits/sec

• Outdated by Axalto patent: USB smart card: – First Axalto USB: 700 K bits/sec– Full-speed USB – up to 12 Mbit/s [since 2005].

• Not USB 2.0., it is just USB 1.0. full-speed.

Smart Cards


Example of GSM SIM ATR‘3B894014474732344D35323830’

Decoded:TS= ‘3B’ => direct encodingT0= ’89’= ‘1000’ll’1001’ => TD1 + 9 historical bytes

TD1= ’40’= ‘0010’ll’0000’ => TC2 present and protocol is T=0TC2= ’14’= ‘0001’ll’1110’ => waiting time 14 * 100 msT1…T9: ’47’ll’47’ll’32’ll’34’ll’4D’ll’35’ll’32’ll’38’ll’30’ =>

“GG24M5520” (these are the 9 historical bytes, sort of unique ID of this SIM card)

Smart Cards


ATR - More Examples"3B8F8001804F0CA000000306030001000000006A"

=> "Philips MIFARE Standard 1 K and London Oyster card””3B6500009C02020702"

=> “US Department of Defense Common Access Card,Axalto Cyberflex Access 32K V2, Sun Microsystems employee card”

"3B898001006404150102009000EE" => "German e-Passport April 2007",

"3B6D00000031C071D66438D00300849000" => HSBC MasterCard

"3F6525082204689000"

=> "France Telecom card“"3F65250052096A9000"

=> "French carte Vitale", "3BEF00FF8131FE4565631104010280000F274000030100E1"

=> “German Postbank Geldkarte","3FFF9500FF918171A04700444E415350303131205265764230423A"

=> "NagraVision card for StarHub Digital Cable DVB-C Singapore",

Smart Cards


Industrial Standards [1B]:=> Other Form Factors

Smart Cards


Form Factors and InterfacesUSB interface ISO, [USB], [RF]

ISO, [USB,RFRFRF]


a.k.a. ID-000 credit card form factor, a.k.a. ID-1

3FF - [telecom, not widely used]

ISO, [USB,RFRFRF]

VISA-mini a.k.a. ID-00

ISO, [USB,RFRFRF]

Smart Cards


Dimensions

Smart Cards


Industrial Standards [1C]:=> Contact-less

Smart Cards


Contactless Smart Cards

••• cards with contacts:cards with contacts:cards with contacts:––– ISO 7816ISO 7816ISO 7816---1..31..31..3

• contact-less:– ISO 14443 A-..C [Oyster, e-Passport]– ISO 15693 [NFC]– ISO 18000 [tiny RFIDs]– other…

Smart Cards


Two Types of Contactless Communication

• Capacity (electrical field)– Standardized, not widely used

• Needs the reader and the card to close and geometrically aligned.

• RF = electromagnetic waves– Much better:– it is not true that an Oyster card would not be able

to communicate if >5 cm from the reader, but it will typically not have enough power

(drawn from the magnetic field).

Smart Cards


Form Factors

key fob

Smart Cards


AntennaAntenna

large loop antenna

Smart Cards


Embedding the AntennaEmbedding the Antenna• Must be a LARGE coil

• SIM card: must be external (“NFC enabled mobile phone”)

Smart Cards


Double/Triple Interface Cards

E.g. corporate badge– Functionalities:

• Enter doors, • PC log-in, • PGP decrypt and sign

– Adopted worldwide, e.g. U.S. Army

ISO, USB, RF

ISO, RF

Smart Cards


Contactless InterfaceContactless Interface

• ISO 14443 (Oyster, e-Passport)• ISO 15693 (NFC)• ISO 18000 (tiny RFIDs)

Smart Cards


ComparisonComparison

Smart Cards


• UHF 860 - 915 -… MHz (EPC)– Pros: large range, simple antenna

design, cheap, – Cons: bad penetration of water and

organic fabric

• 100-135 kHz, ISO 11784/85– Pros: penetrates water and organic

fabric, relatively insensitive to metallic objects

– Cons: low transmission speed, wire coil antenna, cannot be printed

• 13.56 MHz, ISO 15693, ISO 14443A,B– Pros: faster communication (26 kBit/s), – Cons: high absorption by metallic

environment, few cm range, or a large antenna needed

****Pros and Cons of Different RFID Technologies****Pros and Cons of Different RFID Technologies

Smart Cards


• UHF 860 - 915 MHz (EPC)– UCode HSL/EPC, – EM 4222/4223, – EM 4442/4444

• 100-135 kHz, ISO 11784/85– HITAG,– HID Prox,– EM 4102/01,...

• 13.56 MHz, ISO 15693, ISO 14443A,B– MIFARE,– LEGIC,– iCode,– HID iClass,...

****Some Products on the Market****Some Products on the Market

Smart Cards


*Visual Security

Smart Cards


Secure Printing [Source: Oberthur]

Smart Cards


***more details…

Smart Cards


***more details…

Different on each card:

Smart Cards


Low-Level and Physical Security

Smart Cards


Main Function of a Main Function of a Main Function of a Smart Cards ==== to be = to be = to be “““a a a secure hardware devicehardware devicehardware device”””...

1.1.1. ”””intelligentintelligentintelligent””” (Smart): the card (Smart): the card (Smart): the card ––– handles computations (e.g. crypto)handles computations (e.g. crypto)handles computations (e.g. crypto)––– manages data (OS, file system, access rights)manages data (OS, file system, access rights)manages data (OS, file system, access rights)––– takes informed security decisions (takes informed security decisions (takes informed security decisions (………block itself !)block itself !)block itself !)

2. Hopefully ”unbreakable” : nobody can know/modify what is inside.

USB interface ISO, [USB], [RF]

ISO, [USB]


credit card form factor

Smart Cards


Remark:

There is no defense against an adversary that has several millions of €…

Smart Cards


Removing the Chip

Smart Cards


Making the Chip Harder to Extract:

Oberthur Potting™ claims:• improves durability [harder to break] • any attempt to remove the module from the card would

result in totally destroying it

Smart Cards


Reverse Engineering

Smart Cards


Open-source � Closed-source

Industry: competition � cooperation

Standards

�

Industrial/commercial/trade/security secrets

Smart Cards


*Open Source vs. Closed Source

Smart Cards


Kerckhoffs Principle

Dutch cryptologist, wrote his book in French.

In June 2006 Dutch researchers De Gans et all, have published several cloning attacks on MiFare Classic chips [London Oyster card + 200 M other].

[first cloning attack: Courtois, Nohl and O’Neil, April 2008].

Smart Cards


Kerckhoffs principle: [1883]

“The system must remain secure should it fall in enemy hands …”

Smart Cards


*Remark:

Smart Cards:

They are already in ‘enemy’ hands

- even more for RFID…

Smart Cards


Kerckhoffs’ principle: [1883]

Most of the time: incorrectly understood. Utopia. Who can force companies to publish their specs???Who can force companies to publish their specs???Who can force companies to publish their specs???

No obligation to disclose.

• Security when disclosed.• Better security when not disclosed???

Smart Cards


Yes (1,2,3):

1. Military: layer the defences.

Smart Cards


Yes (2):

2) Basic economics:

these 3 extra months(and not more �)

are simply worth a a lot of money.

Smart Cards


Yes (3):

3) Prevent the erosion of profitability

/ barriers for entry for competitors / “inimitability”

Smart Cards


Kerckhoffs principle is kind of WRONG in the world of smart cards

Reasons: • side channel attacks are HARD and COSTLY to

prevent when the algo is known• in some applications, for example Pay TV the

system is broken immediately when the cryptographic algorithms are public.

Smart Cards


*Silicon Hacking

Smart Cards


Tarnovsky Lab

Only few thousands of dollars of equipment

Smart Cards


Tarnovsky (and Other Professional Chip Hackers)

Few thousands of dollars of equipment• Surface polishing• HydroBromic acid to eat away the passivation layers• A microscope for pictures:

– the successive layers of silicon are revealed with acids and lasers

• Doping guns to cut/add traces to a working IC• Stinger: bypassing the protections with long microscopic needles.

Smart Cards


More Expensive:

• Atomic Force Microscope(20 K€ - 1 M€)

• FIB device (Focused Ion Beam, 0.5 M€)Canal+ Technologies Lab

Smart Cards


FIB:Example resolution: 10 nm Classical applications: failure analysis of ICC

But also: circuit modification:• Local material removal:

– cutting metal lines, milling, gas enhanced etching

• Local rebuilding/rewiring of the device– new metal interconnects

– new insulating layers

• Fine tuning of analog components: decrease/increase R or C…

• Reading (electron image)• Art: writing on the nm scale:

Smart Cards


Can Do Anything?

In theory a FIB does anything. Including read/write memory?

But only in theory.

Not so easy: • The IC has many layers (!)• Security is hidden in inner layers(!)• Can you do many operations reliably enough

to achieve your goal?

Smart Cards


Reverse Engineering

Smart Cards


Clear and Present Danger:

Reverse engineering is NOT that hard.No no need for a FIB device

(Focused Ion Beam, 0.5 M€).

A few thousand dollars microscope will suffice.

Smart Cards


Reverse Engineering MiFare [Nohl, Plotz, 2007]

Smart Cards


Hardware Defences

Smart Cards


Hardware Countermeasures:

Make the life of the hacker much harder.

Financial sector requirements:• attacks should cost more than

say 25 K$ per card…

Smart Cards


Functionality + Security

Smart Cards


Hardware Countermeasures

Detection:• Detect under/over-clocking (stop the clock, read the (stop the clock, read the (stop the clock, read the

RAM)RAM)RAM)

• Random instructions, and Random Wait States [e.g. Infineon SLE66].

• Detect low/high voltage [<2.3 V or >6.3 V].• Glitch/spike detect• Detect UVs, light, alpha particles, high/low

temp etc.

Smart Cards


Intrusion Detection

Smart Cards


More Hardware Countermeasures1. Shield/coating.

– Detect if “passivation layer” was removed. • R/C measurements.

2. Metallic layer: screens for charges/radiation.

– Needed and monitored:• R/C measurements.

3. Active shields=detect tampering with.– Mesh of wires: prevents probing, attacks with a laser

cutter, etc.

4. Detection + Destruction???

Smart Cards


Active Shield

Source:Infineon. Problem: back side attacks.Problem: back side attacks.Problem: back side attacks.

Smart Cards


**Intrusion Detection on PEDs (Pin Entry Device)

Anderson et al. UCAM-CL-TR-711

2/2008this way

not this way…

works!

Smart Cards


More Hardware Countermeasures

4. Detection + Destruction??? – Chemical traps: SiShell [Axalto patent].

Smart Cards


**** Related Example• UK Military Laptop LT-450 (Termite)• A laptop + hardware crypto module

– secret algo!– secret key

• Has tamper switches: – the key and the algo will be deleted

• Manual destruction: • press two buttons at the same time• mechanism works also

when PC is switched off and does not need the battery

Smart Cards


***Example Closer to Smart Cards2006

Smart Cards


Design Obfuscation• Restricted circulation of specs.• Non-standard instruction set. • Custom crypto algorithms.• ROM and busses in lower layers of silicon.

– Only “ion-implanted ROM” is used, not visible with UV light.

• Scrambling the data busses.– in each chip different lines, on certain chips the busses location changes during the execution of the code.

• Dummy structures in silicon.• Duplication• Symmetry -> same power consumption.• Memory Obfuscation:

– Encrypt the memory addresses.– Encrypt the memory data.

Smart Cards


Robustness and RedundancyGoals:• Avoid perturbation at logical level:

– Control bits, error correcting– Dual logic, also protects against power attacks.

• Detect perturbation at the OS and software level and block the card…– Data checksums, – Redo DES twice, – Etc..

Security of file system and OS: later.

Smart Cards


More and Higher-Level Security Countermeasures

Smart Cards


Motivation:

Most Bank Cards have a PIN verification function.

PIN

Y/Nnot authenticated except in EMV DDA cards

not encrypted except in some EMV DDA cards

Smart Cards


Critical Bits and Pieces

• Example: PIN verification.• Can be implemented in asynchronous logic

[dedicated transistors/gates]– much lower power consumption, – in a lower layer and much harder to localize– requires a dedicated hardware attack

• as apposed to a generic attack on CPU registers, busses, loading to memory, etc..

Smart Cards


PIN code – Simple Hacker Attack [1992]

• Enter the PIN with a home terminal.• “Listen to” card radiation/power consumption to

detect early in time that it was wrong.• Switch the voltage off very quickly.

Solution?

Smart Cards


PIN code – Simple Hacker Attack [1992]

••• Enter the PIN with a home terminal.Enter the PIN with a home terminal.Enter the PIN with a home terminal.

••• “““Listen toListen toListen to””” card radiation/power consumption to card radiation/power consumption to card radiation/power consumption to detect early in time that it was wrong.detect early in time that it was wrong.detect early in time that it was wrong.

••• Switch the voltage off very quickly.Switch the voltage off very quickly.Switch the voltage off very quickly.

Countermeasure [used in all bank cards]:• Increment the ratification counter first• Check the PIN• The decrement it(!).

Smart Cards


Increment First? Slight Problem

• this could not be done, the first French bank card B0 had no NVM!

• They used an array of 480 bits, – where at each PIN verification attempt, a bit

would be irreversibly changed (EEEPROM).– after 480 (right or wrong) attempts, the card

would stop working

––– also they had a limited history 768 bytes, 4 bytes also they had a limited history 768 bytes, 4 bytes also they had a limited history 768 bytes, 4 bytes per transaction, 2 transactions/week.per transaction, 2 transactions/week.per transaction, 2 transactions/week.

Smart Cards


Timing Attack on PINs

[old, worked before c. 1990]• Bad programming: compare PIN digits one

after one, if first is incorrect, abort! • Good programming: write a program such

that the execution time is constant.

Smart Cards


PINs and Keys – Storage in RAM

• E2PROM of the smart card: assume addresses and data are encrypted.

Attack 1: read it (assume it’s possible)• Solution 1: store h(PIN)?

– Attack 2: dictionary attack.

• Solution 2A: store R, h(PIN,UID,R)• Solution 2B: store R, E_K(PIN,R)

where K is a key specific to this card only

Smart Cards


Protocol/Software Countermeasures

• Typically, the chaining of commands is strictly controlled. Each command can be issued only once, and in a certain order. – Assured by a finite state machine.– Example: don’t accept commands in clear-text

once secure messaging is established.

• The spec should not allow buffer overflows.

Smart Cards


***Example: Conformity Test

The test verifies the enforcement of Secure Messaging:

Afterwards the chip denies to send data in an unencrypted way and answers with 6X XX (error).

Not enough: make sure that the same error code is sent in the same situation!

Smart Cards


Example:

Eric Poll [Nijmegen] Attacks on e-passports.Send various ISO commands, observe the error messages:

Smart Cards


Clone Attacks

Smart Cards


More Hardware Countermeasures

• Unique serial number– Written in WORM (Write Once Read Many)

a.k.a. OTP (One Time Programmable). – Example: Oyster card UID=32 bits Benefits are:⇒ clones harder to make⇒ and can blacklist clones⇒ tracing of each card⇒ card-dependent memory encryption, hashing and RNG

Smart Cards


Threats (1.)Assume that we have all the data. Clone the card? 1. Card Emulation on a card – defenses:

• unique ID, cards that can be personalized not available => • requires a special re-programmable card,

• or a pirate emulator

-speed, +size, +cost, etc.

Smart Cards


Threats (2.):Assume that we have all the data. Clone the card? 1. Card Emulation on a card ???2. Card Emulation on a PC!

Smart Cards


Threat 3. Relay AttackLow-tech, always works!

No Need to Break Anything !!!

Smart Cards


Has Been Done…

Smart Cards


Economics Aspects

Smart Cards


*Cost of Some Attacks [source: RFI Global]

Smart Cards


*Cost of Fault Attacks [source: ST]

Smart Cards


Security Management -the Development Process

Smart Cards


Secure Hardware Dev. Management[In smart cards] one design criterion differs from the criteria used

for standard chips but is nonetheless very important is that absolutely no undocumented mechanisms or functions must be present in the chip ('that's not a bug, that's a feature').

Since they are not documented, they can be unintentionally overlooked during the hardware evaluation and possibly be used later for attacks.

The use of such undocumented features is thus strictly prohibited[...]

[pages 518-519 in the Smart Card handbook by Wolfgang Rankl and Wolfgang Effing, 1088 pages, Wiley, absolute reference in the industry]

Smart Cards


Testing• White-box tests are prohibited, no debugging commands

must be left in the hard-mask and soft-mask. • Tests must be black-box tests and test suites include

scanning for hidden [debugging] commands.

Smart Cards


Application Development ManagementGoals:• Avoid backdoors, Trojans, covert channels, bugs

etc.• Kleptography: techniques to leak keys to the

attacker, • form of perfect crime.

Means:• Segregation of duties [Lipner 1982].• Monitoring.

Smart Cards


Segregation of Duties

• Never one developer works alone on an application.

• he knows only some parts of the spec (partial secrecy, “need to know”).

• Some critical security mechanisms can be distributed: part in hard mask(ROM), part in soft mask, harder to know both…– the chip manufacturer does NOT have the full

spec either.

Smart Cards


Monitoring / Checks and Balances• Internal quality and security audits within each company.• The entire source code is frequently inspected by an

independent company: – government agency [such as GCHQ] or – an evaluation (or hacker) lab [such as CEA-LETI]

• mandated and paid by the customer [to avoid conflicts of interests].

• Some countries have a process to evaluate these labs (they have to prove that they can break smart cards as well as other people do).

• External security audits (mandated by a customer: for example a large bank).

Smart Cards


File System

Smart Cards


Data in smart cardsThink about sequences of bytes.BER-TLV conventions [ISO 8825]

T – Tag, for example “90” in hex.L – 1 or 3 bytes. Let L[0] be the first byte

MSB(L[0])=0, L[0] = length 0-127,MSB(L[0])=1, L[1-2] = length 0..65535

V – value, a string bytes.

TLV objects can be nested !

Smart Cards


ISO 7816-6

Specifies how to encode different data elements as BER-TLV objects,

For example:• Name of the credit card holder• Expiration date• Etc.

Smart Cards


ISO 7816-4

File names FID: • 2 bytes• example: ‘3F 00’

Short file names (SFID): – 5 bits, 1..30, used as

a parameter in certain commands

Smart Cards


ISO 7816-4

• MF: Master File(root directory “3F00”)

• DF: Dedicated Files(directories+some data)

• EF: Elementary Files(data files)

Smart Cards


Elementary Files

EF: Elementary FilesNot all files are visible for applications(!)

– Internal EF: card private files, card O.S. only can see them

– Working EF: data accessible to applications that communicate with the external world.

Smart Cards


Example: GSM Card [incomplete picture](cf. 3GPP TS 51.011

standard)

Smart Cards


Some Directories in a GSM CardImportant directories:

• root directory : 3F 00

• DFGSM = 7F 20

• DFTELECOM = 7F 10.

First byte: • '3F': Master File;

• '7F': 1st level Dedicated File

• '5F': 2nd level Dedicated File

• '2F': Elementary File under the Master File

• '6F': Elementary File under a 1st level Dedicated File

• '4F': Elementary File under 2nd level Dedicated File

Smart Cards


ISO 7816-4 – Files (EFs)

4 types

like RAM, or a string of bytes

“records”, with specific instructions and applications…

Smart Cards


2 Types of Fixed-Size Entry Records

2 types of records:

• Linear Fixed file– Like a list

• Cyclic Fixed file: – Motivation:

• fixed E2PROM size, scarcity

– Applications: • Bank card history

– e.g.150 last transactions

• all SMS sent/received• etc..

Record 1

Record n

Record 2

.

.Body

Structure of a linear fixed file

Header

Record n-1

Record n-2

Record n

Record 1

Record 2..

Body

Last updated record

Structure of a cyclic file EN726-3

Oldest record

Header

Smart Cards


GSM Card: Some Files Inside DFGSM• EFIMSI (6F07)• Le fichier EFLOCI (6F7E) contains TMSI, LAI etc.• EFLP(Language preference)• EFKc = Ciphering key Kc + sequence number• EFSST (6F38) = SIM service table = 1byte = [s1present, s1active, …]

= ‘services’ present/not active/not in this card, these are:– Service n°1 : disable user’s PIN == CHV1

– Service n°2 : Abbreviated Dialing Numbers (ADN)– Service n°3 : Fixed Dialing Numbers (FDN)– Service n°4 : Short Message Storage (SMS)

• EFACM = Accumulated Call Meter, in units• EFMSISDN = the subscriber’s MSISDN.• etc..

present inDFTELECOM

Smart Cards


Some Files Inside DFTELECOMThis directory is protected by PIN(!)

• EFADN(6F3A) your short phone directory (10 entries),• EFFDN(6F3B) your phone directory• EFSMS(6F3C) all the SMS received and sent, cyclic file

Record n-1

Record n-2

Record n

Record 1

Record 2..

Body

Last updated record

Structure of a cyclic file EN726-3

Oldest record

Header

Smart Cards


File Access and Access Conditions

Smart Cards


Accessing Files: SELECT FILE – FCI/90 00General philosophy: Almost always one must select a file before any operation on it… (MF is

selected at the start)• SELECT FILE + params• Response: either:

– 90 00

– FCI = File Control Info = status of the file selected, • exact spec [attributes and their encoding]: depends on the smart card, e.g. GSM.

• STATUS command (C0 F2) - GSM specific: – allows to know (to avoid confusion) what file was selected with the last

SELECT command.

Smart Cards


VariantsThere are MANY methods to address a file with SELECT FILE:• by 2 bytes FID (for MF, DF and EF)

– 0_ A4 00 …• By DF name or AID (for DF only or an application)

– 0_ A4 04 …– 0_ A4 02 …

• by absolute path from MF– 0_ A4 08 …

• by a relative path from current DF– 0_ A4 09 …

••• Switch to higher level DF? (equiv to ../ in PC OS)Switch to higher level DF? (equiv to ../ in PC OS)Switch to higher level DF? (equiv to ../ in PC OS)

••• ……… another DF when partial AID is transferred?another DF when partial AID is transferred?another DF when partial AID is transferred?

Smart Cards


Examples: SELECT FILE1. Example of a SELECT FILE with FID and FCI, for a GSM card:

• Command: C0 A4 00 00 02 6F 07

• Response: This command returns the FCI.

2. Example of a SELECT FILE with AID and no FCI (widely used for accessing files AND applications by their unique identifier):

• Command: 00 A4 02 00 05 [AID]

empty params.SELECT FILE

GSM cardlength + FID == file identifier on 2 bytes‘6F 07’ = IMSI file of this SIM card

specific params.SELECT FILEISO command

length + AID, if no ambiguity, a prefix of a valid AID can also be accepted

Smart Cards


FCI and Access Conditions for EF files

Smart Cards


Status of EF Files

SELECT FILE command for an EF file =>returns:

1. an error command:• 62 83 – file deactivated• 64 00 – execution error

• 6A 81 – function not supported• 6A 82 – file not found• etc..

OR2. an FCI (File Control Information) + 90 00(each EF file in a card has specified access conditions):

Smart Cards


FCI (File Control Information) for EF files

May contain (examples, mostly optional)• “80”+2 bytes: size of the file• “82” + 2 bytes: file descriptors, e.g.

– shareable/not – type of file: DF/working EF/internal EF– EF structure

• “83” + 2: file identifier.• “84” + 1-16: DF name.• “86” + security attributes (proprietary coding).• etc..

Smart Cards


*FCI Attributes [contd.]• “86” + security attributes (proprietary coding).Files can be:• WORM (Write Once, Read Many times)

– implemented in hardware or software

• EDC (Error Detection Code)• atomic write access

– Security: must written entirely or not at all (!!!)

• multiple storage attribute– for frequently used files in the card, ‘wear-level’ usage of E2PROM

• data transfer selection attribute– on dual-contact cards, to make file accessible only via contact or

contact-less interface

Smart Cards


Examples of FCINot 100% compatible, depends on products…• 6F 07 80 02 00 58 82 01 01 90 00

– EF with transparent structure, file size: 88 (0x0058)

Example of GSM FCI (22 bytes = 0x16):• 00 00 00 01 7F 20 02 00 00 00 00 00 09 91 00 11 08 00 83 8A 83 8A

Can be decoded according to GSM spec: Can be decoded according to GSM spec: Can be decoded according to GSM spec: ••• ………••• Byte 14: The most significant bits of is 0 if an only if PIN1 isByte 14: The most significant bits of is 0 if an only if PIN1 isByte 14: The most significant bits of is 0 if an only if PIN1 is disabled.disabled.disabled.••• ………••• Byte 19 = is the "CHV1 statusByte 19 = is the "CHV1 statusByte 19 = is the "CHV1 status“““. . .

––– Typically the value of this byte is '83' where 8 means that the Typically the value of this byte is '83' where 8 means that the Typically the value of this byte is '83' where 8 means that the PIN1 has been PIN1 has been PIN1 has been initialized, and that there are 3 cardholder verification attempinitialized, and that there are 3 cardholder verification attempinitialized, and that there are 3 cardholder verification attempts left for this ts left for this ts left for this PIN.PIN.PIN.

Smart Cards


Files Security Status

Smart Cards


Security of Files in Directories“Security status” of a file results from the sequence of commands

performed (e.g. authentication of entities) and their results. It can be:• Global: may be modified after a completion of a certain authentication

command (or other secure functionality), • Examples (studied later):

» VERIFY + PIN, » GET CHALLENGE + EXTERNAL AUTHENTICATE)» only if the commands are embedded inside SECURE MESSAGING channel (normal APDUs

with encryption AND authentication with a MAC)

• a secret key/value stored in the MF is used to perform this cryptographic command.

• Directory-specific, • then the key/PIN used is stored in the same DF.

• File-specific (EF).• Command-specific and ephemeral.

Example:

Smart Cards


Security of Files in DirectoriesExample: Access conditions for a given file or directory

+ given access mode (e.g. WRITE):

• PRO: An external command can write a file if the MAC of this command is valid. • AUT: File accessible R/W if the terminal authentication have been done before.• CHV: This file can be read if the user have entered the Pin and if it was correct.

••• CHV2: The same with the second PIN (exists in GSM).CHV2: The same with the second PIN (exists in GSM).CHV2: The same with the second PIN (exists in GSM).

••• ADM: requires the admin code number (up to 14 exist in GSM, TelcADM: requires the admin code number (up to 14 exist in GSM, TelcADM: requires the admin code number (up to 14 exist in GSM, Telcooo’’’s access)s access)s access)• NEV (access to some files can be disabled forever)

• ALW (always), public access (at least in this mode, e.g. READ).• Other conditions may exist in a specific card…

Smart Cards


Security and Access to Files:

Example [root directory]:

Smart Cards


MACs = “Secret-Key Signatures”

MAC algorithm

m

sk(secret key)

MAC algorithm

sk(secret key)

σ

(m,σ)

yes/no

forgery

Smart Cards


MAC = secret key “signature”Several methods: CBC-MAC, C-MAC, Retail-MAC, etc.

Based on symmetric encryption algorithms such as DES, AES.

ICV

C-MACwith chaining ICV=last MAC

this MAC guarantees the

order of commands too!

(cannot add, cannot remove except at the end)

Smart Cards


MAC and IVImportant:• Never use a random IV in a MAC.

– IV = 0 is a safe choice. – Or another constant.– Do use random IVs in encryption.

• Exception to this rule: – In many smart card products MACS are chained: – ICV = last MAC computed by the card/reader, prevents changing the

order of commands or dropping commands etc.••• together with random numbers (nonces) also prevents full reply otogether with random numbers (nonces) also prevents full reply otogether with random numbers (nonces) also prevents full reply of a full f a full f a full

transaction flow.transaction flow.transaction flow.

Smart Cards


*Example – how a card will enter mode PRO:Terminal Card

ASK RANDOMcommand

Challengegeneration

(T)DEScalculation

Challenge

PRO key

Cryptogram

PRO command

OK?

Compare thecryptograms

Delete flag randompresent

Data + cryptogram

EF key

PRO Key

Challenge

PRO mode OK

Bad Authentication

N

Y

(T)DEScalculation

Data tosent

Data

Receivedbytes

Data

ReceivedCryptogram

Decreaseratification counter

Reset ratificationcounter if needed

Smart Cards


*Example – entering mode AUT:

Terminal Card

ASK RANDOMcommand

Challengegeneration

(T)DEScalculationAUT mode

Challenge

TerminalKey

(T)DEScalculationAUT mode

Certificate

EXTERNALAUTHENTICATE

command

Compare thecryptograms

Delete flag randompresent

Cryptogram

EF keyKey number

+Cryptogram

Card Key

Receivedbytes

Keynumber

OK?

Authenticationsuccessful

Bad Authentication

N

Y

Decreaseratification counter

Reset ratificationcounter if needed

Smart Cards


Commands (APDUs)

Smart Cards


Commands - ISO 7816-4APDU = Application Protocol Data Unit

Master-slave principle. Half-duplex. • The card never starts anything.

Smart Cards


ISO 7816-4APDU = Application Protocol Data Unit

CLA = 1 byte, identifies the applicationINS = 1 byte, instruction codeLc = size of data, 1 or 3 bytes

Le = size of the expected answer, 1 or 3 bytes.

Smart Cards


CLA byte and ‘Logical Channels’

CLA is 1 byte that:

• identifies the application – so remains constant (though 1 application can have several ‘channels’),

• is an indication to what extent the command and the response complies with ISO 7816-4– Examples: ‘0X’ standard ISO, ‘A0’ in GSM,

‘80’ e-purse EN1546-3, ‘BC’ old EMV bank cards, ‘80’ and ‘84’: EMV bank cards ‘8X’: proprietary commands

CLA=‘0X’, 48X’ and ‘9X’, ‘AX’ use so called ‘logical channels’: • Let X=b4b3b2b1

– b4 b3 indicate if Secure Messaging is used and if the command header is also authenticated

– b1 b2 indicate the number of logical channel 0..3• Application: concurrent communication with multiple applications (or concurrent

execution of multiple tasks). Example: mobile phone talking to phone book another application [can be Java] stored on the SIM card.

Smart Cards


Command APDUs

Lc = size of data, 1 or 3 bytes

Le = size of the expected answer, 1-3 bytes.

4 cases

Smart Cards


C-APDU INS ExamplesWhen CLA=0X0E2070828488A4B0B2C0C2CAD0D2D6DADCE2

Erase Binary Verify Manage Channel External AuthenticateGet Challenge Internal AuthenticateSelect File Read Binary Read Record(s) Get Response Envelope Get Data Write Binary Write Record Update Binary Put Data Update Record Append Record

Smart Cards


Response = R-APDUResponse structure:

• SW1: 90=completed/OK with warning/error during exec/checking error;?NVM changed[63,65]

• SW2: error number

90 00 = All OK

Smart Cards


IMPORTANT:In many cases, and in all cases where the size

of the answer is not known in advance,The response is NOT given,

the terminal must ask for it (another C-APDU).

Example (for a bank card):

Smart Cards


5 Possible Cases:Case 1: No input data/no output data

Case 2: No input data/Output size known in advance:

Case 3: No input data/Output size not known:

Smart Cards


Case 3: 2 x C-APDU, 2 x R-APDU:Card

ACK = 9000

2 status bytes

ACK = 9000

Data

2 status bytes

TerminalCommand APDU

Data

Request the Answer APDU

wait for completion

wait for completion

Smart Cards


[…] 5 Possible Cases

Case 4: Input data/no output:

Case 5: Input data/Output size known or unknown:

Smart Cards


Standard Cross-IndustryCommands

Smart Cards


ISO 7816-4 Inter-industry Commands

For transparent linear files: • READ BINARY• WRITE BINARY* • UPDATE BINARY = real WRITE• ERASE BINARY• SEARCH BINARY

**VERY SPECIAL:VERY SPECIAL:as Eas E22PROM isPROM is10001000times times slowerslowerto writeto write than RAM, than RAM, and it is the change from and it is the change from

00→→1 that is slow (requires 1 that is slow (requires erasing)erasing)

Thus the command WRITE Thus the command WRITE performs a logical AND performs a logical AND

with the current file with the current file content!!!!content!!!!

Smart Cards


Syntax: Read/Write

• READ BINARY

• UPDATE BINARY (overwrite=real write)

Smart Cards


ISO 7816-4 Inter-industry CommandsFor records (2 types): • READ RECORD• WRITE RECORD• APPEND RECORD• UPDATE RECORD• SEEK• SEARCH RECORD

Smart Cards


ISO 7816-4 standard commands

For application-specific data objects.• GET DATA• PUT DATA

Smart Cards


Security Commands

Smart Cards


Authentication

R: deny

W: deny

R: allow

W: allow

Smart Cards


Cardholder Authentication

On-card PIN/Password verification.

PIN

not encrypted except in some EMV DDA cardsnot encrypted except in some EMV DDA cardsnot encrypted except in some EMV DDA cards

Y/Nnot authenticated except in EMV DDA cardsnot authenticated except in EMV DDA cardsnot authenticated except in EMV DDA cards

Smart Cards


ISO 7816-4 Security Commands

Authentication Card Holder => Card

• VERIFY + password/CHV/PINBTW. CHV == Card Holder Verification == PIN

• Example: 00 20 00 00 04 70 61 70 61

4 bytes password = ‘papa’)

no L_e, no data in reply expected, result will be visible in two status bytes SW1SW2

must be 0INS

CLA authenticates the whole MF if b7=0, PIN stored in MF

Smart Cards


Challenge-Response a.k.a. Dynamic Authentication Card=>External World

randomB

A B

A, MACK(randomB)KK

Smart Cards


****Exists in GSM, but a non-standard dedicated command

A3 A3Ki Ki

challenge RANDSIM card

Signed RESponse (SRES)

are = ?

• RUN GSM ALGORITHMExample: A0 88 00 00 10 XX …………….XX

16 bytes random nonce

no L_e, no data in reply expected, result will be visible in the status bytes = 0x9F Le

both 0INSCLA

Smart Cards



Authentication Card => Terminal

• INTERNAL AUTHENTICATE + random challenge algo nb. + key nb.– Produces a cryptogram/MAC, proves the identity of the

card.• Example: 00 88 00 00 04 A3 02 AF D1 04

crypto algo nb.

authenticates the whole MF if b7=0, key stored in MF

INS

CLA

random challenge on 4 digits

the reply should be 4 digits/bytes too

Smart Cards



Challenge-Response Authentication:Terminal => Card

• GET CHALLENGE

• EXTERNAL AUTHENTICATE+ algo nb. + key nb. + cryptogram

Smart Cards


Example:

• GET CHALLENGE• Example: 00 84 00 00 10

• EXTERNAL AUTHENTICATE• Example: 00 82 00 00 04 01 02 03 04

crypto algo nb.

authenticates the whole MF if b7=0, key stored in MF

INSCLA

our cryptogram on 4 bytes

no data to recover in reply, OK/not OK seen as 2 status bytes.

LE = it expects 16 digits randomboth are 0INS

CLA

Smart Cards


Unilateral AuthenticationHistorically very popular.Examples:• password -> login

––– OK if we trust the browser + the DNS, OK if we trust the browser + the DNS, OK if we trust the browser + the DNS, ••• or a PK certificateor a PK certificateor a PK certificate---based secure tunnel is needed.based secure tunnel is needed.based secure tunnel is needed.

• SIM card -> GSM base station (fixed in 3G)• offline bank card transactions -> Point of Sale terminal

Problems: • login page spoofing etc.• false GSM base stations, • false ATMs,

Smart Cards


Uni-directional vs. Mutual Authentication

statement1,

[interactive] proof1

statement2,

[interactive] proof2

K

K

Smart Cards


Mutual Authentication in One Piece

Mutual Authentication

Smart Cards



Mutual Authentication:Terminal <=> Card

The sequence:• GET CHIP NUMBER• GET CHALLENGE• MUTUAL AUTHENTICATE + params

Smart Cards


Read/Write => Secure Read/Write, CLA=04

Smart Cards


Secure Messaging

=> starting from now, all read/write commands & data are encrypted…

encrypted

[Mutual Authentication]+

Shared Key Derivation

Smart Cards


Encapsulation of ISO 7816-4 Commands

Commands and answers contain another embedded APDU command (or part of it):

• GET RESPONSE for an embedded command

• ENVELOPE – sent an encrypted APDU• Example: 00 C2 00 00 10 ……………

some data, length = 16both are 0INS

CLA

no data to recover in reply, only 2 status bytes.

Smart Cards


***Case Studies:GSM

Smart Cards


Some More GSM Commands (CLA=‘A0’)

CHV1=user PINCHV2=second PIN

Smart Cards


GSM Security

A3

Mobile Equipment

GSM OperatorAuthentication Center

A8

A5

A3

A8

A5

Ki Ki

challenge RAND

KcKc

mi Encrypted Data mi

SIM card

Signed RESponse (SRES)

SRESSRES

Fn Fnare = ?

precomputed triples:(RAND,SRES,Kc)

Base Station

Smart Cards


SIM Card Side

secret key

Triples RAND, SRES, Ki are stored in BS

Data with redundancy: terrible mistake…

data block of 114 bits.

Smart Cards


Running the Secret Algorithm (with secret key)

Both (key+algo)remain secret at all times.

Custom-made!

Smart Cards


Authentication Algorithms

Some operators used COMP128 v1, the default algorithm.• Very bad, there are several attacks

[Briceno,Goldberg,Wagner].• Some never published attacks existed only in a form of an

exe file, better than any published attack – less queries to the card!– I’ve developed such attacks myself, they were never published

(sorry…).– Gemplus patented and commercialized a strong key solution

Encryption AlgorithmsIn the phone.

Smart Cards


Embarrassing Discovery

What was discovered before [SDA-Berkeley 04/98].• Keys generated were not 64 bits.

– 10 bits fixed to 0 => 54 effective bits.

• The limitation was implemented in both AuC (authentication Centers) and in SIM cards.

• Later most operators have, by now, increased the size of their keys to 64 bits (also changing the algorithms or not). – It appears that the key is 64 bits starting from COMP 128 v3 and also

in most recent proprietary algorithms. – But one should check if they did!

Let’s do it.

Smart Cards


Embarrassing Discovery

• Keys generated by typical UK and French cards (I’ve checked many): 64 bits.

• Key in Polish Orange card: 64 bits.• All Chinese cards checked: 64 bits.

But many keys are still 54 bits: Examples I’ve seen myself:

• SIM I bought in Russia in 2007 (operator = “MTC”): • Estonian card, operator=“simpel”, 2009• Greek Vodafone SIM, 54 bits as well...

Smart Cards


Contactless Commands

Smart Cards


High-Level APDUNo difference, the reader “translates” the commands.Example: MiFare Classic access:

Smart Cards


Low-Level CommandsSent over the air.Example:nfclib+ACR122

+MiFare Classic

> 26< 0400> 9320< CA1C46D141> 9370CA1C46D141 (CRC)< 08 (CRC)> 6000(CRC)< 24D2783A> CF80E99F1AA2A1F1> …

UID

Smart Cards


**Case Studies:Oyster Card

Smart Cards


**Contact**Contact--less Authentication less Authentication -- HistoryHistory

IFF: Identify Friend or Foe (1942)

Challenge--Response

problem: relay attacksproblem: relay attacksproblem: relay attacks

Smart Cards


**Mutual Authentication + Secure Messaging

=> starting from now, all read/write commands data is sent encrypted…

tag random 32 bits

tag resp. 32 bits

encr. rdr random + rdr resp. 2x32 bits

card ID 32 bits

Smart Cards


**FactsBest Attack:

– Multiple Differential Attack by Courtois, in SECRYPT 2009.

• card-only attack, • 300 queries to the card,

– very fast!!!» but precise timing needed.

– Can be combine with Nested Authentication attack by the Dutch Nijmegen group.

Then the whole card can be cloned in 10 seconds.

Smart Cards


Smart Card O.S.

Smart Cards


Modern Multi-Application O.S.• MULTOS

– originally developed for e-purse Mondex [UK]– High level of security, EAL6 for some chips

• Open Platform – promoted by Visa et al.

• JavaCard• popular in GSM• banks never wanted 3rd party applications on their

cards… problems: branding, ownership, risks…

• Windows for Smartcards– commercial fiasco, abandoned

Smart Cards


Further Smart Card Standards

Smart Cards


ISO 7816-5Specifies AIDs (Application IDentifier)• 16 bytes (128 bits)

– [RID(5)+PIX(0..11)]– RID: Registered Application Provider– PIX: Proprietary Identifier Extension

• Can uniquely identify one smart card application. • Also used to identify files in the smart card.• Simultaneous selection of an application and of a

directory of a card.

Smart Cards


*Accessing Files and Applications by AID: SELECT FILE

As for files, applications are selected by the same method with an APDU ‘XX A4 …’ to select a file by its AID: Example:

• 00 A4 02 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31

• Response: 90 00 if all OK…

specific params.

SELECT FILE

ISO command

length + AID, "1PAY.SYS.DDF01"

Smart Cards


RID: Registered Application Provider“Administrative” method to get a RID is described in ISO 7816-

5. Not all application provider RIDs are public. Examples:• A0 00 00 00 87

– 3GPP (3G USIM application)

• A0 00 00 00 09– ETSI (e.g. GSM SIM with Java)

• RID = D2 76 00 01 24 – In OpenPGP cards.

• A0 00 00 00 03– VISA EMV international cards

• A0 00 00 00 04– MasterCard EMV cards

• Etc..

Smart Cards


Examples of a Complete AID• 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31

– which is "1PAY.SYS.DDF01" en ASCII, it contains a list of AIDs of an EMV bank card

• A0 00 00 00 42 10 10– Visa Credit EMV application, France

• A0 00 00 00 03 10 10– Visa Credit EMV application, international

• A0 00 00 00 04 10 10– MasterCard EMV application, international

• A0 00 00 00 69 00 – is the French Monéo e-purse application.

printed on the ticket

Smart Cards


ISO 7816-7

• APDU for accessing a database stored on a smart card(!).

• Defines SCQL = Smart Card Query Language

Smart Cards


IS0 7816-8..10

• More inter-industry commands to manage the security environment of the card, for example during the personalization phase (before the card is issued to the user!!!)

Smart Cards


ISO 7816-12 – 12/2005

USB on smart cards!• Two versions, still evolving• Bridge the connectivity gap between PCs

and smart cards!

Smart Cards


Industrial Standards [2]:=> Crypto Standards

Smart Cards


Standards• RSA Security PKCS #11: Application Programming

Interface (API), called Cryptoki, to access devices which hold cryptographic information and perform cryptographic functions.– used e.g. in Netscape / Mozilla / cryptlib etc.

Smart Cards


Standards

• RSA Security PKCS #15: storage and management of crypto/security objects, keys and their attributes in smart cards

Smart Cards


RSA Security PKCS #15 - Examples

Smart Cards


Industrial Standards [3]:=> Applications, Protocols

Smart Cards


Standards

• PC/SC: communication between Ms Windows and smart card readers [developed in 1997]

• Microsoft Cryptographic API (CryptoAPI).– enables application developers to add cryptography and certificate management functionality to

their Win32 applications without knowing anything about the hardware configuration

Smart Cards


Smart Cards under Linux?

PC/SC works and has drivers under Linux too.

Libraries? check out • M.U.S.C.L.E. at www.linuxnet.com• OpenSC library• Etc…

Smart Cards


Standards• JavaCard [later].

– OCF [OpenCard Framework]: a Java-based set of APIs for smart cards

– JavaCard 2.2

• ISO 15408: product evaluation derived from the ‘common criteria’

Smart Cards


Banking Standards

• EMV: international bank card specs• Visa Open Platform: security management of

multi-application cards

• CEPS: Common Electronic Purse Specification

• EN 1546: Pan-European e-Purse specification (very similar)

Smart Cards


Mobile Phone Card Standards

Smart Cards


***GSM Phones Card Standards• GSM 11-11: specifies the standard SIM-ME interface• GSM 11-14: more: « SIM Application Toolkit »• GSM 03.19: API JavaCardTM for programming SIM cards• GSM 03.40: how to implement Short Message Service

(SMS) in Point to Point (PP) mode• GSM 03.48: security mechanisms for the SIM card

application toolkit

Smart Cards


***3G Phone Card Standards• TS 51.011: specifies the 3G SIM-ME interface• ETSI TS 102 221: terminal-card physical and logical

characteristics• 3GPP: 31.101 V4.0.0, 31.102 V4.0.0 (Release 99)- 3G

cards (W-CDMA)• 3GPP2-C00-1999-1206-1208: specification of RUIM

modules for CDMA 2000

Smart Cards


3G Phone Security StandardsPrinciples, objectives and requirements• TS 33.120 Security principles and objectives• TS 21.133 Security threats and requirementsArchitecture, mechanisms and crypto algorithms• TS 33.102 Security architecture• TS 33.103 Integration guidelines• TS 22.022 Personalization of mobile equipment• TS 33.105 Cryptographic algorithm requirements• TR 33.900 A guide to 3G security• TR 33.901 Criteria for cryptographic algorithm design process• TR 33.902 Formal analysis of the 3G authentication protocol• TR 33.908 General report on the design, specification and evaluation of3GPP standard confidentiality and integrity algorithms• Document 1: f8 & f9• Document 2: KASUMI• Document 3,4: test dataLawful interception• TS 33.106 Lawful interception requirements• TS 33.107 Lawful interception architecture and functions

Smart Cards


PKI / Digital Signatures – Related to EU directive

• ETSI TS 101 333: digital signature formats• ETSI TS 101 808: CA management specification• CEN/ISSS: European Directive for Digital signatures

• CWA/prEN 14890: Interface for smart cards for D.S.

Smart Cards


Transport Card StandardsTransport Card Standards

Main Standards:• Calypso

[France, Belgium]• MiFare

[UK, Holland, Poland]

• Felica [Hong Kong, Japan, India]

Smart Cards


ITSO: used MiFare .. and withdraws [2009]ITSO: used MiFare .. and withdraws [2009]UK system and specs.

Compatible with both MiFare and Calypso.

MiFare Cards in ITSO system: 9.1 million [2008].Now slowly withdrawing it:1. ITSO licensed Members shall cease to issue MiFare

Classic cards after 31st December 2009. 2. ITSO shall not support any ITSO shell issued on a Mifare

Classic card after 31st December 2016.

Smart Cards


JavaCardWrite Once, Run Anywhere™

Smart Cards


Recent History

• Oct 25, 2010 - Gemalto has filed a patent infringement lawsuit in the US against Google, HTC, Motorola, and Samsung for mechanisms implemented in the Android OS

• From press release:– “Gemalto’s patented technologies are

fundamental to running software, developed in a high level programming language such as Java®, on a resource constrained device,”

Smart Cards


Motivation• Portable code, hardware-independent• Time to market: add new applications

to the card at any moment! • Easier to develop• Open platform,

=> specs of smart card chip are usually confidential(!!)

• Third party applications => much more security needed!!!– Hide the smart card OS and resources from the developer [not

trusted]– Java language has inherently better security…

• Much of current application insecurity comes from C language [exceptions, printf, goto, buffer overflow etc..]

• Provide “built-in security” for developers• Cons: slow + expensive…

Smart Cards


History

• Java Card 1.0: Schlumberger. APIs only. • Later, Bull+Gemplus+Schlumberger formed

the Java Card Forum. • + Sun Microsystems => develop Java Card

2.0.Still a SMALL subset of JavaTM

Some 2 billion Java cards to date(mainly in GSM…)

Smart Cards


Working Principle [source: Sun website]

Smart Cards


The Java Card VM Specs

The Java Card Virtual Machine (JCVM): defines

• a subset of the Java programming language

• a Java-compatible VM for smart cards,

• binary data representations and file formats,

• the JCVM instruction set.

Smart Cards


JavaCard - Types

Types

Smart Cards


JavaCard - Limitations

Dynamic class loading, security manager (java.lang.SecurityManager), threads, object cloning, and certain aspects of package access control are not supported.

native, synchronized, transient, volatile, strictfp are not supported.

There is no support for char, double, float, and long, or for multidimensional arrays. Support for int is optional.

The Java core API classes and interfaces (java.io, java.lang, java.util) are unsupported except for Object and Throwable, and most methods of Object and Throwable are not available.

Some Exception and Error subclasses are omitted because the exceptions and errors they encapsulate cannot arise in the Java Card platform.

Language Features

Keywords

Types

Classes and Interfaces

Exceptions

Smart Cards


Card Java – Resource Constraints

A package can refer to up to 128 other packages

A fully qualified package name is limited to 255 bytes. Note that the character size depends on the character encoding.

A package can have up to 255 classes.

A class can directly or indirectly implement up to 15 interfaces.An interface can inherit from up to 14 interfaces.

A package can have up to 256 static methods if it contains applets (an applet package), or 255 if it doesn't (a library package).

A class can implement up to 128 public or protected instance methods, and up to 128 with package visibility.

Packages

Classes

Smart Cards


Java Card - Standard Libs

• JavaCard.lang• JavaCard.framework• JavaCard.security• JavaCardx.crypto

Smart Cards


Added [Java Card 2.2] = javacard.frameworkISO7816 defines constants related to ISO 7816-3 and ISO 7816-4.MultiSelectable identifies applets that can support concurrent selections. PIN represents a personal identification number used for security (authentication) purposes. Shareable identifies a shared object. Objects that must be available through the applet firewall

must implement this interface.

AID defines an ISO7816-5-conforming Application sIdentifier associated with an application provider; a mandatory attribute of an applet.

APDU defines an ISO7816-4-conforming Application Protocol Data Unit, which is the communication format used between the applet (on-card) and the host application (off-card).

Applet defines a Java Card application. All applets must extend this abstract class. JCSystem provides methods to control the applet life-cycle, resource and transaction

management, and inter-applet object sharing and object deletion.OwnerPIN is an implementation of the PIN interface.Util provides utility methods for manipulation of arrays and shorts, including arrayCompare(),

arrayCopy(), arrayCopyNonAtomic(), arrayFillNonAtomic(), getShort(), makeShort(), setShort().

Various Java Card VM exception classes are defined: APDUException, CardException, CardRuntimeException, ISOException, PINException, SystemException, TransactionException, UserException.

Interfaces

Classes

Exceptions

Smart Cards


javacard.securityGeneric base interfaces:

Key, PrivateKey, PublicKey, and SecretKey, and subinterfaces that represent various types of security keys and algorithms: AESKey, DESKey, DSAKey, DSAPrivateKey, DSAPublicKey, ECKey, ECPrivateKey, ECPublicKey, RSAPrivateCrtKey, RSAPrivateKey, RSAPublicKey

Checksum: abstract base class for CRC algorithms

KeyAgreement: base class for key-agreement algorithmsKeyBuilder: key-object factory

KeyPair: a container to hold a pair of keys, one private, one publicMessageDigest: base class for hashing algorithms RandomData: base class for random-number generatorss

Signature: base abstract class for signature algorithms

CryptoException: encryption-related exceptions such as unsupported algorithm or uninitialized key.

Interfaces

Classes

Exceptions

Smart Cards


**Crypto Algorithms in Javacard 2.2• AES: Advanced Encryption Standard (NIST FIPS-197)• SEED Algorithm Specification : KISA - Korea Information Security Agency• SHA-1 (NIST FIPS 180-1), SHA-256,SHA-384,SHA-512 (NIST FIPS 180-2)

• MD5 defined by RSA DSI in RFC 1321• RIPEMD-160 defined in ISO/IEC 10118-3:1998• DSA (NIST FIPS 186)

• DES (NIST in FIPS 46-1 and 46-2)• RSA: The Rivest, Shamir and Adleman Asymmetric Cipher algorithm• ECDSA: Elliptic Curve Digital Signature Algorithm

• ECDH: Elliptic Curve Diffie-Hellman algorithm• HMAC: Keyed-Hashing for Message Authentication (RFC-2104)

Smart Cards


javacardx.cryptoNon-standard and proprietary crypto OR crypto subject to export controls!

KeyEncryption, Cipher

Interfaces

Classes

Exceptions

Smart Cards


Java Card Runtime Environment (JCRE)The JCRE consists of the Java Card VM, the Java Card Framework and APIs, and some

extension APIs.

Smart Cards


CommunicationSpecial subset of APDUs [ISO 7816-3..4] are used.

Smart Cards


Applet IsolationJCRE can act as a firewall

Smart Cards


Applet Structure and Execution

Smart Cards


Applet Execution

• The applet is identified by a unique identifier AIM.

• The terminal selects/deselects the applet at any moment.

• The APDUs are redirected to the applet currently selected.

Smart Cards


Applet SecurityApplets [bytecode] are

• CHECKED [if they don’t spy on other applets!!]

Should be signed with a digital signature [white-list principle(Nokia), as opposed to black list (Microsoft)]

Smart Cards


Java Card 3.0.

March 2008• Multi-threading• Garbage Collector• Multi-dimensional Arrays• TCP/IP• Servlets

Smart Cards


Terminals

Smart Cards


USB

Before were on serial port…Now all USB.Since about 2000 they use the [Microsoft

compatible] standard API/interface called PC/SC.

Smart Cards


PC Card

Smart Cards


Keyboards

Cherry etc.

Smart Cards


Contact-less

Open source: Open-PCD[Germany]

Smart Cards


Banking Terminals

Smart Cards


Home Banking

Smart Cards


Contact-less Bank Cards

Very recent

Smart Cards


Biometric

Smart Cards


Futuristic

UK pilot 2008

Smart Cards


Conclusion

Smart Cards


Future:

• Cannot live without Smart Cards or some other secure portable hardware device.– Bill Gates recognized it publicly in 2005…

• PKI enabler: – fair security: e.g. everyone can verify the

authenticity of a bank transaction.– 99.9 % unused potential.

Smart Cards


Some Difficulties Worldwide

• Major concern - COST EFFECTIVENESS• Security is of public interest, conflict of

interest - some market players think about their security, not of their customers and like fraud – make profit selling insurance…

• Bad press: – Unbreakable ? Not.– But there is no better technology on this planet.

Smart Cards


**How Secure Are Smart Cards?

A necessity: there is no better technology on earth !

…Succeeding requires tamper-proof hardware. But

• no security professional will speak of tamper-proof devices, as opposed to tamper-resistant ones.

• Security is a matter of economics, and not just technology.– How much will your attacker spend to defeat your security? – Are you protecting something valuable enough that your enemy will resort to the three

B's: burglary, bribery or blackmail?

• Protecting against determined adversaries is very hard; it's rarely wise to bet your business on it.”…

[Steve Bellovin blog, 24/08/07]

Smart Cards


Future of Smart Cards• New silicon technologies – 0.065 µm SOI for more

storage and security, lower power consumption• Multithread, DMA, MMU.• New memory technologies:

– In 2005: NOR-flash – 1 Megabyte…– 1 Gigabyte in a SIM ! – with NAND-Flash. Spansion.

• On-die support for RF, TCP/IP, WiFi, Bluetooth, etc. USB full speed – Axalto product + patents– 12 Mbits/sec ! The future standard in GSM handsets?

• Enhanced security with biometrics (3 factors).• More crypto: AES, Elliptic Curves etc...

Documents

La Carte à Puce - Nicolas Courtois · 25 Nicolas T. Courtois 2006-2009 Vocabulary magnetic stripe card IC= Integrated Circuit ICC, chip card : • memory card • wired logic card