Embed Size (px)
Citation preview
Smart Card
Syed JabbarComputer Science
Course: 60-520Prof. : Dr. Imran Ahmad
November 28, 2003
What is Smart Card?
Smart CardA Smart Card is a credit-card
sized plastic card embedded with an Integrated Circuit Chip (ICC)
Integrated Circuit Chip (ICC)Only a memory chip with non-programmable logic
A Microprocessor with Internal Memory
Smart Card History1974French journalist Roland Moreno filed the first patent in France in 19741982Phone cards were tested in France in 19821984ATM bank cards were successfully conducted
In EuropeOn-line verification of transactions was very expensive because of the high cost of telecommunicationsThe Smart Card provided the verification off-line with security and low cost
In USA (1987)First large-scale smart card application was implemented in USA in 1987
Why Use Smart CardSecurity
Physical Protection:
It is not impossible to open a smart card physically and access data in it. But it is much harder than tampering a workstation.
Logical Protection:
- Provides on-card computing platform and memory storage which assures data security
- Most smart card operating systems provide Cryptographic Facilities which allows data encryption and decryption
Portability
Wallet size card, so it can be carried very easily separating from outside world
Where Use Smart Card
AuthenticationMedical History, Student IDFinancial SystemFor storing sensitive information:Credit Card, Bank CardPhysical Access and Transportation SystemDoor Opening, Mass Transit EnvironmentCommunications Public Telephone Card, Sim Card for cellular phoneIdentificationFor holding password through which a user is identified to a system for accessing and processing the informationNetwork System
Physical StructureSpecified by International Standards Organization (ISO 7816)A smart card must be 85.60 mm wide, 53.98 mm height, and 0.76 mm thick
The ICC is embedded on a plastic card, and a thin gold plate printed circuit (contact) is embedded on top of that.The communication between the chip and the Smart Card Reader is done through this printed circuit.
ICC
Printed Circuit
Plastic Card
Types of Integrated Circuit Chip
Memory CardSimple memory storage device without any
processing powerLogic CardMemory card with additional security functions
Microprocessor Card- With Embedded Microprocessor- Smart enough to offer sophisticated processing
power as a processor device that offers multiple functions
Communication Interface TypeContact Card
Has a gold connector plate
Data is transferred by physically contacting with the plate
Credit Card, Debit Card
Contactless Card
Has an antenna coil embedded inside the card
Communicates by radio frequency technology
Parking Card
Contact Card
Contactless Card
Communication Interface Type (Cont.)
Hybrid CardHas two separate chips – one with contact another with contactless interface
Combi CardHas a single chip – with contact and contactless interfaceCheaper than Hybrid Card
Proximity CardContactless Card but read-only
Hybrid Card
Combi Card
Contents of ICC
Memory ModuleRead Only Memory (ROM)- Stores Operating System, Encryption Algorithms etc.
- Size between 8KB and 32KB
Electrically Erasable Programmable ROM (EEPROM) (Non Volatile Memory (NVM))- Stores Business Applications
- Size around 64KB
Random Access Memory (RAM)- Used for fast computation and response
- Size around 3KB
Contents of ICC (Cont.)Central Processing Unit (CPU)- Between 8bit and 32 bit Microprocessor- Uses the instruction set Motorola 6805, Intel 8051, Hitachi H8
Input/Output (I/O)- Half-Duplex channel- Communicates with reader as Master/Slave relationship
Smart Card Contacts
Vcc – Power Connection (generally 5 volts)
RST – Reset, used for initiatingCLK – Clock SignalRFU – Reserved for Future Use
GND – Ground Line
VPP – High Voltage Signal to program the EEPROMI/O – Half-Duplex communication channelRFU – Reserved for Future Use
Operating System
Functionality is not like Windows, Unix, DOS functionality
On-card commands to which the smart card responds
ISO 7816 describes a wide range of standard commands that smart card can implement
Most manufacturers offer cards with OS implementing some or all of these standard commands with or without manufacturer-specific extensions such as manufacturer identification number, serial number etc.
File StructureSmart card file is a contiguous block of smart card memory module
Most smart card operating system supports file system based on ISO 7816 standard
Similar to MS-DOS and UNIX tree-structured hierarchical file system with one master file serving as root of the file system
The master file may contain several sub files
Smart Card Software
Host Software
Runs on Interface Device (IFD) or Smart Card Reader
Usually written in the high-level languages such as – C, C++, Java, BASIC, COBOL, Pascal, or FORTRAN
Host software sends command to the card operating system that executes on card processor and returns the results
As many kinds of smart cards can be presented to the reader, the host software responses to the particular cards that included in the host software system
Smart Card Software (Cont.)
Card Software
Runs on Smart Card itself
Classified as operating system, utility, and application software
Written in Assembly language
Written for customizing or extending existing software for particular application, or creating a new and unique custom-built smart card
It is time consuming and very expensive
Java Card
Java Card was introduced in October, 1996
Accepts and runs programs written in high-level programming language - Java
Before Java Card the only way to write and load software on smart card was to do it by a smart card manufacturer which was very time consuming and expensive.
Although some smart card manufacturers used high-level languages such as C to create card software, the capability of using these tools to program was not passed to the card issuer or cardholder.
Allows developing smart card programming easily in affordable cost
Does not support all features of Java language, because of the size of smart card memory
Hacking Smart Card
All key information of smart card is stored in the EEPROM
EEPROM write operations can be affected by unusual voltages and temperatures
The information can be hacked by raising or dropping the supplied voltage to the EEPROM
Some chips use additional sensors that monitor characteristics of the power supplied to the chip and the programs lock the card when it detects any attack
Smart Card Life-Cycle
There are five main steps from smart card manufacturing to its end-of-life:
Step 1ICC is created and tested by the manufacturer
A unique id - Fabrication Key (FK) is added to the ICC to protect the chip from fraud modification until next step
Step 2ICC is mounted on the plastic card
Connection is made between ICC and printed circuit
After testing, the FK is replaced by the personalization key (PK)
Physical memory access instruction is disabled
Smart Card Life-Cycle (Cont.)
Now the card can be accessed only by logical memory addressingStep 3
Data files and applications are written by Card IssuerStores card holder’s identity or PIN etc.
Step 4Card’s application system and logical file access controls are activated for useAccessing card information is limited by the application’s security policies
Smart Card Life-Cycle (Cont.)
Step 5Done by the application by writing the invalidation lock to the file(s)
All the writing and updating operations are disabled by the operating system
The read instructions may remain active for analysis purposes
OR
Blocks all PINS, so all the operations are blocked including reads
Current Development & Research
Biometric FeatureSome manufacturers offer smart cards which are verified with finger-print for authenticationScanned by finger-print scanner (reader), Keyboard with built-in fingerprint sensorUseful for E-commerce, Remote access etc.
ResearchResearch is going on to implement biometric technique which will provide on-card processing for authenticationCompares read finger-print with the finger-print template stored on cardIf authentication fails, the card will not supply its secured information
Comparing with Magnetic & Optical Card
Smart Card Magnetic Stripe Card Optical Card
Read/write and processing technology
Read/write technology Write once read many technology. Once data is written, it cannot be changed or removed
Medium to reasonably high data storage capabilities
Low to medium storage capabilities
Comparatively high data storage capabilities
Cost is higher than magnetic stripe card
Low cost Almost same as Smart Card
Used for storing and transaction data with on card processing
Used for storing and transaction data
Used for storing data
Conclusion
Smart card is taking place in the environment where security and authentication is main concern. Inclusion of biometric feature in smart card provides added security.
Companies especially financial companies that use magnetic stripe cards, are moving towards using smart card for its security and multi-functionality.
Thank You
Questions ?
