Presentation is loading. Please wait.

Presentation is loading. Please wait.

Everything you always wanted to know about Smart Cards... Marc Witteman November 2001.

Similar presentations

Presentation on theme: "Everything you always wanted to know about Smart Cards... Marc Witteman November 2001."— Presentation transcript:


2 Everything you always wanted to know about Smart Cards... Marc Witteman November 2001

3 Contents Secure communication –threats –objective of cryptography –cryptographic services, principles and algorithms Smart cards –concepts –applications –architecture Security –basic security features –attacks –counter measures

4 What are the threats ? disclosure Confidentiality:unauthorized disclosure of information modification Integrity:unauthorized modification of information use Authenticity:unauthorized use of service sender receiver

5 Objective of cryptography Giving trust in: –authenticity of message and/or sender –integrity of message –(sometimes) confidentiality of message by using an algorithm based on a secret shared between participants in a scheme.

6 Cryptographic services Encryption (confidentiality) encryptiondecryption message Key = ? encryption message Key encryption MAC message = ? Key Challenge encryption Key encryption response Message Authentication Codes (integrity) Electronic signatures (authentication)

7 Cryptographic principles based on: – key secrecy – strong algorithms – difficult to guess key from message/ciphertext pairs – sufficient key length (brute force) Kerckhoffs principle: –strength should reside in secrecy of key, –not in secrecy of algorithm

8 Classical systems: transposition (mixing character sequence) substitution (changing characters) poly-alphabetic substitution (Viginere, Hagelin) easily broken, using language statistics Cryptographic algorithms (1)

9 Cryptographic algorithms (2) Today two kinds of algorithms: repetitive permutations and substitutions of bits: –DES, 3-DES, IDEA, RC5, Blowfish … –secret key mathematical calculations –RSA, Rabin, ElGamal, zero-knowledge, elliptic curve… –public key

10 Smart card concepts A smart card: can store data (e.g. profiles, balances, personal data) provides cryptographic services (e.g. authentication, confidentiality, integrity) is a microcomputer is small and personal is a secure device Anne Doe

11 Smart card application areas Communication Entertainment Retail Transportation Health care Government E-commerce E-banking Education Office

12 Smart card applications (1) Retail –Sale of goods using Electronic Purses, Credit / Debit –Vending machines –Loyalty programs –Tags & smart labels Communication –GSM –Payphones Transportation –Public Traffic –Parking –Road Regulation (ERP) –Car Protection Entertainment –Pay-TV –Public event access control

13 Smart card applications (2) Healthcare –Insurance data –Personal data –Personal file Government –Identification –Passport –Driving license E-commerce –sale of information –sale of products –sale of tickets, reservations E-banking –access to accounts –to do transactions –shares

14 Smart card applications (3) Educational facilities –Physical access –Network access –Personal data (results) –Copiers, vending machines, restaurants,... Office –Physical access –Network access –Time registration –Secure & Web applications

15 Smart card architecture Vcc Reset Clock Gnd Vpp I/O Physical appearance: Credit card or SIM dimensions Contacts or contactless

16 Whats inside a smart card ? CPU Central Processing Unit: heart of the chip

17 Whats inside a smart card ? CPU security logic security logic: detecting abnormal conditions, e.g. low voltage

18 Whats inside a smart card ? CPU serial i/o interface security logic serial i/o interface: contact to the outside world

19 Whats inside a smart card ? CPU test logic serial i/o interface security logic test logic: self-test procedures

20 Whats inside a smart card ? CPU test logic ROM serial i/o interface security logic ROM: – card operating system – self-test procedures – typically 16 kbytes – future 32/64 kbytes

21 Whats inside a smart card ? CPU RAM test logic ROM serial i/o interface security logic RAM: scratch pad of the processor typically 512 bytes future 1 kbyte

22 Whats inside a smart card ? CPU RAM test logic ROM EEPROM serial i/o interface security logic EEPROM: –cryptographic keys –PIN code –biometric template –balance –application code –typically 8 kbytes –future 32 kbytes

23 Whats inside a smart card ? CPU RAM test logic ROM EEPROM serial i/o interface security logic databus databus: connection between elements of the chip 8 or 16 bits wide

24 Smart card chip

25 Basic smart card security features Hardware –closed package –memory encapsulation –fuses –security logic (sensors) –cryptographic coprocessors and random generator Software –decoupling applications and operating system –application separation (Java card) –restricted file access –life cycle control –various cryptographic algorithms and protocols

26 Smart card attacks Internal Attacks Side Channel Attacks Logical Attacks

27 InternalAttacks etching tools Microscope Probe station laser cutters Scanning Electron Microscope Focussed Ion Beam System and more……. Lab pictures provided by TNO

28 Reverse engineering

29 Staining of ion implant ROM array

30 Sub micron probe station

31 Probing with eight needles

32 FIB: fuse repair

33 Internal attack counter measures Alarm (sensors) –light –active grid Hide –feature size (< 300 nm) –multi-layer –buried bus –bus scrambling –shield Confuse –glue logic –redundant logic

34 Logical attacks Communication Command scan File system scan Invalid / inopportune requests Crypt-analysis and protocol abuse

35 Logical attack counter measures Command scan –limit command availability –restrict and verify command coding –life cycle management File system scan –restrict file access –test file access mechanisms (PIN. AUT, etc) Invalid / inopportune requests –exclude non-valid behaviour –verify conformance Crypt analysis and protocol abuse –publish algorithms and initiate public discussion –evaluate crypto algorithm and protocol

36 Side channel Attacks Use of hidden signals electromagnetic emission power consumption timing Insertion of signals power glitches electromagnetic pulses

37 Power analysis peak slope time I ddq area shape

38 Power waveform

39 Fault injection on smart cards Change a value read from memory to another value by manipulating the supply power: Threshold of read value A power dip at the moment of reading a memory cell

40 Side channel attack counter measures Signal analysis –reduce processor signal by balancing or equalising the power and/or shielding the emission –add noise to the processor activity (both in time and amplitude) –eliminate timing relation with processed key and or data –variable ordering of processes –blinding of intermediate values with random values –retry counters –limited control and visibility of crypto input and output Signal insertion –use sensors for supply voltage, light and temperature –double implementation path (for verification) –check for runtime parameter validity

41 Conclusions Smart card technology is emerging, applications are everywhere Smart cards enhance service and security Perfect security does not exist, even not for smart cards Risk analysis is essential More info? Mailto:

Download ppt "Everything you always wanted to know about Smart Cards... Marc Witteman November 2001."

Similar presentations

Ads by Google