2IntroductionThe semiconductor revolution has advanced to the point where the computing power that once took up an entire room can now me lost among the spare change, house keys or candy wrappers in the average pocket.Smart cards have proven to be quite useful as a transaction/authorization/identification medium.As their capabilities grow, they could become the ultimate thin client, eventually replacing all of the things we carry around in our wallets, including credit cards, licenses, cash, and even family photographs.
3HistoryThe roots of the current day smart card can be traced back to the US in the early 1950s when Diners Club produced the first all-plastic card to be used for payment applications.VISA and MasterCard then entered the market, but eventually the cost pressures of fraud, tampering, merchant handling, and bank charges made a machine-readable card necessary
4What is a Smart card?A smart card is a credit card sized plastic card with an embedded computer chip.The chip can either be a microprocessor with internal memory or a memory chip with non-programmable logic.They can be programmed to accept, store and send data.
5Need for a smart cardAn advanced security system is worthless if it is so inconvenient for the users that they always find a way around it. For example, many users have so many passwords to remember today that they often write them down in easily accessible places or choose simple easily guessed passwords. Smart cards can easily store large passwords.Being a computer in itself, smart cards can also perform advanced security functions like storage of cryptographic keys and ability to perform cryptographic algorithms.
6Need for a smart cardSmart cards provide tamper-resistant storage for protecting sensitive information like private keys, account numbers, passwords, and other forms of personal information.They can isolate security-critical computations that involve authentication, key exchange and digital signatures from other parts of the system that do not have a "need to know". Since computations can be done in the card itself, the keys need not exist anywhere other than the card itself. This prevents malicious sniffing programs from getting hold of the key.
7Need for a smart cardThey provide a level of portability to securely move information from one system to another.They can run custom code and thus are programmable.
8Smart card Difference between smart cards and magnetic smart card Magnetic stripe card does not have a chip embedded in themA smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).
9Electronic ModuleThe information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a smart card reader.
10Physical structureThe International Standards Organization ( ISO) 7810, 7816/1, 7816/2 specifies the physical structure of the smart card.A printed circuit and an integrated chip are embedded on the card
11Physical Structure An integrated circuit chip consists of a MicroprocessorRead only memory (ROM)Nonstatic random access memory (RAM)Electrically erasable programmable read only memory (EEPROM), which will retain its state when the power is removed.Programmable read only memory (PROM)Erasable programmable ROM (EPROM)The current circuit chip is made from silicon, which is not flexible and particularly easy to break. Therefore, in order to avoid breakage when the card is bent, the chip is restricted to only a few millimeters in size.This also limits the memory and processing resources that may be placed on the card. As a result, the smart card always has to incorporate with other external peripherals to operate.
12Smart card architecture elements Central Processing UnitTraditionally there is a 8 bit controller, but nowadays 16 bit and 32 bit chips are also used.Smart Card CPUs execute machine instructions at a speed of approximately 1 MIPS. A coprocessor is often included to improve the speed of encryption computations.Memory SystemRAM. 1K. This is needed for fast computation and response. Only a tiny amount is available.EEPROM (Electrically Erasable PROM). Between 1 to 24K. Unlike RAM, its contents are not lost when power is. Applications can run off and write to it, but it is very slow and one can only read/write to it so many ( ) times.ROM. Between 8 to 24K. The Operating System and other basic software like encryption algorithms are stored here.
13Smart card architecture elements Input /OutputThis is via a single I/O port that is controlled by the processor to ensure that communications are standardized, in the form of APDUs (A Protocol Data Unit).Interface Devices(IFDs)Smart Cards need power and a clock signal to run programs, but carry neither. Instead, these are supplied by the Interface Device - usually a Smart Card Reader - in contact with the card.In addition to providing the power and clock signals, the reader is responsible for opening a communication channel between application software on the computer and the operating system on the cardThe communication channel to a Smart Card is half-duplex.
14Smart card architecture elements Interface DevicesThe receiver is required to sample the signal on the serial line at the same rate as the transmitter sends it in order for the correct data to be received. This rate is known as the bit rate or baud rate.Data received by and transmitted from a Smart Card is stored in a buffer in the Smart Card's RAM. As there isn't very much RAM, relatively small packets ( bytes) of data are moved in each message.
15Smart Card DimensionsTwo physical dimensions are specified for smart cards. The most popular form is approximately the size of a credit card. Small enough to be conveniently portable, the card is large enough to display graphics and advertising on its side. The second, smaller smart card size, specified by the European Telecommunications Standards Institute (ETSI), is used specifically for Global System for Mobile Communications (GSM) phones, the predominant cellular phone technology system in Europe.
16How does a smart card work? All smart cards have essentially the same physical interface to the outside world, the smart card reader. To use a smart card, an end user simply inserts it into a read / write device where it remains for the duration of a session or transaction.The user provides a PIN or password as they would at an ATM machine providing the added protection of two-factor authentication.
17How does a smart card work? While still in the reader, the card interacts with security software on the local machine and the network as needed. It confines certain operations, such as those involving a user’s private key, to the card itself. That means the private key and any digital certificates never leave the card. All computations involving them happen internally and securely so only the cardholder can access the private key.When a session or workday is over, the user removes the card and keeps it in a safe place. Without the card, unauthorized individuals can’t hack into protected resources.
18How is authentication done Insert the smart card into a reader. The smart card contains the cryptographic keys and biometric fingerprint data.Enter PIN (or password), in order to unlock the digital representation of the fingerprint. In the trade, this is known as the minutia data.Place the finger on the scanner. The scanned fingerprint is compared to the fingerprint data on the smart card.If the data matches, the smart-card fingerprint data is converted into a number and combined with the smart-card secret PIN (retrieved in Step 2) and used as a symmetric cryptographic key to decrypt the private key.A nonce (random number) is passed from the computer application to the smart card.The private key on the smart card is used to encrypt the nonce and pass it back to the application.The application verifies that a certified public key obtained from the network-based directory service or from the card does, in fact, decrypt the encrypted message from the card and reveal the same nonce that was originally passed to the card.
20Contact Smart CardsContact smart cards must be inserted into a smart card reader device where pins attached to the reader make contact with pads on the surface of the card to read and store information in the chip.
21Contactless Smart Cards Contactless smart cards contain an embedded antenna instead of contact pads attached to the chip for reading and writing information contained in the chip's memory.Contactless cards do not have to be inserted a smart card reader. Instead, they need only be passed within range of a radio frequency acceptor to read and store information in the chip.These cards have an antenna embedded inside the microchip that allow the card to communicate with an antenna coupler unit without physical contact.
22Contactless Smart Cards The range of operation is typically from about 2.5" to 3.9" (63.5mm to 99.06mm) depending on the acceptor.Student identification, electronic passport, vending, parking and tolls are common applications for contactless cards.
23Proximity CardsProximity cards or simply prox cards communicate through an antenna similar to contactless smart cards except that they are read-only devices that generally have a greater range of operation.The range of operation for prox cards is typically from 2.5" to 20" (63.5mm to 508mm)They are growing in popularity because of the convenience they offer markets such as walk-through access terminals in mass transportation, security, identification, and access control
24Proximity CardsProx cards are available from several sources in both ISO thickness cards from .027" to .033" and clamshell cards from .060" to over .070" thickThey are used in security, identification, and access control applications, especially door access where fast, hands-free operation is preferred.
25Hybrid CardThere will be some period of time in which there will be some magnetic stripe-only cards, some chip-only cards, and many cards that will carry both a chip and a magnetic stripe as seen by the recent release of the America Express Blue card. A hybrid infrastructure is expected to accommodate the transition.A Hybrid card has two chips, each with its respective contact and contactless interface. The two chips are not connected, but for many applications, this Hybrid serves the needs of consumers and card issuers.
26Hybrid CardHybrid card is the term given to e-cards that contain two or more embedded chip technologies such as a contactless smart chip with its antenna, a contact smart chip with its contact pads, and/or a proximity chip with its antenna all in a single card.
27Combi CardThe combi card also known as a dual-interface card i.e., with a contact and contactless interface.It has one smart chip embedded in the card that can be accessed through either contact pads or an embedded antenna. It is now possible to access the same chip via a contact or contactless interface, with a very high level of security.
28Combi CardIn the mass transit application, a contact-type acceptor can be used to place a cash value in the chip's memory and the contactless interface can be used to deduct a fare from the card.
29Difference between a Hybrid and a Combi card The main difference between a combi card and a hybrid card is that a combi card has only one chip and a hybrid card has two chips.
30Cryptographic Smart cards Cryptographic cards or crypto cards are high-end microprocessor memory cards with additional support for cryptographic operations (digital signatures and encryption)Crypto cards are designed to allow secure storage of private keys (or other secret keys).These cards will also perform the actual cryptographic functions on the smart card itself. In this way, the private key need never leave the smart card.
31Cryptographic Smart cards Since the EEPROM of these cards is designed to be tamper-resistant, unauthorized individuals are unable to hack the card secrets it’s virtually hacker-resistant. As a result, crypto cards play an essential part of any public/private key system
32Vault Smart CardsThese cards are activated upon user entry of a PIN (personal identification number) directly on the card.The card self verifies the PIN, and then activates the smart module. The card is then handed to the merchant to complete the transaction.After a transaction is completed, the card automatically returns to an inactive state and cannot be used again without reactivation PIN input.Entry and verification process is fast, simple, and secure. Card self-verification eliminates the need for an external PIN database and also eliminates transmission of a PIN, reducing the chance of interception and misuse.
33Memory and Microprocessor Chips The chips used in all the cards mentioned above fall into three categories:microprocessor chipsmemory chips.Optical memory cards
34Memory ChipA memory chip can be viewed as small floppy disks with optional securityMemory cards can hold from 103 bits to 16,000 bits of data, but have no processor on the card with which to manipulate that data.They are less expensive than microprocessor cards but with a corresponding decrease in data management security.They are used for storage and retrieval only.
35Memory ChipThey depend on the security of the smart card reader for their processing and are ideal when security requirements permit use of cards with low to medium security.Smart-card memory chips are used for data storage and identification applications.
36Classification of memory cards Memory chips are of three kindsStraight memory cards: These cards just store data and have no data processing capabilities. They should be regarded as floppy disks of varying sizes without the lock mechanism. Protected/Segmented memory cards: These cards have built-in logic to control the access to the memory of the card. Sometimes referred to as intelligent memory cards these devices can be set to write protect some or the entire memory array. Some of these cards can be configured to restrict access to both reading and writing. This is usually done through a password or system key. Segmented memory cards can be divided into logical sections for planned multi-functionality.
37Classification of memory cards Stored value memory cards: These cards are designed for the specific purpose of storing value or tokens. The cards are either disposable or rechargeable. Most cards of this type incorporate permanent security measures at the point of manufacture. These measures can include password keys and logic that are hard-coded into the chip by the manufacturer. For simple applications such as a telephone card the chip has 60 or 12 memory cells, one for each telephone unit. A memory cell is cleared each time a telephone unit is used. Once all the memory units are used, the card becomes useless and is thrown away. This process can be reversed in the case of rechargeable cards.
38Microprocessor ChipsMicroprocessor cards (also generally referred to by the industry as chip cards) offer greater memory storage and security of data.Chips that contain both memory and a microprocessor are also similar to a small floppy disk, except they contain an intelligent controller used to securely add, delete, change, and update information contained in memory.The more sophisticated microprocessor chips have state-of-the-art security features built in to protect the contents of memory from unauthorized access.
39Microprocessor ChipsA microprocessor chip can add, delete and otherwise manipulate information in its memory. It can be viewed as a miniature computer with an input/output port, operating system and hard disk.Microprocessor chips are available 8, 16, and 32 bit architectures. Their data storage capacity ranges from 300 bytes to 32,000 bytes with larger sizes expected with semiconductor technology advances.The current generation of chip cards has an eight-bit processor, 16KB read-only memory, and 512 bytes of random-access memory. This gives them the equivalent processing power of the original IBM-XT computer, albeit with slightly less memory capacity.
40Optical Memory CardsOptical memory cards look like a card with a piece of a CD glued on top, which is basically what they are.Optical memory cards can store up to 4 MB of data.These cards can carry many megabytes of data, but the cards can only be written once and never erased with today’s technology.Thus, this type of card is ideal for record keeping for example medical files, driving records, or travel histories.
41Multi-application Smart Card Since the microprocessor cards have a reasonable amount of memory, one can have multiple applications residing in the card at the same time.Multifunction smart cards allocate card memory into independent sections assigned to a specific function or application.Within the card is a microprocessor or microcontroller chip that manages this memory allocation and file access.This type of chip is similar to those found inside all personal computers and when implanted in a smart card, manages data in organized file structures, via a card operating system (COS).
42Multi-application Smart Card The technology permits information updates without replacement of the installed base of cards, greatly simplifying program changes and reducing costs.
43Multi-application Smart Card A student uses the card as a basic ID, to check out books from the library, and to decrement value for the meal plan and campus vending machines. The student might also use it for secure access to certain buildings and to the university’s computer system.The figure shows a overview of uses of multi-application smart card
44Chip Operating SystemThe smart card’s chip operating system, is a sequence of instructions, permanently embedded in the ROM of the smart card.The functional characteristics of the smart card are determined by its operating systemThe operating system receives outside commands and executes them provided that certain processing conditions are met.
45Chip Operating SystemThe baseline functions of the COS which are common across all smart card products include:Management of interchanges between the card and the outside world, primarily in terms of the interchange protocolManagement of the files and data held in memory Access control to information and functions (for example, select file, read, write, and update data.)Management of card security and cryptographic algorithm procedures.Maintaining reliability, particularly in terms of data consistency, sequence interrupts, and recovering from an error.Management of various phases of the card’s life cycle (that is, microchip fabrication, personalization, active life, and end of life)
46Communication Protocol Smart cards speak to the outside world using data packages called APDU( application protocol data units)APDU contains either command or response messageSmart card always waits for command APDU from a terminal. It plays a passive roleIt then executes the action specified and replies to the terminal using a response APDU.
47A Smart card transaction The steps in a typical smart card transaction are set out below:Step 1: ConnectionIn a smart card system for contact cards, the card is inserted in a reader device. Contactless cards need only be passed near a target.Step 2: Authentication of the cardThe card generates a message to the reader, which confirms that it is a valid card. The message may be encrypted for security purposes. The reader can also check the card against a list of stolen cards and if necessary lock it so that it can no longer be used.
48A Smart card transaction Step 3: Authentication of the readerThe reader sends a message to the card, which is checked against pre-programmed codes to establish if the reader is valid. If the card is not satisfied that the reader is valid, it can prevent the reader gaining access to the information held on the card.Step 4: Selecting an applicationA single smart card may support many different applications, which may be inter-related or quite distinct. The desired application can be selected by the cardholder, by a person with access to the reader, or chosen automatically by the reader or the card depending on the form of the initial authentication.
49A Smart card transaction Step 5: Identifying security requirementsThe card is able to define the security requirements for the selected application. The card can enforce different levels of security for different purposes or for different persons or organizations.Step 6: Authenticating the card-holderThis can be done by either requiring the cardholder to enter a PIN (personal identification number) or some sort of biometric information (for example; fingerprints, retina scan or signature dynamics). The card keeps the relevant information to make a comparison in a secret area. It can make the comparison without divulging to the cardholder the data it holds for the authentication procedure.
50A Smart card transaction Step 7: The transactionThe transaction is generated by manual entry or by an automated process. The card or reader checks and authorizes the transaction.Step 8: Transaction recordThe card generates a record of the transaction and transmits it electronically to the reader. The record may be used in another part of the system (for example; to allow the service provider to collect actual payment from a bank in a stored value application); by a third party to the transaction for other purposes (for example; collecting statistics); or as back up data storage in case the card is lost or damaged.Step 9: Hard copyA paper record (such as a receipt) can be generated by the reader for the cardholder or the service provider.
51Life cycle of a smart card There are five phases for a typical smart card life cycleFabrication Phase: The chip manufacturers carry out this phase. The silicon integrated circuit chip is created and tested in this phase. A fabrication key (KF) is added to protect the chip from fraudulent modification until it is assembled into the plastic card support. The KF of each chip is unique and is derived from a master manufacturer key. Other fabrication data will be written to the circuit chip at the end of this phase. Then the chip is ready to deliver to the card manufacturer with the protection of the key KF.
52Life cycle of a smart card Pre-personalization Phase: The card suppliers carry out this phase. In this phase, the chip will be mounted on the plastic card. The connection between the chip and the printed circuit will be made, and the whole unit can be tested. To allow secure delivery and for added security of the card to the card issuer, the fabrication key will be replaced by a personalization key (KP). After that, a personalization lock VPER will be written to prevent further modification of the KP. In addition, physical memory access instructions will be disabled. Access of the card can be achieved only by using logical memory addressing. This preserves the system and fabrication areas being accessed or modified.
53Life cycle of a smart card Personalization Phase: The card issuers conduct this phase. It completes the creation of logical data structures. Data files contents and application data are written to the card. Information of cardholder identity, PIN, and unblocking PIN will be stored as well. At the end, a utilization lock VUTIL will be written to indicate the card is in the utilization phase.Utilization Phase: This is the phase for the normal use of the card by the cardholder. The application system, logical file access controls, and others are activated. Access of information on the card will be limited by the security policies set by the application.
54Life cycle of a smart card End-of-Life Phase (Invalidation Phase): There are two ways to move the card into this phase. One is initiated by the application, which writes the invalidation lock to an individual file or the master file. All the operations including writing and updating will be disabled by the operating system. Only read instructions may remain active for analysis purposes. Another way to put the card into this phase is that, when the control system irreversibly blocks access because both the PIN and unblocking PIN are blocked, then all the operations will be blocked including reads.
55Logical File Structure Files are organized in hierarchical formThere is one master file (MF), which is like the root directory. Under the root, there can be different files, which are called elementary files (EFs). There can be various subdirectories called dedicated files (DFs). Under each subdirectory will be elementary files again. The root or MF is the peak of the hierarchy and it contains information and locations of files contained within it.Dedicated Files (DF) contains the actual data files.The elementary file is where the actual data is stored
56Logical File Structure Elementary files are of four different types.Transparent FileTransparent files are commonly just fixed byte files used for storing information.Linear, Variable Length Record FileLinear Record Files contain subdivisions called records, which hold a certain amount of bytes each.Linear, Fixed Length Record FileCyclic, Fixed Length Record FileThey contain a cycle of information where records are written and read in a ring like manner.Each type is unique in how the data is stored and it's actual purpose.
57Logical File Structure After the success of selection, the header of the file can be retrieved, which stores the information about the file such as identification number, description, types, size, and so on. Particularly, it stores the attribute of the file, which states the access conditions and current status. Access of the data in the file depends on whether those conditions can be fulfilled or not.In order to provide greater security control, adding accessing conditions and file status fields in the file header enhances the attribute of each file.Moreover, file lock is also provided to prevent the file being accessed. These security mechanisms and algorithms provide a logical protection of the smart card.
58Access ControlThe smart card access control system covers file access mainly. Each file is attached by a header, which indicates the access conditions or requirements of the file and the current status as well.Levels of Access ConditionsAlways (ALW): Access of the file can be performed without any restriction.Cardholder verification 1 (CHV1): Access can only be possible when valid CHV1 value is presented.Cardholder verification 2 (CHV2): Access can only be possible when valid CHV2 value is presented.Administrative (ADM): Allocation of these levels and the respective requirements for their fulfillment are the responsibility of the appropriate administrative authority.Never (NEV): Access of the file is forbidden.
59Access ControlTwo counters have to be implemented for each of the cardholder verification numbers (CHVs), There are three states in the management of the PIN, which are described below.PIN has been presented: Files or functions, which have PIN presentation as a pre-requisite or condition, can be carried out. Every time the PIN is presented correctly, the PIN counter will be reset to the maximum number of tries, three for example.PIN has not been presented or was presented incorrectly: The PIN counter will be decremented by one after each incorrect PIN was presented. All the operations or instructions, which require PIN presentation, will be invalidated. If the PIN counter reaches zero, then the PIN will be blocked.PIN is blocked: In this state, all the operations require PIN presentation and even the PIN presentation instruction itself is blocked. Unblock PIN instruction has to be carried out. If correct unblocking PIN is presented, the PIN counter will be reset to the maximum number of tries and backed to the first state. However, if invalid unblocking PIN is presented, the unblock PIN counter will be decremented by one and when this counter reaches zero, the PIN can never be unblocked again.
60Smart card Standards International Standards Organization American National Standards InstituteInternational Airline and Transportation Association.It has formed a task force to develop interoperability standards for smart card ticketless travel.G-8 Health StandardsThe G-8 countries have come together to develop a standard format for populating data on a health card.GSM StandardsThe specifications tie a telephone number to smart card, called a Subscriber Identification Module (SIM) or User Identity Module (UIM), rather than to a telephone handset. The SIM is inserted into a telephone to activate it.
61Smart card Standards EMV Specifications The EMV specification resolves the problem of disparate chip card systems across the European continent, thereby eliminating a major impediment to the widespread, cost effective implementation of a global credit and debit card system.PC/SC Workgroup Open SpecificationsThis group has developed open specifications for integrating smart cards with personal computers.OpenCard FrameworkThe OpenCard Framework is a set of guidelines announced by IBM, Netscape, NCI, and Sun Microsystems Inc. for integrating smart cards with network computers.Secure Electronic Transactions (SET).Secure Electronic Transactions (SET) is a protocol for secure payments across the Internet. Announced in 1996 by VISA and MasterCard, SET establishes a single technical protocol for protecting payment card purchases made over the Internet and other open networks. It is based on public key encryption and authentication technology.
62ISO ISO 7816-1:Physical characteristics ISO :Dimensions and location of the contactsISO :Electronic signals and transmission protocolsISO :Industry commands for interchangeISO : Number system and registration procedure for application identifiersISO : Interindustry data elements
63Security related standards PKCS#11:Cryptographic Token Interface Standard: This standard specifies an Application Programming Interface (API), called Cryptoki, to devices which hold cryptographic information and perform cryptographic functions.PKCS#15: Cryptographic token information format standard: PKCS#15 is intended to standardize the use of cryptographic tokens to identify themselves to multiple, standard-aware applications regardless of the application’s cryptographic token interface provider. The key issue in such cases is the interoperability.
64Security related standards JavaCard: The JavaCard API is a specification that enables the Write Once, Run Anywhere capabilities of Java on smart cards and other devices with limited memory.Common Data Security Architecture: Developed by Intel, the Common Data Security Architecture (CDSA) provides an open, interoperable, extensible, and cross-platform software framework that makes computer platforms more secure for all applications including electronic commerce, communications, and digital content.Microsoft Cryptographic API: The Microsoft Cryptographic API (CryptoAPI) provides services that enable application developers to add cryptography and certificate management functionality to their Win32 applications.
65Principles of security standards Multi-platformStandard should be applicable to numerous modern day operating systems and computer architecturesOpen participationStandard should accept input and peer review from members of industry, academia, and governmentInteroperabilityStandard should be interoperable with other leading standards and protocols.Real, FunctionalStandard should apply to real world problems and markets and adequately address their requirements.Experience, ProductsStandard should be created by a group of people with experience in security-related products and standards.ExtensibilityStandard should facilitate expansion to new applications, protocols, and smart card capabilities that weren’t yet around when the standard was created.
66Attack Technologies Attacks on smart cards are as follows Invasive attacksNoninvasive attacksPhysical attacksLogical attacksTrojan Horse attacksSocial Engineering attacks
67Invasive attacksMicroprobing techniques are usually used to access the chip surface directly, thus facilitating the observation and manipulation of the integrated circuit of the smart card.Depackaging: Invasive attacks start with the removal of the chip package. The card plastic is heated until it becomes flexible. This softens the glue and the chip module can then be removed easily by bending the card.Layout reconstruction: The next step is to reconstruct the layout of the new processor
68Invasive attacksManual microprobing: Its major component is a special optical microscopeMemory read out techniques: It is usually not a practice to read out data from processor directly. Microprobing is used to observe the entire bus and record the values in the memory as they are accessed.
69Non-Invasive attacksThe attacked card is not physically harmed and the equipment used in the attack are usually disguised as smart card readersSoftware attacks: use the normal communication interface of the processor and exploit security vulnerabilities found in the protocols, cryptographic algorithms, or their implementationsFault generation attacks: use abnormal environmental conditions to generate malfunctions in the processor that provide additional access.Glitch attacks: In a glitch attack, a malfunction is deliberately generated, which causes one or more flip-flops to adopt the wrong state.Eavesdropping Attacks: These attacks take advantage of the analog characteristics of all supply and interface connections and any other electromagnetic radiation produced by the smart card processor during normal operation.
70Physical attacksPhysical attacks attempt to reverse engineering the card and determine the secret keysThis involves techniques likePeeling off the LSI chipAnalysis using operational test circuitsAnalysis using low-frequency clocksIntroduce computational errors into the smart card can deduce the value of the cryptographic keysVoltage manipulation, temperature manipulationDPA(Differential Power Analysis) is a complicated attack that relies on statistical references drawn from power consumption data measured during smart card computation
71Logical attacksLogical attacks occur when a smart card is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smart card.In this attack, various byte patterns are sent to the card to be signed by the private key. Information such as the time required performing the operation and the number of zeroes and ones in the input bytes are used to eventually obtain the private key.
72Trojan horse attacksTrojan horse attacks: This attack involves a rogue, Trojan horse application that has been planted on an unsuspecting user’s workstation. The Trojan horse waits until the user submits a valid PIN from a trusted application, thus enabling usage of the private key, and then asks the smart card to digitally sign some rogue data. The operation completes but the user never knows that their private key was just used against their will.
73Trojan horse attacks Prevention The countermeasure to prevent this attack is to use single-access device driver architecture. With this type of architecture, the operating system enforces that only one application can have access to the serial device (and thus the smart card) at any given time.Another way to prevent the attack is by using a smart card that enforces a "one private key usage per PIN entry" policy model. In this model, the user must enter their PIN every single time the private key is to be used and therefore the Trojan horse would not have access to the key.
74Social Engineering attacks In computer security systems, this type of attack is usually the most successful, especially when the security technology is properly implemented and configured. Usually, these attacks rely on the faults in human beings. An example of a social engineering attack has a hacker impersonating a network service technician. The serviceman approaches a low-level employee and requests their password for network servicing purposes. With smart cards, this type of attack is a bit more difficult. Most people would not trust an impersonator wishing to have their smart card and PIN for service purposes.
75Smart card features Two factor authentication Secure storage for private keysNon-repudiationcryptographic smart cards are designed to ensure that a user’s private key never leaves the smart card, it cannot be copied, replicated or misused by another individual. As a result, you can be extremely confident that the private key (which is the lynch pin to an entire PKI infrastructure) is always in the sole possession of the user. That means that one has undeniable evidence that connects a specific user to each transaction.Single sign-onThe corporate user no longer has to remember multiple passwords to multiple applications. On the contrary, the user simply inserts his smart card, enters the PIN and the rest of the work is performed by the smart card.MobilityMultiple applications on a single card
76Smart card features Personalization PKI Economic benefits Personalization involves customizing smart cards for your business. Physical personalization and electronic personalizationPKIThe core of solutions based on the Public Key Infrastructure (PKI) consists of a pair of keys - the public key and the private key. Storing the private key of the key pair underlying the PKI system is an essential part of security and ease of use. The private key is stored in the chip of the smart card; thus, only the cardholder can use his private key. The register of public keys is maintained and administered by a trusted third party.Economic benefitsSmart cards reduce transaction costs by eliminating paper and paper handling costs in hospitals and government benefit payment programs. Contact and contactless toll payment cards streamline toll collection procedures, reducing labor costs as well as delays caused by manual systems.
77Smart card features Customization A smart card contains all the data needed to personalize networking, Web connection, payments and other applications.Increase the security of password based systemsOne of the biggest problems in typical password systems is that users write down their password and attach it to their monitor or keyboard. They also tend to choose weak passwords and share their passwords with other people. If a smart card is used to store a user’s multiple passwords, they need only remember the PIN to the smart card in order to access all of the passwords.Portability of Keys and CertificatesWith smart cards the certificate and private key are portable, and can be used on multiple workstations, whether they are at work, at home, or on the road.Auto-disabling PINs Versus Dictionary Attacks
78Smart card features Counting the Number of Private Key Usages Smart card based digital signatures provide benefits over handwritten signatures because they are much more difficult to forge and they can enforce the integrity of the document through technologies such as hashing.
79Smart Card ReadersThough commonly referred to as smart card readers, all smart card enabled terminals, by definition, have the ability to read and write as long as the smart card supports it and the proper access conditions have been fulfilled.Some examples include: reader integrated into a vending machine, handheld battery-operated reader with a small LCD screen, reader integrated into a GSM mobile phone, and a reader attached to a personal computer.
80Smart card applications Financial services - Financial institutions are looking to use Smart Cards to deliver higher value-added services to businesses and consumers at a lower cost per transaction.Electronic purse to replace coins for small purchases in vending machines and over-the-counter transactionsCredit and/or Debit Accounts, replicating what is currently on the magnetic stripe bank card, but in a more secure environment.Securing payment across the Internet as part of Electronic Commerce.Affinity programs - Airlines want to use Smart Cards not only as a vehicle for issuing and carrying tickets - even though the single benefit of being able to securely order/provide a ticket directly to chip cards via the Internet is substantial. Airlines also want to use the cards to provide tie-ins to their frequent-flyer programs and to cross-marketing deals with auto rentals and hotels, as well as to provide simplified access to private airline lounges.
81Smart card applications Government ProgramsElectronic Benefits Transfer using smart cards to carry Food Stamp and WIC food benefits in lieu of paper coupons and vouchers.Agricultural producer smart marketing card to track quotas.Communication applicationsThe secure initiation of calls and identification of caller (for billing purposes) on any Global System for Mobile Communications (GSM) phone.Subscriber activation of programming on Pay-TV.Information SecurityEmployee access card with secured passwords and the potential to employ biometrics to protect access to computer systems
82Smart card applications Secure network accessSmart Cards can carry an individual's digital signature. With this ability, they provide a special mechanism to secure access to computer networks within a corporation, they help ensure that only individuals with the proper authority can get access to specific network resources, and they reduce the likelihood that hackers can break into a system.HealthcareBankingInternet
83Smart Card Applications Information TechnologyBusinesses, the government and healthcare organizations continue to move towards storing and releasing information via networks, Intranets, extranets and the Internet. These organizations are turning to smart cards to make this information readily available to those who need it, while at the same time protecting the privacy of individuals and keeping their informational assets safe from hacking and other unwanted intrusions. In this capacity, smart cards enable:Secure logon and authentication of users to PCs and networksSecure B2B and B2C e-commerceStorage of digital certificates, credentials and passwordsEncryption of sensitive data
84Smart Card Applications Mobile TelecommunicationsPeople using the Global System for Mobile communications (GSM) standard for mobile phones use smart card technology. The smart card is inserted or integrated into the mobile handset. The card stores personal subscriber information and preferences that can be PIN code protected and transported from phone to phone. The smart cards enable:Secure subscriber authenticationRoaming across networksSecure mobile value added servicesWireless providers benefit from reduced fraud thanks to the security offered by smart cards. With the advent of mobile services such as mobile commerce, web browsing, and information services, wireless providers rely on smart cards to act as the security mechanism to protect those services. As a result, smart cards are beginning to move beyond GSM to secure mobile services for other wireless standards as well.
85Smart Card Applications Commercial ApplicationsSmart cards also provide benefits for a host of commercial applications in both B2B and B2C environments. The smart card’s portability and ability to be updated make it a technology well suited for connecting the virtual and physical worlds, as well as multi-partner card programs. The cards store information, money, and/or applications that can be used for:Banking/paymentLoyalty and promotionsAccess controlStored valueIdentificationTicketingParking and toll collection
86Smart card Applications Physical AccessEmployee access card with secured ID and the potential to employ biometrics to protect physical access to facilitiesTransportationDrivers Licenses.Mass Transit Fare Collection Systems.Electronic Toll Collection Systems.Retail and LoyaltyConsumer reward/redemption tracking on a smart loyalty card, that is marketed to specific consumer profiles and linked to one or more specific retailers serving that profile set.Health CardConsumer health card containing insurance eligibility and emergency medical data.University IdentificationAll-purpose student ID card (a/k/a/ campus card) , containing a variety of applications such as electronic purse (for vending and laundry machines), library card, and meal card.
87BibliographyR. Anderson and M. Kuhn, "Tamper Resistance---a Cautionary Note," Proc. 2nd Usenix Workshop on Electronic Commerce, Usenix, Berkeley, Calif., 1996, ppR. Anderson, M. Kuhn, “Low Cost Attacks on Tamper Resistant Devices," Security Protocol workshop, April 1997,D. Boneh, R. DeMillo, and R. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults," Advances in Cryptology: Proceedings of EUROCRYPT '97, Springer-Verlag, May 1997, ppGemplus,Smart card Alliance,Smart card basics,Prepaid Smart Card Techniques,Smart card groups:Smart cards: A primer,CITI Projects: Smart cards:Schlumberger sema smart cards:Smart card center: White papers:Multifunctionality of smart card:M.U.S.C.L.E:
88BibliographyPaul Kocher, Joshua Jaffe, Benjamin Jun, Differential Power Analysis, Advances in Cryptology, proceedings of Crypto'99, Lecture Notes in Computer Science 1666, Springer-Verlag, pp ,Verisign:Smart card authority:Comdex white papers:SCIA:CREC/KPMG: White paper, Smart cards:Smart card applications:Smart cards Overview:Smart card:SSP Solutions:Smart card:Smart card:Schlumberger sema smart cards: