Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Cards By Simon Siu and Russell Doyle Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic.

Published byShon Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Smart Cards By Simon Siu and Russell Doyle Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic."— Presentation transcript:

1

2 Smart Cards By Simon Siu and Russell Doyle

3 Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic purse cards (FSU ID card) – Security cards Processor cards require a reader

4 History of Smart cards Patented in 1970s (several different designs) 1983: first mass use in France for pay phone 1992: second mass use again in France for debit cards 1993: Visa, MasterCard, Europay agreed on a standard (EMV) Contactless technology is the new trend

5 Hardware: Chip is accessed electronically via gold plate

6 Smart card vs. Magnetic strip card Smart card is more secure – Data encryption ability – Difficult to access data without terminal Smart card is more expensive Smart card is less durable

7 Usage Banking – ATM Payment – Like credit card Access control – Certificate holder (able to do triple DES) Id Information storage

8 Prime examples Medical application: Germany issues smart cards to all citizens India driver’s licenses (becoming popular in other countries) China transit (GuongZhou) England tracking device in airports

9 Programming the Card OpenCard – Java interface, Java Electronic Commerce Framework (JECF) PC/SC – Window’s based interface

10 Modeling Security Threats Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards by Schneier and Shostack

11 Smart Card ’ s handicap Functionality is split in unusual ways compare to a computer Unable to interact with the world without outside peripherals Multiple parties

12 Cardholder Holding the card May or may not control the info in card Does not control the protocols, software, or hardware in the card system

13 Data Owner May or may not control data in the card Digital certificates Amount of money in account

14 Terminal Control all I/O to and from the card Phone ATM Set-top box

15 Card Issuer Control operating system running on the card Initial data Card manufacturer Software manufacturer

16 Examples of Trust Splits in Smart card systems Digital Stored Value Card – Cash card – Mondex – VisaCash Digital Check Card – Similar to cash card – Card owner is also the data owner Prepaid Phone Card – Value card Account-based Phone Card – Account number

17 Continues Access Token – Key to login or authenticatio protocol Web Browsing Card – Cash card – Cardholder and terminal owner are the same

18 Continues Digital Credential Device – Digital certificates or ther credentials – Cardholder and data owner are the same – Kerberos – DSSA/SPX Key Storage Card – Key Multi-Function Card

19 Threats Attack is an attempte by one or more parties involved in a smart card transaction to cheat Interfere with one or more parties Inside vs Outside Attacks – One of the parties – Outsider stealing a card

20 Motives for Attack Financial theft Impersonation attack: gain access Privacy attack Publicity attack

21 Classes of Attack Attack by the Terminal against the cardholder or data owner – Fake ATM machines – Assume we trust the terminal – Preventions Limit the time to modify Limit the amount of $ reduced at a given time Real prevention is monitering by back-end system

22 Continues Attack by the cardholder against the terminal – Fake cards with rogue software – Preventions Good protocol design Hard-to-forge physical aspects –Hologram on Visa

23 Continues Attack by the cardholder against the data owner – Pay-TV access cards – Reverse-engineering – Defeat tamper-resistance – Fault analysis Attack by the cardholder against the issuer – Randomly access an acount with account-based phone cards – If there is a key, capture the key and use it

24 Continues Attack by the cardholder against the software manufacturer – One application on a smard card to subvert another running on the same card.

25 Conclusion on Security Resistance – Make specific attacks harder: stronger cryptographic protocols, increase tamper-resistance – Few splits to eliminate certain attacks altogeter Example cardholder is also the data owner which means no cardholder attacking data owner – Adding screen and data entry to the card Increase the cost – More Transparency Open publication leads to review and analysis Cleanly separating roles –Example Mondex system with various terminals –User can check his/her account in any one of them

26 Evolution of Smart cards or lack there of Why is it not popular in America yet? – Social environment Split government systems Class differences Market forces – Cost vs. Benefit

27 Future of smart cards Security of smart card is similar with the security of PC New technology help to further secure smart system – Digital display on the card Contact vs. Contactless

28 References http://www.schneier.com/paper-smart-card- threats.pdf http://www.schneier.com/paper-smart-card- threats.pdf http://en.wikipedia.org/wiki/Smart_card http://smartcard.nist.gov/faq.html

Download ppt "Smart Cards By Simon Siu and Russell Doyle Overview Size of a credit card Small embedded computer chip – Memory cards – Processor cards – Electronic."

Similar presentations

M.B.A. II SEMESTER Course No. 208 Paper No. – XVI E-Business Dr.N.C.Dhande Unit II e-business frameworks e-selling process, e-buying, e-procurement, e-payments:

M.B.A. II SEMESTER Course No. 208 Paper No. – XVI E-Business Dr.N.C.Dhande Unit II e-business frameworks e-selling process, e-buying, e-procurement, e-payments:
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Smart Card The Future Is Here… By Salman Awan. Introduction Smart cards represent a new technology that has tremendous potential for enhancing the security.

Smart Card The Future Is Here… By Salman Awan. Introduction Smart cards represent a new technology that has tremendous potential for enhancing the security.
Smart Cards MD823 October 6, 2003. The Smart Card Value Proposition Secure storage for sensitive data and monetary value Decreases fraud rates compared.

Smart Cards MD823 October 6, The Smart Card Value Proposition Secure storage for sensitive data and monetary value Decreases fraud rates compared.
Electronic Money (Micromoney) Luis Enrique Heredia Figueroa.

Electronic Money (Micromoney) Luis Enrique Heredia Figueroa.
Trusted computing: implementing virtual identity Dave Birch. Director, Consult Hyperion. Introduction  Trusted computing  TCPA & Palladium.

Trusted computing: implementing virtual identity Dave Birch. Director, Consult Hyperion. Introduction  Trusted computing  TCPA & Palladium.
Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 14 by David G. Messerschmitt.
The Impact of technology on the delivery of financial services Advancement in technology have had a profound effect on the delivery of financial services.

The Impact of technology on the delivery of financial services Advancement in technology have had a profound effect on the delivery of financial services.
Electronic Payment Systems E-Commerce. Intro to Electronic Payment Systems More than $900 billion transacted online Expected to swell to more than $3.

Electronic Payment Systems E-Commerce. Intro to Electronic Payment Systems More than $900 billion transacted online Expected to swell to more than $3.
Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.

Chapter 13 Paying Via The Net. Agenda Digital Payment Requirements Fraud Detection Online Payment Methods Online Payment Types The Future Payment.
Warm-up: April 11 What’s the difference between a checking and savings account?

Warm-up: April 11 What’s the difference between a checking and savings account?
Debit Card Plastic card that looks like a credit card

Debit Card Plastic card that looks like a credit card
LECTURE 7 REF: CHAPTER 11 ELECTRONIC COMMERCE PAYMENT SYSTEMS PREPARED BY : L. Nouf Almujally Copyright © 2010 Pearson Education, Inc. 1.

LECTURE 7 REF: CHAPTER 11 ELECTRONIC COMMERCE PAYMENT SYSTEMS PREPARED BY : L. Nouf Almujally Copyright © 2010 Pearson Education, Inc. 1.
University of Palestine Faculty of Business Administration Computer Business Application Automated Teller Machine Yosef Lubbad 120070470.

University of Palestine Faculty of Business Administration Computer Business Application Automated Teller Machine Yosef Lubbad
Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?

Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Chapter 12 Electronic Payment Systems. Electronic CommercePrentice Hall © 2006 2 The Payment Revolution A number of factors impact whether a particular.

Chapter 12 Electronic Payment Systems. Electronic CommercePrentice Hall © The Payment Revolution A number of factors impact whether a particular.
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology 20-763 Lecture 9 Micropayments I.

ELECTRONIC PAYMENT SYSTEMS FALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Lecture 9 Micropayments I.
Credit card and Debit card Working and Management.

Credit card and Debit card Working and Management.
Digital Payment Systems

Digital Payment Systems

Similar presentations

Ads by Google