July 2002, Page 12 Information Security Bulletin
: a verification function only usedduring the production process to test all inter-nal circuits for manufacturing faults.
: a continuous function thatchecks environmental conditions that could jeopardise the security of the smartcard.
: a communication function thattakes care of receiving external commands andsending back responses using a serial commu-nication protocol.
: the permanent memory of the chip. Itcan contain parts of the operating system andself test procedures. The memory size is typi-cally 32 Kb.
: the CPU’s scratch pad memory. This isused for storing temporary or intermediatedata like session keys, internal variables andstack data. The memory size is typically 1 Kb.
: non-volatile updateable memory. Itis used for storing application data like keys,PINs, balances, phone numbers and sometimesapplication or even operating system code.
: the transfer channel within the chip.All information exchanged between the vari-ous functions passes through this channel.All these functions have to be implemented onthe small surface available for smartcard chips(typically not larger than 25 mm
). Smartcardchips do follow the tendency towards miniaturi-sation that is common practice in the chip indus-try though. State-of-the-art smartcard chips usefeature sizes less than 0.2
m and up to 7 stackedlayers of metal and silicon.
Early processor cards used a monolithic softwaremodel: operating system and application func-tions were closely interwoven. Nowadays mostsmartcards use a more modular software designand also application separation. A popularsmartcard operating system is called
and uses proven security concepts from the Javalanguage. This operating system allows for flexi- ble application design. Applications can be de-veloped and loaded after card manufacturing oreven post-issuance.Modern smartcard operating systems use life-cy-cle management. This process restricts the ac-tions that can be performed in the smartcard.The system must for instance be quite open dur-ing the manufacturing process to facilitate con-figuration, but much more closed during fieldoperation to avoid fraud.Data stored within a smartcard is organised in anested file system. The EEPROM is used simi-larly to a hard disk and can contain files and di-rectories with user and application data.The cryptographic functions may be imple-mented partly in hardware, but there is always asoftware program that controls the executionand that is stored either in the permanent ornon-volatile memory.Terminals (or card readers) talk to smartcards bymeans of commands. Figure 3 shows the com-mand structure.Commands have a five-byte header followed byan optional variable-length data part. The firsttwo bytes CLA and INS specify the
. This structure allows thedefinition of 216 different commands. The nexttwo bytes P1 and P2 are
. P3indicates either the
of the data includedin the command, or the length of the requestedresponse data.Some common commands are:
: open a file or directory.
: read a file
: change the contents of a file
: authenticate the smartcardto the external world
: check a cardholder’s PIN code.Smartcards enforce access conditions to protectthe data content of files. Users (terminals) canonly access files for reading or writing if theproper access conditions are fulfilled. Access con-ditions may require PIN verification or externalauthentication. More information on smart carddesign basics can be found in .
Smartcard security threats
Smartcards are popular targets for attackers, forvarious reasons:
Successful attacks enable fraud and are valu-able; professional attackers can make a busi-ness case.
Smartcards are cheap and easy to obtain; at-tackers can easily acquire some samples fortraining.
Smartcards are portable; the attacker can easily bring them to a hostile environment and con-trol the conditions.Manufacturers are well aware of these tempta-tions and pay particular attention to secure theirproducts. In practice 100% security is never pos-sible and designers and attackers of secure sys-tems continuously challenge each other and newadvances are made.We can distinguish between three basic attack classes:
CLA INS P1 P2 P3 DATA