Professional Documents
Culture Documents
sender receiver
Confidentiality: unauthorized disclosure of information
Integrity: unauthorized modification of
information
Authenticity: unauthorized use of service
Objective of cryptography
Key
Message Key
MAC
Authentication message encryption =?
encryption MAC
Codes (integrity)
message
Challenge Key
Electronic Key
signatures encryption
(authentication) encryption
response = ? response
Cryptographic algorithms
A smart card:
• can store data (e.g. profiles, balances, personal data)
• provides cryptographic services (e.g. authentication,
confidentiality, integrity)
• is a microcomputer Anne Doe
• Communication • Government
• Entertainment • E-commerce
• Retail • E-banking
• Transportation • Education
• Health care • Office
Physical Structure and lifecycle
Physical Structure:
three elements
The plastic card
85.60mm x 53.98mm x 0.80mm
printed circuit
integrated circuit chip
made from silicon
No flexible and particularly easy
to break
a few millimeters in size
Contains
microprocessor
ROM
RAM
EEPROM
Smart card applications (1)
• Retail • Communication
– Sale of goods – GSM
using Electronic Purses, Credit / Debit – Payphones
– Vending machines
– Loyalty programs • Transportation
– Tags & smart labels
– Public Traffic
– Parking
– Road Regulation (ERP)
• Entertainment – Car Protection
– Pay-TV
– Public event access control
Smart card applications (2)
• Healthcare • E-commerce
– Insurance data – sale of information
– Personal data – sale of products
– Personal file – sale of tickets, reservations
• E-banking
• Government – access to accounts
– Identification – to do transactions
– Passport – shares
– Driving license
Smart card applications (3)
Physical appearance:
Credit card or SIM dimensions
Contacts or contactless
What’s inside a smart card ?
Central Processing
CPU Unit:
security logic:
CPU
detecting abnormal
security conditions,
logic e.g. low voltage
What’s inside a smart card ?
serial i/o
interface
What’s inside a smart card ?
test logic:
test logic
CPU
self-test procedures
security
logic
serial i/o
interface
What’s inside a smart card ?
ROM:
test logic
CPU
– card operating system
ROM
– self-test procedures
security
– typically 16 kbytes
logic
– future 32/64 kbytes
serial i/o
interface
What’s inside a smart card ?
RAM:
test logic
CPU
‘scratch pad’ of the
ROM
processor
security
logic RAM typically 512 bytes
serial i/o future 1 kbyte
interface
What’s inside a smart card ?
EEPROM:
test logic
CPU
–cryptographic keys
ROM
–PIN code
security
logic –biometric template
RAM
–balance
serial i/o –application code
EEPROM
interface
–typically 8 kbytes
–future 32 kbytes
What’s inside a smart card ?
databus databus:
test logic
CPU
connection between
ROM
elements of the chip
security
logic RAM 8 or 16 bits wide
serial i/o
interface EEPROM
Basic smart card security features
• Hardware
– closed package
– memory encapsulation
– security logic (sensors)
• Software
– decoupling applications and operating system
– application separation (Java card)
– restricted file access
– life cycle control
– various cryptographic algorithms and protocols
Smart card attacks
Side
Internal Channel
Attacks Attacks
Logical Attacks
Reverse engineering
Logical attacks
Communication
Command scan
File system scan
Invalid / inopportune requests
Crypt-analysis and protocol abuse
Logical attack counter measures
• Command scan
– limit command availability
– restrict and verify command coding
– life cycle management
• File system scan
– restrict file access
– test file access mechanisms (PIN. AUT, etc)
• Invalid / inopportune requests
– exclude non-valid behaviour
– verify conformance
• Crypt analysis and protocol abuse
– publish algorithms and initiate public discussion
– evaluate crypto algorithm and protocol
Side channel
Attacks
Use of ‘hidden’ signals
electromagnetic emission
power consumption
timing
Insertion of signals
power glitches
electromagnetic pulses
Conclusions