know about Smart Cards...

By- Aniket Sharma

2818094
 What are the threats ?

sender receiver
Confidentiality: unauthorized disclosure of information
Integrity: unauthorized modification of
information
Authenticity: unauthorized use of service
 Objective of cryptography

• Giving trust in:

– authenticity of message and/or sender
– integrity of message
– (sometimes) confidentiality of message
• by using an algorithm based on a secret shared
between participants in a scheme.
 Cryptographic services
Key Key
Encryption
(confidentiality) message encryption decryption message

Key
Message Key
MAC
Authentication message encryption =?
encryption MAC
Codes (integrity)
message

Challenge Key
Electronic Key
signatures encryption
(authentication) encryption

response = ? response
 Cryptographic algorithms

• transposition (mixing character sequence)

• substitution (changing characters)
• poly-alphabetic substitution (Viginere, Hagelin)
 Smart card concepts

A smart card:
• can store data (e.g. profiles, balances, personal data)
• provides cryptographic services (e.g. authentication,
confidentiality, integrity)
• is a microcomputer Anne Doe

• is small and personal

• is a secure device 1234 5678 8910
 Smart card application area’s

• Communication • Government
• Entertainment • E-commerce
• Retail • E-banking
• Transportation • Education
• Health care • Office
 Physical Structure and lifecycle
Physical Structure:
three elements
The plastic card
85.60mm x 53.98mm x 0.80mm
printed circuit
integrated circuit chip
made from silicon
No flexible and particularly easy
to break
a few millimeters in size
Contains
microprocessor
ROM
RAM
EEPROM
 Smart card applications (1)

• Retail • Communication
– Sale of goods – GSM
using Electronic Purses, Credit / Debit – Payphones
– Vending machines
– Loyalty programs • Transportation
– Tags & smart labels
– Public Traffic
– Parking
– Road Regulation (ERP)
• Entertainment – Car Protection
– Pay-TV
– Public event access control
 Smart card applications (2)

• Healthcare • E-commerce
– Insurance data – sale of information
– Personal data – sale of products
– Personal file – sale of tickets, reservations

• E-banking
• Government – access to accounts
– Identification – to do transactions
– Passport – shares
– Driving license
 Smart card applications (3)

• Educational facilities • Office

– Physical access
– Network access
– Personal data (results)
– Copiers, vending machines,
restaurants, ...
– Physical access
– Network access
– Time registration
– Secure e-mail & Web applications
 Smart card architecture

Physical appearance:
Credit card or SIM dimensions
Contacts or contactless
 What’s inside a smart card ?

Central Processing
CPU Unit:

heart of the chip

 What’s inside a smart card ?

security logic:
CPU
detecting abnormal
security conditions,
logic e.g. low voltage
 What’s inside a smart card ?

serial i/o interface:

CPU
contact to the outside
world
security
logic

serial i/o
interface
 What’s inside a smart card ?

test logic:
test logic
CPU
self-test procedures
security
logic

serial i/o
interface
 What’s inside a smart card ?

ROM:
test logic
CPU
– card operating system
ROM
– self-test procedures
security
– typically 16 kbytes
logic
– future 32/64 kbytes
serial i/o
interface
 What’s inside a smart card ?

RAM:
test logic
CPU
‘scratch pad’ of the
ROM
processor
security
logic RAM typically 512 bytes
serial i/o future 1 kbyte
interface
 What’s inside a smart card ?

EEPROM:
test logic
CPU
–cryptographic keys
ROM
–PIN code
security
logic –biometric template
RAM
–balance
serial i/o –application code
EEPROM
interface
–typically 8 kbytes
–future 32 kbytes
 What’s inside a smart card ?

databus databus:
test logic
CPU
connection between
ROM
elements of the chip
security
logic RAM 8 or 16 bits wide
serial i/o
interface EEPROM
 Basic smart card security features

• Hardware
– closed package
– memory encapsulation
– security logic (sensors)

• Software
– decoupling applications and operating system
– application separation (Java card)
– restricted file access
– life cycle control
– various cryptographic algorithms and protocols
 Smart card attacks
Side
Internal Channel
Attacks Attacks

Logical Attacks
Reverse engineering
 Logical attacks

Communication

Command scan
File system scan
Invalid / inopportune requests
Crypt-analysis and protocol abuse
 Logical attack counter measures
• Command scan
– limit command availability
– restrict and verify command coding
– life cycle management
• File system scan
– restrict file access
– test file access mechanisms (PIN. AUT, etc)
• Invalid / inopportune requests
– exclude non-valid behaviour
– verify conformance
• Crypt analysis and protocol abuse
– publish algorithms and initiate public discussion
– evaluate crypto algorithm and protocol
 Side channel
Attacks
Use of ‘hidden’ signals
electromagnetic emission
power consumption
timing
Insertion of signals
power glitches
electromagnetic pulses
 Conclusions

• Smart card technology is emerging, applications are

everywhere
• Smart cards enhance service and security
• Perfect security does not exist, even not for smart cards
• Risk analysis is essential
Thank you