You are on page 1of 36

Smart Cards: Technology for Secure Management of Information

Shrikrushna S. Atkalikar TPICIT

Agenda
Machine readable plastic cards  What are smart cards  Security mechanisms  Applications  SCOSTA experience  Indian Driving License application

Plastic Cards

Visual identity application

Plain plastic card is enough Visual data also available in machine readable form No security of data

Magnetic strip (e.g. credit cards)
 

Electronic memory cards

Machine readable data Some security (vendor specific)

Smart Cards   Processor cards (and therefore memory too) Credit card size  With or without contacts.  Cards must interface to a computer or terminal through a standard card reader. .   Cards have an operating system too. The OS provides   A standard way of interchanging information An interpretation of the commands and data.

Smart Cards devices GND VCC VPP Reset I/O Clock Reserved .

What’s in a Card? CLK RST Vcc RFU GND RFU Vpp I/O .

8051 based designs are common. . Crypto-coprocessors (implementing 3DES. 1KB to 32KB EEPROM.Typical Configurations      256 bytes to 4KB RAM.. 8-bit to 16-bit CPU. RSA etc. The price of a mid-level chip when produced in bulk is less than US$1. in hardware) are optional. 8KB to 32KB ROM.

often also have biometric devices such as thumb print scanner. keypad.Smart Card Readers  Computer based readers Connect through USB or COM (Serial) ports  Dedicated terminals Usually with a small screen. printer. .

 The terminal/PC cannot directly access memory of the card   data in the card is protected from unauthorized access.Terminal/PC Card Interaction The terminal/PC sends commands to the card (through the serial line).  The card executes the command and sends back the reply. . This is what makes the card smart.

Communication mechanisms    Communication between smart card and reader is standardized  ISO 7816 standard Commands are initiated by the terminal  Interpreted by the card OS  Card state is updated  Response is given by the card.Lc Le CLA  Response from the card include 1..Le bytes followed by Response Code . Commands have the following structure INS P1 P2 Lc 1..

Security Mechanisms  Password  Card holder’s protection  Cryptographic challenge Response  Entity authentication Person’s identification  Biometric information   A combination of one or more .

 Password is sent to Card for verification.Password Verification Terminal asks the user to provide a password.  Scheme can be used to permit user authentication.   Not a person identification scheme .

Card provides the hash or cyphertext.  Primarily for the “Entity Authentication” .   Terminal can know that the card is authentic. Card needs to verify (EXTERNAL AUTH)   Terminal asks for a challenge and sends the response to card to verify Card thus know that terminal is authentic.Cryptographic verification  Terminal verify card (INTERNAL AUTH)   Terminal sends a random number to card to be hashed or encrypted using a key.

 .Biometric techniques  Finger print identification. The information can be stored in the card securely.  Photograph/IRIS pattern etc.  Features of finger prints can be kept on the card (even verified on the card) Such information is to be verified by a person.

Data storage  Data is stored in smart cards in E2PROM  Card OS provides a file structure mechanism MF File types EF EF Binary file (unstructured) DF DF EF EF DF EF Fixed size record file Variable size record file .

File Naming and Selection    Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). Parent DF . Target file specified as either:      DF name File ID SFID Relative or absolute path (sequence of File IDs). DFs may optionally have (globally unique) 16 byte name. Current DF or EF can be changed using SELECT FILE command. OS keeps tack of a current DF and a current EF.

writing.  Each file has a life cycle status indicator (LCSI). Commands for reading. one of: created.   Commands work on the current EF. Execution only if security conditions are met.. updating etc. File size and security attributes specified at creation time. activated.Basic File Related Commands   Commands for file creation. . terminated. appending records. deactivated. initialized. deletion etc.

Access control on the files  Applications may specify the access controls   A password (PIN) on the MF selection • For example SIM password in mobiles Multiple passwords can be used and levels of security access may be given  Applications may also use cryptographic authentication .

K2 or K3 EF1: Solution1: Add supervisor passwordbe modified only by Should Read: Free the DOSA/DOFA/Registrar Solution2: Allow Write: Password DOSA/DOFA/Registrar to Readable to all (P1) Verification modify EF3 EF2: Solution3: Allow both to Card holder should be able happen to modify Read: Never Write: Once EF3 (password) EF3 (password) P1 (User password) P1 (User password) P2 (sys password) EF4 (keys) K1 (DOSA’s key) K2 (DOFA’s key) K3 (Registrar’s key) Read: Never Write: Password Verification (P1) . CSE (off) 475.An example scenario (institute ID card) Read: Free What happens if the user Select: P2 verification MF EF2 (Address) #320. IIT (Res) EF1 (personal data) Name: Rajat Moona PF/Roll: 2345 Write: upon verification Security requirements: forgets his password? by K1.

Read all . Keys EF3: K1: Issue staff key K2: Admin staff key Modifiable: By issue staff. Read: all Thus library can EF1 (Issue record) Bk# dt issue dt retn Bk# dt issue dt retn Bk# dt issue dt retn Bk# dt issue dt retn develop applications independent of the rest.An example scenario (institute ID card) EF1 (personal data) EF2 (Address) MF EF3 (password) EF4 (keys) DF1 (Lib) EF2 (Privilege info) Max Duration: 20 days Max Books: 10 Reserve Collection: Yes Library manages its own keys in EF3 under DF1 Institute manages its keys and data under Modifiable: By MF admin staff.

Sends ATR (Answer to reset) Terminal sends first command to select MF Terminal prompts the user to provide password Terminal sends password for verification Terminal sends command to select MF again Terminal sends command to read EF1 Card responds with an error (because MF selection is only on password presentation) Card verifies P2. capability negotiations etc. Stores a status “P2 Verified”. Card gets power. Responds “OK” Card responds “OK” Card supplies personal data and responds “OK” .How does it all work? Card is inserted in the terminal ATR negotiations take place to set up data transfer speeds. OS boots up.

1c. Transfer money to the user’s card The terminal itself does not store any keys. Validate response with officer card (EAUTH) 2. it’s the two cards that really authenticate each other.Another Application Scenario Terminal with two card readers Banker’s card 1. User’s card 1b. Authenticate user to bank officer card: 1a. Get challenge from banker card. Authenticate officer card to passport. Obtain response for the challenge from passport (IAUTH). . Application software runs here 3. The terminal just facilitates the process.

+ authentication. Cards for “credit card” applications.  By 2007 end all credit cards will be smart.  32-bit processors and bigger memories  JAVA cards .Status of smart card deployments      Famous Gujarat Dairy card  Primarily an ID card GSM cards (SIM cards for mobiles)  Phone book etc.  EMV standard Card for e-purse applications  Bank cards Card technology has advanced  Contactless smart cards.

SCOSTA Experience   Part of E-governance initiative of the Government. Government decided to   Create Smart driving licenses/registration certificate Backend system is already in place All with their own proprietary solutions In a national case.  Various smart card vendors in the country    NIC decides to ask IIT Kanpur to help. proprietary solution was not acceptable. SCOSTA: Smart Card OS for Transport Applications .

To provide a reference implementation of this standard. Hence the OS standard is named SCOSTA. Transport Applications (Driving License and Vehicle Registration Certificate) were the pilot projects. SCOSTA is defined by IIT Kanpur along with a technical subcommittee of SCAFI (Smart Card Forum of India).Goals of this Project       To define a standard set of commands for smart cards for use in Indian applications. The OS is not really restricted to the transport applications and can be used in any ID application .

-8.  Removes ambiguities in ISO 7816.The SCOSTA Standard Based on ISO 7816-4.  Encryption/decryption and crypto checksum computation and verification using 3DES are also supported.  .  Has support for symmetric key cryptography (Triple DES algorithm) and internal and external authentication. and -9.

512 byte RAM are typical).  Government processes  Vendors and their business interests.  .  Resource Constraints – very limited memory (32 KB ROM.SCOSTA Implementation Challenges Portability – should be easy to port to different processors. Usually 8 bit processors are used.

Challenges of the application     System must work nation wide Cards are issued by the RTO RTO officials may not be all that “clean” Challans are done by police “on behalf of” RTO  “Clean”??   Challans are settled by the Judiciary. RTOs are administered by the STA  But under the Union Ministry .

Solution A robust key management scheme was needed. .  Solution was based on   Key derivations. usage counters etc.

.  Safely housed with the government. k2.  Say the keys are k1.   Instead five out of seven card scheme is used.  Keys are themselves never stored any where. k3.Solution The entire system is based on few “nation wide” generator keys. k4.

seven cards are generated and kept at 7 different locations.x3 + k5. 3. b3.x + k3. the system of equations can be solved and all k’s can be found.x4 = b If b1.x2 + k4. (x2. For robustness.. b4.. b5 are known for x = 1. b1).5 out of 7 scheme      Consider a polynomial k1 + k2. five such pairs are needed. b2. At any point in time. 2. We use the SCOSTA cards to store (x1. b2) etc. .

 .  STA keys are also generated.Operations  At RTOs. two RTO officers are required to create a DL These two work in pair.  RTO keys are generated and given in the RTO cards  STA can revalidate the usage counter.  Have a usage counter of key built in.

(but can not be deleted)  .Operations DL can be completely given by the RTO.  Some information is once writable by the police (challans) and readable by the police.  The same information is updatable by the judiciary.  Some information is public readable on the DL.

• A big security risk.Operations  Therefore the DLs must carry    Police key. Police and Judiciary. RTO keys and judiciary keys.  NIC generates the cards (and therefore master keys) for RTO. Ditto with RTO and Judiciary. . Police has a master key to generate DL specific police key. Instead these keys for the DL are card specific.

Delhi on SCOSTA cards (pilot basis)  Governments such as Jharkhand.Current State DL/RC are being issued in Calcutta. WB have already started the process rolling.  .  Various other states will follow. Gujarat. Maharastra.

in .nic.parivahan.Acknowledgements References:  Smart Card Handbook  ISO7816 standards  www.

88:55479147822097.5 %750$..:9039.75943.3/  #024.3/09073.7/ . .0 .4792  .3/.943 3.2-:9083$  ..3/39073.75947.80/43$     .08.%0$ $%$9.

071.943:83$.3/.425:9.943.84 8:554790/ ./0.7594 .3/ .70.75943.0.8:2..

 &8:.07290/ 20247 #  -90# .088478 #084:7.398 .043897.894547994 /1107039574.0308 !479..08808 '03/478.7095.088478 .0732039574.$ $%2502039.943 .-9 84:/-00.70:80/ 4.-9574.3/907-:8308839070898 .

3 .0./2389070/-90$%  :9:3/0790&3433897 .9.349-0.7088:0/-90#% #% 411..943 $89022:89473.943/0 .82.141  #%  0..9 .70/430-54.03084190.0 43-0.....38.70.38.3  .7  #% 8.7080990/-90:/.7/8.55.

020..0. .9438 :8.8-.3.80/43  0/07.4:3907809.020398.$4:943 74-:8902.8 300/0/ $4:943.

04:94180.0732039 $.70    08.0830.104:80/9904./1.03.943/0 0307.80/4310 3.020 8:80/ .0789470/.$4:943 %003970889028-.3 070  3890.7/8.7090280.94708 $.9008..

78.          1- - - - -.3/059.70343147    90889024106:.54342.3-014:3/ 0:8090$ $%.03. 9.3/.7/8.08:. 8..4:9418.9438...9/11070394.7/89489470  -   - 09.020 438/07.5..354393920 1.70 300/0/ 4774-:893088 80.0/ .9438 .700307.3-084..90/ .

0.507.4:3907 $%08./.700307.:8..078..033 90#% .0.70.7/8  $%.0.70 706:70/94.9090:8.840307..9438 9#% 8 94#% 411.370.90/ .90/.3/..90.70.7   .4:3907410-:93  #% 08. %080944735.

507./.0 .0 %08.3/70.425090.94385:-.7  -:9..-0- 9054...3349-0/0090/ .943843.-0- 9054.2031472..9438:5/.079.-0- 90:/.9438 ./.70.03-90 #% $42031472..9.38 .3-0.-0 4390 $42031472.

.3/90701470 2..77    !4.7/8 .3/ :/.89070940307.90 850.70.1.9438 %07014709082:89.890708 147#% !4.0.708 W -80.90890.7 0307.00 9949#% ..3/:/./90800814790.0.00 #% 08..1.507..54.7 . !4.7/850.3/:/.2.8.:7978 3890..

90 .:77039$9.

.7/8 549-.#.790/90574.0...8.  043$ $%.7.897.88 4.74:8490789./ 89.70...7.70-0388:0/3.073203988:.7.9 .088743 '.3/  . :.:99.908144 .

3 .3 3...7/8  5.3/.3/-44 $ 89.340/020398 #010703.7/.7..79.08 $2.