Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Smart Card Syed Jabbar Computer Science Course: 60-520 Prof. : Dr. Imran Ahmad November 28, 2003 What is Smart Card? Smart Card A Smart Card is a credit-card sized plastic card embedded with an Integrated Circuit Chip (ICC) Integrated Circuit Chip (ICC) Only a memory chip with non-programmable logic A Microprocessor with Internal Memory Smart Card History 1974 French journalist Roland Moreno filed the first patent in France in 1974 1982 Phone cards were tested in France in 1982 1984 ATM bank cards were successfully conducted In Europe On-line verification of transactions was very expensive because of the high cost of telecommunications The Smart Card provided the verification off-line with security and low cost In USA (1987) First large-scale smart card application was implemented in USA in 1987 Why Use Smart Card Security Physical Protection: It is not impossible to open a smart card physically and access data in it. But it is much harder than tampering a workstation. Logical Protection: - Provides on-card computing platform and memory storage which assures data security - Most smart card operating systems provide Cryptographic Facilities which allows data encryption and decryption Portability Wallet size card, so it can be carried very easily separating from outside world Where Use Smart Card Authentication Medical History, Student ID Financial System For storing sensitive information: Credit Card, Bank Card Physical Access and Transportation System Door Opening, Mass Transit Environment Communications Public Telephone Card, Sim Card for cellular phone Identification For holding password through which a user is identified to a system for accessing and processing the information Network System Physical Structure Specified by International Standards Organization (ISO 7816) A smart card must be 85.60 mm wide, 53.98 mm height, and 0.76 mm thick The ICC is embedded on a plastic card, and a thin gold plate printed circuit (contact) is embedded on top of that. The communication between the chip and the Smart Card Reader is done through this printed circuit. Printed Circuit ICC Plastic Card Types of Integrated Circuit Chip Memory Card Simple memory storage device without any processing power Logic Card Memory card with additional security functions Microprocessor Card - With Embedded Microprocessor - Smart enough to offer sophisticated processing power as a processor device that offers multiple functions Communication Interface Type Contact Card Has a gold connector plate Data is transferred by physically contacting with the plate Credit Card, Debit Card Contactless Card Has an antenna coil embedded inside the card Communicates by radio frequency technology Contactless Card Parking Card Contact Card Communication Interface Type (Cont.) Hybrid Card Has two separate chips – one with contact another with contactless interface Hybrid Card Combi Card Has a single chip – with contact and contactless interface Cheaper than Hybrid Card Proximity Card Contactless Card but read-only Combi Card Contents of ICC Memory Module Read Only Memory (ROM) - Stores Operating System, Encryption Algorithms etc. - Size between 8KB and 32KB Electrically Erasable Programmable ROM (EEPROM) (Non Volatile Memory (NVM)) - Stores Business Applications - Size around 64KB Random Access Memory (RAM) - Used for fast computation and response - Size around 3KB Contents of ICC (Cont.) Central Processing Unit (CPU) - Between 8bit and 32 bit Microprocessor - Uses the instruction set Motorola 6805, Intel 8051, Hitachi H8 Input/Output (I/O) - Half-Duplex channel - Communicates with reader as Master/Slave relationship Smart Card Contacts Vcc – Power Connection (generally 5 volts) RST – Reset, used for initiating CLK – Clock Signal RFU – Reserved for Future Use GND – Ground Line VPP – High Voltage Signal to program the EEPROM I/O – Half-Duplex communication channel RFU – Reserved for Future Use Operating System Functionality is not like Windows, Unix, DOS functionality On-card commands to which the smart card responds ISO 7816 describes a wide range of standard commands that smart card can implement Most manufacturers offer cards with OS implementing some or all of these standard commands with or without manufacturer-specific extensions such as manufacturer identification number, serial number etc. File Structure Smart card file is a contiguous block of smart card memory module Most smart card operating system supports file system based on ISO 7816 standard Similar to MS-DOS and UNIX tree-structured hierarchical file system with one master file serving as root of the file system The master file may contain several sub files Smart Card Software Host Software Runs on Interface Device (IFD) or Smart Card Reader Usually written in the high-level languages such as – C, C++, Java, BASIC, COBOL, Pascal, or FORTRAN Host software sends command to the card operating system that executes on card processor and returns the results As many kinds of smart cards can be presented to the reader, the host software responses to the particular cards that included in the host software system Smart Card Software (Cont.) Card Software Runs on Smart Card itself Classified as operating system, utility, and application software Written in Assembly language Written for customizing or extending existing software for particular application, or creating a new and unique custom-built smart card It is time consuming and very expensive Java Card Java Card was introduced in October, 1996 Accepts and runs programs written in high-level programming language - Java Before Java Card the only way to write and load software on smart card was to do it by a smart card manufacturer which was very time consuming and expensive. Although some smart card manufacturers used high-level languages such as C to create card software, the capability of using these tools to program was not passed to the card issuer or cardholder. Allows developing smart card programming easily in affordable cost Does not support all features of Java language, because of the size of smart card memory Hacking Smart Card All key information of smart card is stored in the EEPROM EEPROM write operations can be affected by unusual voltages and temperatures The information can be hacked by raising or dropping the supplied voltage to the EEPROM Some chips use additional sensors that monitor characteristics of the power supplied to the chip and the programs lock the card when it detects any attack Smart Card Life-Cycle There are five main steps from smart card manufacturing to its endof-life: Step 1 ICC is created and tested by the manufacturer A unique id - Fabrication Key (FK) is added to the ICC to protect the chip from fraud modification until next step Step 2 ICC is mounted on the plastic card Connection is made between ICC and printed circuit After testing, the FK is replaced by the personalization key (PK) Physical memory access instruction is disabled Smart Card Life-Cycle (Cont.) Now the card can be accessed only by logical memory addressing Step 3 Data files and applications are written by Card Issuer Stores card holder’s identity or PIN etc. Step 4 Card’s application system and logical file access controls are activated for use Accessing card information is limited by the application’s security policies Smart Card Life-Cycle (Cont.) Step 5 Done by the application by writing the invalidation lock to the file(s) All the writing and updating operations are disabled by the operating system The read instructions may remain active for analysis purposes OR Blocks all PINS, so all the operations are blocked including reads Current Development & Research Biometric Feature Some manufacturers offer smart cards which are verified with finger-print for authentication Scanned by finger-print scanner (reader), Keyboard with built-in fingerprint sensor Useful for E-commerce, Remote access etc. Research Research is going on to implement biometric technique which will provide on-card processing for authentication Compares read finger-print with the finger-print template stored on card If authentication fails, the card will not supply its secured information Comparing with Magnetic & Optical Card Smart Card Magnetic Stripe Card Optical Card Read/write and processing technology Read/write technology Write once read many technology. Once data is written, it cannot be changed or removed Medium to reasonably high data storage capabilities Low to medium storage capabilities Comparatively high data storage capabilities Cost is higher than magnetic stripe card Low cost Almost same as Smart Card Used for storing and transaction data with on card processing Used for storing and transaction data Used for storing data Conclusion Smart card is taking place in the environment where security and authentication is main concern. Inclusion of biometric feature in smart card provides added security. Companies especially financial companies that use magnetic stripe cards, are moving towards using smart card for its security and multi-functionality. Thank You Questions ?