Download Smart Card

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
Smart Card
Syed Jabbar
Computer Science
Course: 60-520
Prof. : Dr. Imran Ahmad
November 28, 2003
What is Smart Card?
Smart Card
A Smart Card is a credit-card
sized plastic card embedded
with an Integrated Circuit
Chip (ICC)
Integrated Circuit Chip (ICC)
Only a memory chip with non-programmable logic
A Microprocessor with Internal Memory
Smart Card History
1974
French journalist Roland Moreno filed the first patent in France in
1974
1982
Phone cards were tested in France in 1982
1984
ATM bank cards were successfully conducted
In Europe
On-line verification of transactions was very expensive because of
the high cost of telecommunications
The Smart Card provided the verification off-line with security and
low cost
In USA (1987)
First large-scale smart card application was implemented in USA
in 1987
Why Use Smart Card
Security
Physical Protection:
It is not impossible to open a smart card physically and access
data in it. But it is much harder than tampering a workstation.
Logical Protection:
- Provides on-card computing platform and memory storage
which assures data security
- Most smart card operating systems provide Cryptographic
Facilities which allows data encryption and decryption
Portability
Wallet size card, so it can be carried very easily separating from
outside world
Where Use Smart Card
Authentication
Medical History, Student ID
Financial System
For storing sensitive information:
Credit Card, Bank Card
Physical Access and Transportation System
Door Opening, Mass Transit Environment
Communications
Public Telephone Card, Sim Card for cellular phone
Identification
For holding password through which a user is identified to a
system for accessing and processing the information
Network System
Physical Structure
Specified by International Standards
Organization (ISO 7816)
A smart card must be 85.60 mm wide,
53.98 mm height, and 0.76 mm thick
The ICC is embedded on a plastic
card, and a thin gold plate printed
circuit (contact) is embedded on top
of that.
The communication between the chip
and the Smart Card Reader is done
through this printed circuit.
Printed Circuit
ICC
Plastic Card
Types of Integrated Circuit Chip
Memory Card
Simple memory storage device without any
processing power
Logic Card
Memory card with additional security functions
Microprocessor Card
- With Embedded Microprocessor
- Smart enough to offer sophisticated processing
power as a processor device that offers multiple
functions
Communication Interface Type
Contact Card
Has a gold connector plate
Data is transferred by
physically contacting with the
plate
Credit Card, Debit Card
Contactless Card
Has an antenna coil embedded
inside the card
Communicates by radio
frequency technology
Contactless Card
Parking Card
Contact Card
Communication Interface Type (Cont.)
Hybrid Card
Has two separate chips – one
with contact another with
contactless interface
Hybrid Card
Combi Card
Has a single chip – with contact
and contactless interface
Cheaper than Hybrid Card
Proximity Card
Contactless Card but read-only
Combi Card
Contents of ICC
Memory Module
Read Only Memory (ROM)
- Stores Operating System, Encryption Algorithms etc.
- Size between 8KB and 32KB
Electrically Erasable Programmable ROM
(EEPROM) (Non Volatile Memory (NVM))
- Stores Business Applications
- Size around 64KB
Random Access Memory (RAM)
- Used for fast computation and response
- Size around 3KB
Contents of ICC (Cont.)
Central Processing Unit (CPU)
- Between 8bit and 32 bit Microprocessor
- Uses the instruction set Motorola 6805, Intel 8051, Hitachi H8
Input/Output (I/O)
- Half-Duplex channel
- Communicates with reader as Master/Slave relationship
Smart Card Contacts
Vcc – Power Connection
(generally 5 volts)
RST – Reset, used for initiating
CLK – Clock Signal
RFU – Reserved for Future Use
GND – Ground Line
VPP – High Voltage Signal to
program the EEPROM
I/O – Half-Duplex
communication channel
RFU – Reserved for Future Use
Operating System
Functionality is not like Windows, Unix, DOS
functionality
On-card commands to which the smart card responds
ISO 7816 describes a wide range of standard commands
that smart card can implement
Most manufacturers offer cards with OS implementing
some or all of these standard commands with or without
manufacturer-specific extensions such as manufacturer
identification number, serial number etc.
File Structure
Smart card file is a contiguous block of smart card memory module
Most smart card operating system supports file system based on ISO
7816 standard
Similar to MS-DOS and UNIX tree-structured hierarchical file
system with one master file serving as root of the file system
The master file may contain several sub files
Smart Card Software
Host Software
Runs on Interface Device (IFD) or Smart Card Reader
Usually written in the high-level languages such as – C, C++,
Java, BASIC, COBOL, Pascal, or FORTRAN
Host software sends command to the card operating system
that executes on card processor and returns the results
As many kinds of smart cards can be presented to the reader,
the host software responses to the particular cards that
included in the host software system
Smart Card Software (Cont.)
Card Software
Runs on Smart Card itself
Classified as operating system, utility, and application
software
Written in Assembly language
Written for customizing or extending existing software for
particular application, or creating a new and unique
custom-built smart card
It is time consuming and very expensive
Java Card
Java Card was introduced in October, 1996
Accepts and runs programs written in high-level programming
language - Java
Before Java Card the only way to write and load software on smart
card was to do it by a smart card manufacturer which was very time
consuming and expensive.
Although some smart card manufacturers used high-level languages
such as C to create card software, the capability of using these tools
to program was not passed to the card issuer or cardholder.
Allows developing smart card programming easily in affordable cost
Does not support all features of Java language, because of the size of
smart card memory
Hacking Smart Card
All key information of smart card is stored in the
EEPROM
EEPROM write operations can be affected by unusual
voltages and temperatures
The information can be hacked by raising or dropping
the supplied voltage to the EEPROM
Some chips use additional sensors that monitor
characteristics of the power supplied to the chip and the
programs lock the card when it detects any attack
Smart Card Life-Cycle
There are five main steps from smart card manufacturing to its endof-life:
Step 1
ICC is created and tested by the manufacturer
A unique id - Fabrication Key (FK) is added to the ICC to protect
the chip from fraud modification until next step
Step 2
ICC is mounted on the plastic card
Connection is made between ICC and printed circuit
After testing, the FK is replaced by the personalization key (PK)
Physical memory access instruction is disabled
Smart Card Life-Cycle (Cont.)
Now the card can be accessed only by logical memory addressing
Step 3
Data files and applications are written by Card Issuer
Stores card holder’s identity or PIN etc.
Step 4
Card’s application system and logical file access controls are
activated for use
Accessing card information is limited by the application’s
security policies
Smart Card Life-Cycle (Cont.)
Step 5
Done by the application by writing the invalidation lock to the
file(s)
All the writing and updating operations are disabled by the
operating system
The read instructions may remain active for analysis purposes
OR
Blocks all PINS, so all the operations are blocked including
reads
Current Development & Research
Biometric Feature
Some manufacturers offer smart cards which are verified with
finger-print for authentication
Scanned by finger-print scanner (reader), Keyboard with built-in
fingerprint sensor
Useful for E-commerce, Remote access etc.
Research
Research is going on to implement biometric technique which will
provide on-card processing for authentication
Compares read finger-print with the finger-print template stored on
card
If authentication fails, the card will not supply its secured
information
Comparing with Magnetic & Optical Card
Smart Card
Magnetic Stripe Card
Optical Card
Read/write and
processing
technology
Read/write technology
Write once read many
technology. Once data is
written, it cannot be
changed or removed
Medium to
reasonably high data
storage capabilities
Low to medium storage
capabilities
Comparatively high data
storage capabilities
Cost is higher than
magnetic stripe card
Low cost
Almost same as Smart
Card
Used for storing and
transaction data with
on card processing
Used for storing and
transaction data
Used for storing data
Conclusion
Smart card is taking place in the environment where
security and authentication is main concern.
Inclusion of biometric feature in smart card
provides added security.
Companies especially financial companies that use
magnetic stripe cards, are moving towards using
smart card for its security and multi-functionality.
Thank You
Questions ?