chapter 5 notes

October 17, 2012

Shervin Erfani

Fall 2012

Electronic Commerce

Chapter 5 (Part 1)

Micropayment and Stored-Value Cards

Outline

October 17, 2012 288-590-02 E-Commerce, S. Erfani

University of Windsor

• What is Micropayment?

• Smart Card Types

• Smart Cards Components

• ATM Card Cryptography

• OpenCard Framework

• RFID Tags

• Card Security Threats

• Card Manufactures and Issuance

� Octopus

� Mondex

• Summary

What is Micropayment?



� All payments less than U.S. $10 are considered micropayments.

� Aim to replace cash

� Constitute electronic purses on integrated-circuit cards

� Smart cards, Memory cards

� Recharging the electronic purse with minetaryvalue requires the intervention of a financial institution.

� Commercial Offers of micropayment systems:

� Octopus

� GeldKarte

� Chiper

� Mondex


University of Windsor4

Smart Cards

� Magnetic stripe� 3 tracks, ~140 bytes, cost $0.20-0.75

� Memory cards� 1-4 KB memory, no processor, cost $1.00-2.50

� Optical memory cards� 4 megabytes read-only (CD-like), $7-12

� Microprocessor cards

� Imbedded microprocessor� (OLD) 8-bit processor,

16 KB ROM, 512 bytes RAM

� Equivalent power to IBM XT PC

� 32-bit processors now available

SOURCE: MICHAEL I. SHAMOS, CMU

October 17, 2012

Smart Card Applications

88-590-02 E-Commerce, S. Erfani

University of Windsor5SOURCE: JEAN-JACQUES VANDEWALLE

BankingE-Government

Mass Transit

Mobile Telecommunications

PublicTelephony

W-LAN

Access control

Digital RightsManagement

EnterpriseSecurity

Retail

October 17, 2012

Why ePayment with Smart Cards?

88-590-02 E-Commerce, S. Erfani


� Objective: replace cash

� Cash is expensive to make and use

� Printing, replacement

� Anti-counterfeiting measures

� Transportation

� Security

� Cash is inconvenient

� not machine-readable

� humans carry limited amount

� risk of loss, theft

� Additional smart card benefits



Smart Card Types

USB token

Java card

Crypto card

SIM card

Memory card SOURCE: ANDREAS STEFFEN



Magnetic Stripe Cards

� Three tracks: 1 & 3 at 210 bits/inch; 2 at 75 bpi

� Start sentinel (1 char): %

� Format code (1 char): B for bank/financial

� PAN, Primary Account Number (19 char)

� Major industry identifier (1 or 2 char): 4, 5 for credit cards

� Issuer (up to 5 char)

� Individual account number (up to 12 char)

� Field separator (1 char): ^

� Name

� Field separator

� Expiration date (4 char): YYMM

� Proprietary fields, including Pin Verification Value (PVV)

Laser Optical Memory Card



Capacity: 1MB - 1GB

Microprocessor Card Adoption



SOURCE: DATAQUEST (10/2000)

0

200

400

600

800

1,000

1,200

1,400

1,600

1,800

2,000

2000 2001 2002 2003 2004

Asia Pacific

Japan

Europe

Americas

North America

1999: 500 M microprocessor cards

2004: 1750 M microprocessor cards

MILLIONS

OF CARDS

WORLDWIDE

Smart Card Structure



Contacts (8)SOURCE: SMART CARD FORUM

Epoxy

Microprocessor

Contacts

Card

(Upside-down)

Contacts:

Old (8-bit) Smart Card Architecture

October 17, 2012 1288-590-02 E-Commerce, S. Erfani University of

Windsor

EEPROM:

Electrically

Erasable

Programmable

Read-Only

Memory

SOURCE: SMART CARD FORUM

Smart Card Components (1)


Windsor

�Processors

� 8-bit, typical clock speed: 5 MHz (8-bit)

� Optional cryptographic processor

� 32-bit, clock speed 300 MHz

� 64-bit, 600 MHz

SOURCE: SUMIT DHAR



Windsor

SOURCE: SUMIT DHAR

� ROM: Read Only Memory

� Used for storing fixed programs. Holds the operating system

� Typically varies from 2KB to around 16 KB

� Once written, cannot be changed

� Occupies the least area

� PROM: Programmable Read Only Memory

� Used for loading card serial number

� Very small, typically just 32 bytes



Windsor

SOURCE: SUMIT DHAR

� EEPROM: Electrically Erasable Read Only Memory� Stores variable data

� Holds various applications and their data.

� Can be read or written to subject to permissions.

� Typically 2 - 32 KB

� RAM: Random Access Memory� Used as temporary storage.

� Erased on power off.

� Typically 128-512 bytes

Cyberflex™ Java Smart Card


Windsor


� Complete 32-bit Java run-time environment on a card

� Utilities for compiling and loading cardlets onto the card from a PC

Smart Card Architecture


WindsorSOURCE: MICHAEL I. SHAMOS, CMU

� File structure (ISO 7816-4)� Cyclic files

� Database management on a card� SCQL (Structured Card Query Language)

� Provides standardized interface

� No need to know file formatting details

How It Works: Cyclic File


Windsor

� READ gives the most recently written record

� Maximum number of records: 254

� When maximum is reached, first record is overwritten

� Record length: 1 .. 254 bytes

byte number

1 2 3 4 5 6 7 8 9

record

number

1

2

3

4

n

m

n+1st record

SOURCE: ANDREAS STEFFEN

ATM and Debit Card Cryptography


Windsor

� PIN cannot be stored anywhere in plaintext

� PIN cannot be reverse-engineered from the card or any database

� Generate a random 4-digit number (the PIN)

� Combine PIN with other data (account number) to form a data block

� Encrypt the data block using 3DES and secret bank keys

� Select several digits from the encrypted data to use as the Pin Verification Value (PVV)

Forming the Pin Verification Value



4-DIGIT

PIN

ACCOUNT

NUMBER

SECRET

BANK KEYS3DES

ENCRYPTED

DATA BLOCK

CARD HAS

ACCOUNT NUMBER

AND P V V

PIN VERIFICATION

VALUE (P V V)

SELECT 4-6 DIGITS

FROM ENCRYPTED DATA

BLOCK TO FORM P V V

Using the ATM Card


Windsor

CARD HAS

ACCOUNT NUMBER

AND PVV

ATM MACHINE READS ACCOUNT

NUMBER AND P V V

4-DIGIT

PIN

ACCOUNT

NUMBERPVV

USER TYPES PIN

MACHINE NOW HAS:

SECRET

BANK KEYS3DES

DECRYPTED

DATA BLOCK

MACHINE HAS BANK

KEYS IN HARDWARE:

PVV

COMPUTE P V V

COMPARE CARD P V V

WITH COMPUTED P V V

PV Vs MATCH?

USER IS AUTHENTIC

PV Vs DIFFERENT?

USER IS REJECTED

OpenCard Framework (OCF)


Windsor

�OpenCard Framework (OCF) implements the integration of

Smart Cards with Computer systems.

�OCF is a Java-oriented framework based on UNIX operating

system.

�OCF shields the Java applications from specifics of each smart

card or access terminals such as ATM terminal.

�OCF version 1.2 was introduced in 2000 by OpenCard

Consortium, which included IBM and Sun Microsystems.

�OCF is capable of handling several simultaneous requests for

access.

�OCF supports authentication systems that rely on reading

several cards at once.

OpenCard Framework (OCF) Implementation


Windsor

SOURCE: OPENCARD.ORG

Card Security Threats


Windsor SOURCE: GAMMA

Group 1 Group 2Group 4

Group 5

Group 6

Group 7

CAD

Clone

Future

Past

CurrentGroup 3

DIRECT ATTACKS ON

CHIP CIRCUITRYINDIRECT ATTACKS

ON CHIP CIRCUITRY

ATTACKS USING CARDS

NOT YET ISSUED, OLD

CARDS, CLONES

ATTACKS ON CARD’S

INTERFACE TO THE OUTSIDE,

E.G. PREMATURE REMOVAL

ATTACKS ON THE RUN-TIME

ENVIRONMENT THROUGH THE

CARD ACCEPTANCE DEVICE (CAD)THREATS FROM CARD APPS AND

NEED TO SHARE RESOURCES

THREATS BASED ON RTE

IMPLEMENTATION

Power and Timing Cryptanalysis


Windsor

powerconsumption

time

NOP(no operation)

MUL(multiplication)

JMP(jump)

Source: Rankl and Effing, "Handbuch der Chipkarten", 2002

Differential Power Cryptanalysis


Windsor

SMART CARD POWER CONSUMPTION

DURING DES ENCRYPTION

SOURCE: cryptography.com

16 DES ROUNDSINITIAL

PERMUTATIONFINAL

PERMUTATIONEXPANDED VIEW

OF ROUNDS 2 & 3

� Send different inputs to the Smart Card to learn details of its encryption key

� When a correct key value is tried, the algorithm responds

� Incorrect keys have zero average response

Contactless Card


Windsor27

� Communicates by radio

� Power supplied by reader

� Data rate 106 Kb/sec

� Read 2.5 ms, write 9 ms

� 8 Kb EEPROM, unlimited read, 100,000 writes

� Effective range: 10 cm, signals encrypted

� Lifetime: 2 years (data retention 10 years)

� Two-way authentication, nonces, secret keys

� Anticollision mechanism for multiple cards

� Unique card serial number

SOURCE: GEMPLUS

RFID Tags


Windsor

32mm and 23mm

capsule transponder

IC Chip

Antenna

How RFID Works1) Tag enters RF field

2) RF signal powers tag

3) Tag transmits ID, plus data

4) Reader captures data

5) Reader sends data to computer

6) Computer determines action

7) Computer instructs reader

8) Reader transmits data to tag

Computer

RFID

Reader

Antenna

Tag

SOURCE: PHILIPS

October 17, 2012

Euro Banknotes


Windsor30

� European Central Bank planned to implant RFID tags in banknotes by 2005

�Uses

� Anti-counterfeiting

� Tracking money flows

Implementation Example 1


Windsor

Implementation Example 2: Automated

Toll Collection


Windsor

Implementation Example 3: Hong Kong

Smart Cards


Windsor

� Octopus

� 12 million cards, 15,000 readers

� 7 million transactions/day

� $48M HKD per day

� Visacash

� ComPass Visa (VME)

� Mondex

� GSM SIM, ePark

Implementation: Octopus


Windsor

SONY RC-S833

CONTACTLESS SMART CARD

I/O SPEED: 211 Kbps

SONY READER/WRITER

SOURCE: SONY

Implementation: Octopus Card Features


Windsor35

� Hong Kong RFID payment card

� Operating distance: 15 cm

� Bandwidth: 211 Kb/sec

� Triple DES in 70 µµµµsec

� EEPROM 1536 bytes

� 128-byte data backup area

� 16-byte manufacturer ID; 16-byte issue ID

� Processing time: 50 msec on card, 300 msecoverall

� Random access and cyclic files

� Anti-collision protocol SOURCE: MITSUBISHI

Implementation: Octopus Card Security


Windsor36SOURCE: MITSUBISHI

Octopus Clearing


Windsor37SOURCE: SAMMY KAM

Octopus Settlement


Windsor38


MTR’S

BANK

LOAD

AGENT’S

BANK

LOAD AGENT

CENTRAL

COMPUTER

CENTRAL

CLEARING

HOUSE

SYSTEM

STATION

COMPUTER

FARE PROCESSORS

SERVICE PROVIDER

CENTRAL COMPUTERS

(SPCC)

HSBC HEXAGON

SETTLE MENT

MTR CENTRAL

COMPUTER

• MUTUAL

AUTHENTICATION

• CHECK BLACKLIST

• UPDATE CARD

• STORE TRANSACTIONS

• DISTRIBUTE SOFTWARE

• COLLECT TRANSACTIONS

• PRINT REPORTS

• SEND DATA TO SPCC

• CONSOLIDATE DATA

• PRINT REPORTS

• ROUTE DATA TO CCHS

• VALIDATE DATA

• NET ACCOUNTING

CCHS

OCTOPUS

BANK

REGULAR ACCT

BUFFER ACCT

RESERVE ACCT

Octopus Expansion


Windsor

� Identity card

� Access control

� Hotel room key

� Credit card

� McDonalds

� Mobile phone

� Home readers

SOURCE: CREATIVE STAR


Windsor

� Subsidiary of MasterCard

� Smart-card-based, stored-value card (SVC)

� NatWest (National Westminister Bank, UK) et al.

� Secret chip-to-chip transfer protocol

� Value is not in strings alone; must be on Mondexcard

� Loaded through ATM� ATM does not know transfer protocol; connects with

secure device at bank

� Spending at merchants having a Mondex value transfer terminal

Implementation: Mondex


Windsor

Mondex Overview

SOURCES: OKI, MONDEX USA


Windsor

Mondex security

�Active and dormant security software

�Security methods constantly changing

� ITSEC E6 level (military)

�VTP (Value Transfer Protocol)

�Globally unique card numbers

�Globally unique transaction numbers

�Challenge-response user identification

�Digital signatures

�MULTOS operating system

�Firewalls on the chip


Windsor

Summaryo Smart cards replace cash.

• The applications are primarily in banking, mobile telephony, and pay TV.

o Potential of cards is unexplored; new uses added every day:

• badges for access control

o Powerful microprocessors allow:

• cryptography

• certificates, authentication

• secure purses

o Wireless (contactless) cards enable new business models.

o Smart card security is not perfect.

o Several electronic purses were proposed and introduced for making micropayments.

o OCF is a java-oriented integration of integrated-circuit cards with computers.

References


Windsor

• M. H. Sherif, Protocols for Secure Electronic Commerce. Boca Raton, FL: CRC

Press LLC., 2004, Chapters 9 and 13.

• Electronic Payment Systems (20-763) Official Course Web

http://euro.ecom.cmu.edu/program/courses/tcr763/2002pgh/cards7.ppt


Windsor

chapter 5 notes

Documents