smart card analysis presentation
TRANSCRIPT
-
8/10/2019 Smart Card Analysis Presentation
1/22
SMART CARD
-
8/10/2019 Smart Card Analysis Presentation
2/22
INTRODUCTION
A smart card, chip card, or integrated circuit card (ICC), isdefined as any pocket-sized card with embedded integrated
circuits which can process information. This implies that it can
receive input which is processed - by way of the ICC applications -
and delivered as an output.
The card is made of plastic, generally PVC, but sometimes ABS.The card may embed a hologram to avoid counterfeiting.
A smart card is a card that is embedded with either a
microprocessor and a memory chip or only a memory chip with
non-programmable logic.
The microprocessor card can add, delete, and otherwisemanipulate information on the card, while a memory-chip card (for
example, pre-paid phone cards) can only undertake a pre-defined
operation.
A smart cardis a card with a microchip in it. Such cards are used
as a method of identification and authentication.
-
8/10/2019 Smart Card Analysis Presentation
3/22
CH R CTERESIS OF SM RT C RD
Dimensions are normally credit card size. The ID-1 of ISO 7810
standard defines them as 85.60 53.98 mm.
Contains a security system - tamper-resistant properties (e.g. a
secure cryptoprocessor,secure file system, human-readablefeatures) and is capable of providing security services.
Asset managed by way of a central administration system which
interchanges information and configuration settings with the card
through the security system. The latter includes card hotlisting,
updates for application data. Card data is transferred to the central administration system
through card reading devices, such as ticket readers, ATMs etc.
-
8/10/2019 Smart Card Analysis Presentation
4/22
BENEFITS
Smart cards provide a means of effecting
business transactions in a flexible,
secure way with minimal humanintervention and in a standard way.Smart
cards are used as a method of
identification and authentication.
-
8/10/2019 Smart Card Analysis Presentation
5/22
HISTORY OF SM RT C RDS
The chip card was invented by German rocket scientist Helmut
Grttrup and his colleague Jrgen Dethloff in 1968; the patent was
finally approved in 1982. The first mass use of the cards was for payment in French pay
phones, starting in 1983 (Tlcarte).
Roland Moreno actually patented his first concept of the memory
card in 1974. In 1977, Michel Ugon from Honeywell Bull invented the first
microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip
Microcomputer) that defines the necessary architecture to auto-
program the chip.
Three years later, the very first "CP8" based on this
patent was produced by Motorola.
-
8/10/2019 Smart Card Analysis Presentation
6/22
A Finnish smart card, combining credit card and debit card properties.
The second use was with the integration of microchips into all French
debit cards (Carte Bleue) completed in 1992. Smart-card-based electronic purse systems (in which value is stored on
the card chip, not in an externally recorded account, so that machines
accepting the card need no network connectivity) were tried throughout
Europe from the mid-1990s.
The major boom in smart card use came in the 1990s, with theintroduction of the smart-card-based SIM used in GSM mobile phone
equipment in Europe.
The major boom in smart card use came in the 1990s, with the
introduction of the smart-card-based SIM used in GSM mobile phone
equipment in Europe. The first version of the EMV system was released in 1994.
The goal of EMVco is to assure the various financial institutions and
retailers that the specifications retain backward compatibility with the
1998 version.
-
8/10/2019 Smart Card Analysis Presentation
7/22
TYPES OF SMART CARDS
Integrated Circuit (IC) Microprocessor Cards:
Microprocessor cards (also generally referred to by the industry as "chipcards") offer greater memory storage and security of data than atraditional mag stripe card. Chip cards also can process data on the card.
The current generation of chip cards has an eight-bit processor, 16KBread-only memory, and 512 bytes of random-access memory.
Some examples of these cards are:
Cards that hold money ("stored value cards")
Card that hold money equivalents (for example, "affinity cards) Cards that provide secure access to a network
Cards that secure cellular phones from fraud
Cards that allow set-top boxes on televisions to remain secure frompiracy
-
8/10/2019 Smart Card Analysis Presentation
8/22
Integrated Circuit (IC) Memory Cards: IC memory cards can hold up to 1-4 KB of data, but have no
processor on the card with which to manipulate that data. Thus, they are dependent on the card reader (also known as the
card-accepting device) for their processing and are suitable for
uses where the card performs a fixed operation.
Optical Memory Cards: Optical memory cards look like a card with a piece of a CD glued
on top - which is basically what they are.
Optical memory cards can store up to 4 MB of data. But once
written, the data cannot be changed or removed.
Thus, this type of card is ideal for record keeping - for example
medical files, driving records, or travel histories.
-
8/10/2019 Smart Card Analysis Presentation
9/22
COMPARISON OF SMART CARDSMaximum Data
Capacity
Processing
Power
Cost of
Card
Cost of Reader
and
Connection
Magnetic Stripe
Cards
140 bytes None $0.20 - $0.75 $750
Integrated Circuit
Memory
Cards
1 Kbyte None $1 - $2.50 $500
Integrated Circuit
Processor
Cards
8 Kbytes 8-bit cpu, moving
to 16- and 32-
bit
$7-$15 $500
Optical Memory
Cards
4.9 Mbytes None $7 - $12 $3,500 - $4,000
-
8/10/2019 Smart Card Analysis Presentation
10/22
Contact smart card:
Contact smart cards have a small gold chip about 1cm by 1cm on thefront. When inserted into a reader, the chip makes contact with electricalconnectors that can read information from the chip and write informationback.
The ISO/IEC 7816and ISO/IEC 7810series of standards
define:
the physical shape
the positions and shapes of the electrical connectors
the electrical characteristics
the communications protocols the format of the commands sent to the card and the responses returned
by the card
robustness of the card
the functionality
The cards do not contain batteries; energy is supplied by the cardreader.
-
8/10/2019 Smart Card Analysis Presentation
11/22
Contactless smart card:
A second type is the contactlesssmart card, in which the chip communicateswith the card reader through RFID induction technology (at data rates of 106to 848 kbit/s).
These cards require only close proximity to an antenna to completetransaction.
The standard for contactless smart card communications is ISO/IEC 14443,dated 2001.
It defines two types of contactless cards ("A" and "B"), allows forcommunications at distances up to 10 cm.
An alternative standard for contactless smart cards is ISO 15693, whichallows communications at distances up to 50 cm.
Example of widely used contactless smart cards are Hong Kong's Octopuscard, Paris' Calypso/Navigo card and Lisbon' LisboaViva card, which predate
the ISO/IEC 14443 standard.
-
8/10/2019 Smart Card Analysis Presentation
12/22
Smart Card Standards
ISO 7816 is the international standard for Smart Cards.SIM
The introduction of smart cards for wireless communications occurred in the
early 1990s when GSM networks deployed the Subscriber Identity Module
(SIM) a security module initially deployed to provide a facility for
challenge/response authentication for GSM subscribers.
STK
The SIM evolved to incorporate the use of the SIM Toolkit (STK) - an important
API for securely loading applications to the SIM. STK allows the mobile
operator to create/provision services by loading them into the SIM without
changing anything in the GSM handset. One convenient way for loadingapplications to the SIM is over-the-air via Short Message Service (SMS).
UIM
Introduced by the CDMA Development Group and the 3GPP2, the Removable
User Identity Module (R-UIM) card represents a smart card for use with CDMA
based mobile phones.
-
8/10/2019 Smart Card Analysis Presentation
13/22
Java Card
The Java card sits on top of the smart card OS, allowing application
programmers access for deployment of services independent of the hardware
and OS of the smart card. Executable code is platform independent, meaning
that any card incorporating a Java Card interpreter can run the same
application. When coupled with the STK, the Java card allows services to load
and run on cards from different vendors.
WIM
Introduced with WAP specification 1.2, the WAP Identification Module (WIM)provides end-to-end security for WAP, improving on version 1.1 which only
provided transport security between the handset and the WAP gateway.
S@T
The SIM Alliance has proposed a SIM Alliance Toolkit (S@T) as an industry
standard for WAP based services for via any GSM phase 2+ phone that is notWAP enabled. The SIM Alliances states that one of the key benefits of S@T is
the availability of WAP based services to non-WAP phones. Furthermore, all
WAP browsers earlier than version 1.2 do not support WIM, making S@T and
an enabler of secure transactions thanks to the SIM.
-
8/10/2019 Smart Card Analysis Presentation
14/22
ApplicationsFinancial:
The applications of smart cards include their use as credit or ATM cards, in a fuel
card, SIMs for mobile phones, authorization cards for pay television, pre-payutilities in household, high-security identification and access-control cards, and
public transport and public phone payment cards. Smart cards may also be used
as electronic wallets.
Identification:
A quickly growing application is in digital identification cards. In this application, thecards are used for authentication of identity. The most common example is in
conjunction with a PKI. The smart card will store an encrypted digital certificate
issued from the PKI along with any other relevant or needed information about the
card holder.
Gujarat was the first state in India to introduce the smart card license system in
1999. To date the Gujarat Government has issued 5 million smart card driving
licenses to its people.
Other
Smart cards are widely used to protect digital television streams. See television
encryption for an overview, and VideoGuard for a specific example of how
smartcard security worked (and was cracked).
-
8/10/2019 Smart Card Analysis Presentation
15/22
Smart Cards Versus Magnetic Stripe Credit Cards
In the banking industry smart cards will be utilized to secure transactions,
in healthcare Contactcards may be used very effectively to transfer and
provide role based secure access to vital information required to save a
life. Many have argued that a mag stripe can be used the same way by
simply having identifying numbers encoded to retrieve information from theback end computer systems. This works well until you are away from the
back end system in an ER that cannot utilize the mag stripe. With contact
smart cards access requires at least two factors of authentication unless
there is an emergency then there is a privacy compliant emergency code
for first responders. If there is no card reader then the Cell Phone you carry
will more than likely contain a smart card in it, (GSM) and that phone may
be utilized as the device that authenticates and displays emergency
information about you that will save your life.
-
8/10/2019 Smart Card Analysis Presentation
16/22
Smart Card Software
Smart Card software in India:
India has established credibility globally for its excellent resources and skills at very
competitive prices. Information technology companies in India understand the
industry need for diverse applications and offer a wide range of smart card based
software services and solutions.
Smart card software solutions:
Security solutions for electronic banking platform using 3DES and PKI
cryptography, ensuring secured financial transactions Security solutions for mobile
payments using SIM/WIM cards Campus card solutions used to store and manage
identification, access control, attendance monitoring, marks card and e-cash basedpayment information Security solutions using smart card as a copy protection
device for software .Solutions for distributors and retailers of consumer goods
-
8/10/2019 Smart Card Analysis Presentation
17/22
Smart Card software services
Indian service providers offer Smart Card software services in designing,
developing and testing of solutions using Smart Cards and systems that meet
specific customer requirements on diverse hardware and software platforms.
Some areas of expertise include:
Chip operating systems
Loyalty applications
Electronic cash
Security and access controlCampus card solutions
Transportation applications
Automatic fare collection
Fleet management
RFID / IC Tags
Benefits
Indian service providers enable Corporations to reduce time-to-market and
provide higher level services. They overcome challenges by delivering strategic
services and successfully implementing Smart Card software solutions.
-
8/10/2019 Smart Card Analysis Presentation
18/22
Problems of Smart Cards
The plastic card in which the chip is embedded is fairly flexible, and the
larger the chip, the higher the probability of breaking. Smart cards are
often carried in wallets or pockets a fairly harsh environment for a chip.
Using a smart card for mass transit presents a risk for privacy, because
such a system enables the mass transit operator (and the authorities) to
track the movement of individuals.
Smart cards used for client-side identification and authentication are
the most secure way for eg. internet banking applications, but the securityis never 100% sure.
-
8/10/2019 Smart Card Analysis Presentation
19/22
Manufacturers:
Chips :
AtmelHitachi
Infineon
NXP (former Philips Semiconductors)
Samsung Electronics
Sony
STMicroelectronics
Unicore Microsystems
Cards :
ASK (contactless cards)
Gemalto
Giesecke & Devrient
ITG (contactless cards)
Oberthur Card Systems
Sagem Orga
Toppan printing
-
8/10/2019 Smart Card Analysis Presentation
20/22
A Smart Card Platform for Mobile Code:
More concretely, we propose to use a secure platform for the executionof (remote) code in a smart card which functions as follows:
The smart card implements an interpreter for mobile code written in adomain-specific language optimally supporting the intended applicationdomain.
A client such as a service provider sends messages containing so-calledscriptswritten in the domain-specific language the card-residentinterpreter understands.
The card's runtime platform executes the script, handles userinteraction, and sends back the responses to the client.
The platform implements key management facilities in order to provideend-to-end security between the client and the smart card.
Furthermore, the platform gives certain guarantees to both - code anduser - that the scripts are executed as intended and no informationleakage or secret storage manipulation can occur by malicious code oran external attacker.
-
8/10/2019 Smart Card Analysis Presentation
21/22
Flip-Chip-solutions for Smart cards and
Smart label:
The FC assembly process on substrates like PVC, specifically used in the smartcard industry, brings very high requirements in regards of maximumtemperature load and therefore on the FC assembly technology .Smart labelsare in some regards very similar to smartcards, on the other hand differentsubstrate materials are used and the pressure for low cost production is veryintense. Therefore the production and FC technology needs to be adapted from
a high end interconnection point of view to an low cost interconnection on veryinexpensive substrates in a very productive environment .
Applying an FC assembly technology yields to a new generation of WID-systems, extremely thin label. The chip operates contactlcss at a frequencystandard, e.g.13.56MHz. Reading distances depend on the chip type, theantenna on the smart label (smart label size), the reader antenna, and the
reader specification. Smart labels make it possible to store more informationthan with the widely spread barcode. These label allow automatic distribution,the control and the pursuit on-the-fly.
The user can archive his data in a non-volatile memory (EEPROM). Chipspecific options allow the user to burn in information or to lock certain memoryblocks. Other functionality can be implemented in the necessary reader
software.
-
8/10/2019 Smart Card Analysis Presentation
22/22