introduction to smartcards - michael perlov
DESCRIPTION
Introduction to SmartCards - Michael PerlovTRANSCRIPT
Smart CardsSmart Cards
By Michael Perlov
Security & Cryptography in Distributed Systems, Fall 1998
04/13/23 Smart Cards 2
Outline of the Presentation
• What is a Smart Card? Examples
• Case Study: IBM MultiFunction Card
• Smart Card Standards
• Additional Resources
04/13/23 Smart Cards 3
What is a Smart Card?
• Technical definition:
A card formed of plastic body with an embedded integrated circuit.
• The devices come in several varieties, from simple memory cards to those carrying their own microprocessors.
• There are four major categories
04/13/23 Smart Cards 4
Unprotected memory cards
• Act as a storage medium for tokens
• Carry an application code and a simple mechanism to specify the issuer of the card
• Can’t perform off-line processing
• Used as prepaid phone cards in France, Holland and Germany
04/13/23 Smart Cards 5
Wired logic memory cards
• Have built-in EPROM or EEPROM
• Can be reloaded with data (like monetary value)
• Contain hard-wired data protection
• Examples are electronic hotel keys and new-generation phone cards used in the Benelux countries
04/13/23 Smart Cards 6
Microprocessor cards• Typically have
– an 8-bit microprocessor with an OS in ROM – 96 to 512 KB of RAM– 3 to 16 KB of ROM– Use EEPROM for non-volatile memory, with
capacities ranging from 1 to 16 KB
• Some have an additional cryptography coprocessor eith extra RAM to perform private-key (DES) and/or public-key (RSA) cryptography
04/13/23 Smart Cards 7
• Many cards of this type are multi-functional, providing the option of hosting several applications from various industry domains on a single card, key domains being:– Banking & Payment Systems
• debit/credit
• electronic purse
– Health Care• health records
• health insurance
04/13/23 Smart Cards 8
– Travel & Transportation• ticketless air travel
• car rental
– Electronic commerce• cyber shopping
• secure access/payment via the Internet
• We will look at an example of this kind of card in the case-study later on in the talk
04/13/23 Smart Cards 9
Contactless cards
• Antenna is embedded in the plastic
• How it works:– The antenna picks up an electromagnetic signal
that emanates from the reader– The signal powers the card and transmits the
data– The card updates its internal state and transmits
a signal back
• Useful when applications require high throughput, for ex. in mass transit
04/13/23 Smart Cards 10
Case Study - IBM Multifunction Card
Overview• A sophisticated smart card solution, built on
top of the IBM MFC (Multifunction Card) OS• The chip can be fed with data and a variety of
application programs that can be updated whenever necessary
• Supports private-key (DES) and public-key (RSA) cryptography
04/13/23 Smart Cards 11
Physical layout
04/13/23 Smart Cards 12
File system
• Has a tree structure and can be compared with the file structure of a PC’s harddisk
• Has the following file hierarchy:– Master Files (MF) - root directory– Dedicated Files (DF) - application directories– Elementary Files (EF) - application data files
04/13/23 Smart Cards 13
Access conditions
• Each file contained in the directory tree of a MultiFunction Card contains predefined access conditions assigned for each of the following access methods:– Read: read, seek, etc– Update: update, decrease, etc.– Administer: create/delete, invalidate, restore,
etc.
04/13/23 Smart Cards 14
• The following access conditions can be specified:– Always (ALW) - access without restriction– Card Holder verification (CHV) - card holder
must present his secret CHV– External Authentication (AUT) - external world
must authenticate itself– Protected (ENC) - either the command or the
response is shielded with a cryptogram– Never (NEV) - the data cannot be accessed
under any circumstances
04/13/23 Smart Cards 15
Commands supported by MFC OS– Application data commands
• Read - reads data from a selected file• Select - selects a file• Update - updates a record in a data file• Append - appends a record to a file
– Security commands• Get challenge - generate an 8-byte random number• Verify CHV• External authentication - authentication of the
external world based on a previously generated random number and a secret key
• Load key file - loads or updates cryptographic keys
04/13/23 Smart Cards 16
– Additional/modified commands available with public-key cryptography cards
• Calculate hash
• External authenticate - extension to the standard external authentication function using public-key cryptography
• Generate signature - generates a digital signature based on a a card’s secret key (using RSA)
• Verify signature - verifies a digital signature using a public key
– Card management commands• Create file
• Delete file
04/13/23 Smart Cards 17
Hardware support for security functions
04/13/23 Smart Cards 18
Standards
Standardization plays a key role in the acceptance and growth of the smart card industry. Only the appropriate international standards can assure that a smart card fits into different card readers and terminals at different locations in the world
04/13/23 Smart Cards 19
Smart card standardization is driven from two sides:
• The international standards organizations (ISO, ANSI, etc)– ISO began working on standards for chip cards
as early as 1983– The foundation of virtually all existing smart
card standards is ISO 7816, which specifies• physical & electrical characteristics
• formats and protocols for information exchange
• functions provided by smart cards
04/13/23 Smart Cards 20
• The industry. Key players include Mastercard, Visa, Europay, IBM, Sun and others– EMV
• Specification for the application of smart cards to the payment industry
• Created by Europay, Mastercard and Visa
– OpenCard Framework • A set of guidelines announced by IBM, Netscape
and Sun
• Provides an architecture and a set of APIs for building smart card-aware solutions on OpenCard-compliant network computers
04/13/23 Smart Cards 21
• Consists of four major components:– CardTerminal - encapsulates all card terminal related
classes
– CardAgent - provides a common interface for a multitude of card operating sysetms
– CardIO - provides access to the file system of a smart card
– CardAgentExtension - provides non-file related smart card functionality
04/13/23 Smart Cards 22
– JavaCard• Is a standard set of APIs and classes that allows Java
applets to run directly on a standard ISO 7816 compliant card
• The specifications are announced by Sun and Visa, with the support of leading smart card suppliers
• Provides all the benefits of Java - portability, security, etc.
– Smart Card SDK• Developed by Microsoft• Provides a set of APIs for developers to write smart
card-aware Windows applications to operate with smart card readers that conform to the specification
• The first integrated smart card PCs were to begin shipping this year
04/13/23 Smart Cards 23
Additional Resources
• Smart Card terminologyhttp://www.gemplus.com/basics/terms.htm
• IBM Smart Card solutionshttp://www.chipcard.ibm.com/overview/
• JavaCardhttp://java.sun.com/products/javacard/
• Smart Card software develpment - Gemplushttp://www.gemplus.com
04/13/23 Smart Cards 24