240 likes | 330 Views
Security & Cryptography in Distributed Systems, Fall 1998. Smart Cards. By Michael Perlov (perl7849@cs.nyu.edu). Outline of the Presentation. What is a Smart Card? Examples Case Study: IBM MultiFunction Card Smart Card Standards Additional Resources. What is a Smart Card?.
E N D
Security & Cryptography in Distributed Systems, Fall 1998 Smart Cards By Michael Perlov (perl7849@cs.nyu.edu)
Outline of the Presentation • What is a Smart Card? Examples • Case Study: IBM MultiFunction Card • Smart Card Standards • Additional Resources Smart Cards
What is a Smart Card? • Technical definition: A card formed of plastic body with an embedded integrated circuit. • The devices come in several varieties, from simple memory cards to those carrying their own microprocessors. • There are four major categories Smart Cards
Unprotected memory cards • Act as a storage medium for tokens • Carry an application code and a simple mechanism to specify the issuer of the card • Can’t perform off-line processing • Used as prepaid phone cards in France, Holland and Germany Smart Cards
Wired logic memory cards • Have built-in EPROM or EEPROM • Can be reloaded with data (like monetary value) • Contain hard-wired data protection • Examples are electronic hotel keys and new-generation phone cards used in the Benelux countries Smart Cards
Microprocessor cards • Typically have • an 8-bit microprocessor with an OS in ROM • 96 to 512 KB of RAM • 3 to 16 KB of ROM • Use EEPROM for non-volatile memory, with capacities ranging from 1 to 16 KB • Some have an additional cryptography coprocessor eith extra RAM to perform private-key (DES) and/or public-key (RSA) cryptography Smart Cards
Many cards of this type are multi-functional, providing the option of hosting several applications from various industry domains on a single card, key domains being: • Banking & Payment Systems • debit/credit • electronic purse • Health Care • health records • health insurance Smart Cards
Travel & Transportation • ticketless air travel • car rental • Electronic commerce • cyber shopping • secure access/payment via the Internet • We will look at an example of this kind of card in the case-study later on in the talk Smart Cards
Contactless cards • Antenna is embedded in the plastic • How it works: • The antenna picks up an electromagnetic signal that emanates from the reader • The signal powers the card and transmits the data • The card updates its internal state and transmits a signal back • Useful when applications require high throughput, for ex. in mass transit Smart Cards
Case Study - IBM Multifunction Card Overview • A sophisticated smart card solution, built on top of the IBM MFC (Multifunction Card) OS • The chip can be fed with data and a variety of application programs that can be updated whenever necessary • Supports private-key (DES) and public-key (RSA) cryptography Smart Cards
Physical layout Smart Cards
File system • Has a tree structure and can be compared with the file structure of a PC’s harddisk • Has the following file hierarchy: • Master Files (MF) - root directory • Dedicated Files (DF) - application directories • Elementary Files (EF) - application data files Smart Cards
Access conditions • Each file contained in the directory tree of a MultiFunction Card contains predefined access conditions assigned for each of the following access methods: • Read: read, seek, etc • Update: update, decrease, etc. • Administer: create/delete, invalidate, restore, etc. Smart Cards
The following access conditions can be specified: • Always (ALW) - access without restriction • Card Holder verification (CHV) - card holder must present his secret CHV • External Authentication (AUT) - external world must authenticate itself • Protected (ENC) - either the command or the response is shielded with a cryptogram • Never (NEV) - the data cannot be accessed under any circumstances Smart Cards
Commands supported by MFC OS • Application data commands • Read - reads data from a selected file • Select - selects a file • Update - updates a record in a data file • Append - appends a record to a file • Security commands • Get challenge - generate an 8-byte random number • Verify CHV • External authentication - authentication of the external world based on a previously generated random number and a secret key • Load key file - loads or updates cryptographic keys Smart Cards
Additional/modified commands available with public-key cryptography cards • Calculate hash • External authenticate - extension to the standard external authentication function using public-key cryptography • Generate signature - generates a digital signature based on a a card’s secret key (using RSA) • Verify signature - verifies a digital signature using a public key • Card management commands • Create file • Delete file Smart Cards
Hardware support for security functions Smart Cards
Standards Standardization plays a key role in the acceptance and growth of the smart card industry. Only the appropriate international standards can assure that a smart card fits into different card readers and terminals at different locations in the world Smart Cards
Smart card standardization is driven from two sides: • The international standards organizations (ISO, ANSI, etc) • ISO began working on standards for chip cards as early as 1983 • The foundation of virtually all existing smart card standards is ISO 7816, which specifies • physical & electrical characteristics • formats and protocols for information exchange • functions provided by smart cards Smart Cards
The industry. Key players include Mastercard, Visa, Europay, IBM, Sun and others • EMV • Specification for the application of smart cards to the payment industry • Created by Europay, Mastercard and Visa • OpenCard Framework • A set of guidelines announced by IBM, Netscape and Sun • Provides an architecture and a set of APIs for building smart card-aware solutions on OpenCard-compliant network computers Smart Cards
Consists of four major components: • CardTerminal - encapsulates all card terminal related classes • CardAgent - provides a common interface for a multitude of card operating sysetms • CardIO - provides access to the file system of a smart card • CardAgentExtension - provides non-file related smart card functionality Smart Cards
JavaCard • Is a standard set of APIs and classes that allows Java applets to run directly on a standard ISO 7816 compliant card • The specifications are announced by Sun and Visa, with the support of leading smart card suppliers • Provides all the benefits of Java - portability, security, etc. • Smart Card SDK • Developed by Microsoft • Provides a set of APIs for developers to write smart card-aware Windows applications to operate with smart card readers that conform to the specification • The first integrated smart card PCs were to begin shipping this year Smart Cards
Additional Resources • Smart Card terminology http://www.gemplus.com/basics/terms.htm • IBM Smart Card solutions http://www.chipcard.ibm.com/overview/ • JavaCard http://java.sun.com/products/javacard/ • Smart Card software develpment - Gemplus http://www.gemplus.com Smart Cards
The End Smart Cards