210 likes | 723 Views
Smart cards CSE 691 – Internet Security principles Final Project Presentation Poorvi Parikh: poorviparikh@hotmail.com Rahul Toprani: rahul_toprani@hotmail.com Introduction
E N D
Smart cards CSE 691 – Internet Security principles Final Project Presentation Poorvi Parikh: poorviparikh@hotmail.com Rahul Toprani: rahul_toprani@hotmail.com
Introduction • Smart Cards were conceived in the 1970’s and most consumers regarded them as a redundant payment mechanism when checks, credit cards and ATM cards did an adequate job for current needs. • There were a lot of unanswered questions: • What is a smart card and how does it work? • What is the use of smart cards? • Do we really need them? • Are smart cards secure? • With this project we attempt to answer these questions and get to know more about these things called ‘SMART CARDS’. Smart cards are more than collectible replacements of a wallet full of plastic cards. Unlike the read-only plastic card, the processing power of smart cards gives them the versatility needed to make payments, to configure your cell phones, TVs and video players and to connect to your computers via telephone, satellite or the Internet anytime, anywhere in the world.
Introduction (contd…) • The driving factors in the growing interest in smart cards is : • The declining cost of the smart cards. • The growing concern that the magnetic stripe cards cannot provide the protection necessary to prevent fraud and security breaches. • Today smart cards are used by millions of card users worldwide and are at work in more than 90 countries. Primarily in Europe and the far east.
What Are smart cards? A smart card is a credit-card sized plastic card embedded with an integrated circuit chip that makes it "smart". This marriage between a convenient plastic card and a microprocessor allows an immense amount of information to be stored, accessed and processed either online or offline. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader. Smart Card Structure: • The Smart Card is Generally made up of three elements: • The Plastic Card • A Printed Circuit • An Integrated Chip
What Are smart cards?(contd..) • Depending on the type of the embedded chip, smart cards can be either memory cards or processor cards. • Memory Cards: Any plastic card is made "smart" by including an IC chip. But the chip may simply be a memory storage device. Memory cards can hold information thousands times greater than a magnetic stripe card. • Processor Cards: Smart cards with a full-fledged microprocessor on board can function as a processor device that offers multiple functions such as encryption, advanced security mechanism, local data processing, complex calculation and other interactive processes.
Characteristics • Some of the key features and characteristics of smart cards are: • Cost • Reliability • Storage Capacity • Ease of use • Security • Power Source • Support Equipment Required • Susceptibility Support Equipment Required For host based operations, only a simple Card Acceptance Device (CAD) is required. Which usually costs $100 - $250, the cost decreasing with higher volumes. The costly CAD’s are handheld battery operated terminals. Reliability Cards claiming to meet International Standards Organization (ISO) specifications must achieve set test results covering drop, flexing, abrasion, concentrated load, temperature, humidity, static electricity, chemical attack, ultra-violet, X-ray, and magnetic field tests. Storage Capacity 8K – 128K bit EEPROM. For Smart Cards, 1000 bits will normally store 128 characters. With modern data compression techniques the amount of data stored on a smart card can be significantly expanded. Cost Typical costs range from $2.00 - $10.00. The per card cost increases with chips providing higher capacity and more complex capabilities; The per card cost decreases as higher volume of cards are ordered. Security Smart Cards are highly secure. Information stored on the card is difficult to duplicate or disrupt, unlike the outside storage used on magnetic stripe cards that can be easily copied. Ease of Use Smart cards are user-friendly for easy interface with intended application; handled like the familiar magnetic stripe bank card. Susceptibility Susceptible to chip damage from physical abuse, but more difficult to disrupt or damage than the magnetic stripe card. Power Source Mostly a 5V dc power source
Smart (Card) Attacks • One of the security features provided by most of the smart card operating systems, is the cryptographic facilities. They provide, • Encryption and decryption of data for the card. • Some of them can even be used to generate cryptographic keys. • The secret of the cryptographic algorithm, the keys stored, and the access control inside the smart card become the targets of attackers. • These attackers perform logical non-invasive attacks, some of them attack the card physically while others just prove their success by mathematical theorems.
Smart (Card) Attacks • Logical Attacks: • As all the key material of a smart card is stored in the electrically erasable programmable read only memory (EEPROM), the attacks can be caused mainly on the EEPROM by, • Raising the supply voltage above its design limit. • Cutting the supply voltage below its design limit. • Resetting random memory locations using ultraviolet light until the read protect bit is found. • Exploiting misfeatures in the hardware, including the manufacturer supplied ROM code. • Exploiting misfeatures in the customer written EEPROM code. • Some combination of the above. • Thus to prevent this, some of the processors implement sensors which cause an alarm when there is any environmental changes.
Smart (Card) Attacks • Physical Attacks: • The circuit chip is first removed. • The epoxy resin now visible is then dissolved using a few drops of fuming nitric acid. • The chip is then exposed and vulnerable to direct attacks. • A technique called reverse engineering of the circuit chips has been developed wherein the layout and function of the chip can be identified. Using this, the secrets held by the chip can be revealed. • Erasing the security lock bit by focusing UV light on the EPROM. • Using laser cutter microscopes to explore the chip.
aPPLICATIONs • Smart Cards has a wide spectrum of applications: • Wireless Communications • Banking and Finance • Health Care • Information Technology • Pay TV • Phone card Services • Closed Environment • Smart Tracking • Loyalty and Retail • Government Id
aPPLICATIONs Wireless Communications Smart cards provide secure user authentication, secure roaming, and a platform for value-added services in wireless communications. Presently, smart cards are used mainly in the Global System for Mobile Communications (GSM) standard in the form of a SIM card. Initially, the SIM was specified as a part of the GSM standard to secure access to the mobile network and store basic network information. As the years have passed, the role of the SIM card has become increasingly important in the wireless service chain. Today, SIM cards can be used to customize mobile phones regardless of the standard (for eg:GSM, personal communications service [PCS], satellite, digital cellular system [DCS]) SIM is the major component of the wireless market, paving the way to value-added services.
aPPLICATIONs WIRELESS COMMUNICATIONS SIM cards have several features that enhance security for wireless communications networks. SIM cards provide a secure authentication key transport container from the carrier’s authentication center to the end-user’s terminal. Their superior fraud protection is enabled by hosting the cryptographic authentication algorithm and data on the card’s microprocessor chip. SIM cards can be personal identification number (PIN) protected and include additional protection against logical attacks. With added PIN code security, SIM cards offer the same level of security used by banks for securing off-line payments.
aPPLICATIONs WIRELESS COMMUNICATIONS The SIM card’s chip can be programmed to carry multiple applications. The activation of new applications can be downloaded to the card over the air, in real time, thereby reducing the time (and cost) to market. One of the most compelling benefits of smart cards is the potential for packaging and bundling various complementary services around basic mobile telephony services. These services can greatly reduce churn and increase usage and brand recognition.
aPPLICATIONs Banking and Finance A variety of means have been implemented whereby people can load value onto a card, and use it to make payments at appropriately equipped, unattended devices. These include multiple-use tickets for public transport, and telephone cards. Since the mid-1980s, a variety of chip-based stored-value card (SVC) technologies have been developed and trialed. SVCs are attractive to merchants because they reduce cash-handling and change-counting tasks, as well as cash-holdings and the attendant risks of error, cashier theft and robbery. For consumers, the benefits include reduced 'wallet-bulge', less cash-handling and change-counting, and the scope for multiple functions within a single, convenient and familiar card. Some banks may choose to leave SVC operation to third parties, and merely handle the deposits received from merchants via scheme operators.
aPPLICATIONs Banking and Finance Credit-cards are appropriate however expensive and debit cards are relatively highly secure. Unlike 'pay-later' credit-cards and 'pay-now' debit-cards, SVCs are a 'pay-before' mechanism. Their great advantages are relative security, and simple, off-line operation. Together, these translate into low transaction costs. Many financial institutions have already perceived the scope for chip-based cards to support multiple functions rather than just one. As a result, there is a strong motivation for issuing multi-purpose payment cards, that support whatever combination of debit, credit and SVC functions the customer seeks.
aPPLICATIONs Health care Smart Cards act as a portable store of information. They have a special role in addressing some of the more difficult problems facing the health sector. Especially important is the support they can provide for the move towards a focus on the client, and on the totality of their healthcare events, preventative and curative, in community care and in hospital care. They can play an important role in, identifying individuals,carrying confidential healthcare information between care encounters, authenticating transactions, authorizing data access and file movements across a network, creating a unique electronic signature,managing personal privacy, customizing personal workstations. Healthcare user data cards are designed to carry personal data securely and to provide the holder's assent (in electronic form) to actions taken by providers (eg: billing, accessing records).
aPPLICATIONs Health care Benefits for the health care user are: Definitive, quick and easy identification - there is no possibility of confusion with anyone else, or of being linked to the wrong set(s) of medical records. Records that travel with the patient (where they are most useful), thereby assuring continuity and integrity of care, without restricting the freedom of the patient to choose when and where to go to healthcare providers (including overseas) Minimum risk of damage from, for example, drug interactions, unnecessary intervention. Empowerment and control, placing it within the power of the patient to determine who can see what parts of their personal health information.
aPPLICATIONs Health care Benefits for the health professional are: Better access to up-to-date information, enabling quicker and better standards of clinical decision-making and care, and reducing the risk of avoidable error. Reduced frustration associated with trying to find past records for the patient, and a reduction in the need to repeat work-up and tests. Security of communications, guaranteeing that transactions cannot be intercepted by third parties, and guaranteeing that messages received have not been altered and can only have come from the person purporting to have sent them. Less wasted time, and more time available to care for patients.
Conclusion Thus, we see that the smart card is an intrinsically secure device. It is a safe place to store valuable information such as private keys, account numbers, and valuable personal data such as biometrics information. The smart card can be an element of solution to a security problem in the modern world. It is estimated that there are approximately 2.8 billion smart cards in use around the world as of today. The electronic persona in the digital world will be indeed in the form of a smart card and no enterprise solutions should ignore its potential impacts on business.
references An Overview of Smart Card Security: http://home.hkstar.com/~alanchan/papers/smartCardSecurity/ Smart Cards Online: http://www.smartex.com/smartcards_guide.html Smart Card Security Information Page: http://www.geocities.com/ResearchTriangle/Lab/1578/smart.htm Gem Plus Applications: http://www.gemplus.com/app/index.htm Smart Card Basics: http://www.smartcardbasics.com/overview.html SCIA Applications: http://www.scia.org/aboutSmartCards/scapps.html
references White Paper on Smart Cards: http://cism.bus.utexas.edu/works/articles/smartcardswp.html EGOV, Government Solutions: http://egov.gov/smartgov/smart_card.html Smart card 2000: the future of IC cards Edited by: d. chaum and i. Schaumüller - bichl