1 / 23

Smart Card Introduction

Smart Card Introduction. Pieter Hartel. ( Read: K. M. Shelfer, J. D. Procaccino, Smart Card Evolution, CACM 45(7):83-88, Jul. 2002; D. Huseman, The Smart Card, IEEE Concurrency 7(2):24-27, Apr. 1999; D. Praca, C. Barral, From smart cards to smart objects,

kirk-moon
Download Presentation

Smart Card Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Card Introduction Pieter Hartel ( Read: K. M. Shelfer, J. D. Procaccino, Smart Card Evolution, CACM 45(7):83-88, Jul. 2002; D. Huseman, The Smart Card, IEEE Concurrency 7(2):24-27, Apr. 1999; D. Praca, C. Barral, From smart cards to smart objects, Computer Networks, 36(4):381-389, Jul. 2001; Ch14 of R. Anderson, Security Engineering, Wiley, 2001)

  2. Overview • Past: Phone card • Present: Java Card • Future: Multi function card

  3. History • Dethloff (1968), Arimura (1970), Moreno (1974) • First chip by Motorola & Bull (1977) • France Telecom phone card (1984) • Java Card (1995) • SCIA: 2.8 Billion cards (2000)

  4. Form factors 53.98 mm 85.6 mm 0.76 mm

  5. Gartner Group

  6. What makes the card smart? • CPU (8-bit, 16/23 bit) • Memory (RAM, ROM, EEPROM/Flash) • I/O channel (Contact/Contact less) • Cryptographic co-processor • On card devices (Fingerprint, display) • Standards (ISO 7816, GSM, EMV, VOP, CEPS)

  7. A variety of terminals • Embedded system • Standards (ISO 7816, PC/SC, OCF)

  8. Applications • Bank card (*) • GSM SIM card > 200 Million (EU) • Health card > 100 Million (D, F) • Pay-TV > 100? Million (*) • ID card > 5 Million (USA) • Transport (HK) • Campus card (UK,…)

  9. Considerations for use? • Value to be protected • On-line / off-line -- Mondex • What do we trust? • Management & flexibility • Tamper resistance • Mobility • Cost

  10. Security features • Symmetric crypto fast • Asymmetric crypto slow • Hardware random number generator • Hardware tamper resistance (passive, active)

  11. Research issues How many cards do you Have? Own? • Who owns the card? • Which logo? • Backups? • Privacy? • Attacks

  12. Attacks – not specifically on smart cards • Operational problems: • Blackmail • Burglary • Bribery • Software bugs • Hardware attacks

  13. Attacker classification (IBM) • I: Clever outsiders • II: Knowledgeable insiders • III: Funded Organisations

  14. Low cost attacks (I) • Stop cancellation messages • Block EEPROM writes by isolating Vpp • Single step the processor

  15. Sophisticated attacks (II or I) • Focused Ion beam • Microscope • Milling • Deposit conductors & Insulators • Can be rented for few hundred $ per hour

  16. Protection • Know what to protect • Procedures • Protocols • Know who your opponents are • Security by obscurity does not work

  17. Software • Java Card (to be continued) • Smart Cards for Windows • Basic card • Mondex • Proprietary

  18. Future • Display • Biometrics • 32-bit CPU • Large memory • Battery • Comms

  19. Communication • ISO 7816-4: typically 9600 bps • USB: PC based • Bluetooth: power www.fingerchip.com

  20. Displays • Plastic/ glass • Emissive/ non-emissive • Refresh/ bi-stable • Segment/ dot-matrix/ graphic • Problems: connections, yield, power, thickness

  21. Clock & Power • Cristal 0.6 mm/ MEMS • Problems: thickness, power density, when to recharge

  22. Conclusions • Affordable tamper resistance technology • Versatile technology • Getting it right is difficult

  23. Assignment • Do you have a problem that smartcards can help solve? • Each to write idea(s) on post-it • Group post-its • Give the requirements • Sketch a specification • Calculate the cost

More Related