310 likes | 659 Views
Smart Card Technology Presented by: Jose R. Paloschavez. Agenda. History What is it? Manufactures of hardware Types of smart cards Smart Card classification What is inside the Card (Chip)? Smart Card technology OS Support Smart Card Standardization Why do we need this technology?
E N D
Agenda • History • What is it? • Manufactures of hardware • Types of smart cards • Smart Card classification • What is inside the Card (Chip)? • Smart Card technology OS Support • Smart Card Standardization • Why do we need this technology? • Advantages • Disadvantages • Emerging Smart Card Technology (IP) • Conclusion
History of Smart Card Technology • 1967 - Jürgen Dethloff invents the smart card computer • 1971 - Patent issued of solid state memory card • 1972 - 1993 Patents, standards and “security through obscurity” choke off applications and innovation • 1974 - New patent to integrate memory and CPU • 1976 - First commercial smart card created • 1983 - European phone applications & DOD military ID • 1984 - Smart Card technology in banking sector in France • 1990 - Phillips offer 512 bit RSA ex in 1.5sec • 1994 - Europay/Mastercard/Visa spec for electronic cash • 1994 - MAOSCO and Keycorp create programmable smart cards
History of Smart Card Technology • 1995 - Korea issues 1.5 million bus fare contact less smart cards • 1996 - Zeitcontrol and Schlumberger provide high-level languages. • 1996 Java launches version 1.0 • 1996 - Atlanta Olympics uses smart cards for merchants • 1996 - SGS Thompson offers RSA in 60msec • 1997 - MS plans smart card login support for Win98/NT 5.0 • 1998 - Microsoft contributes a real file system and application development tools. • 2000 - Smart cards become Internet nodes.
What is it? A typical smart card is a credit-card size embedded system containing an 8-bit microprocessor or up to 32 bits processor, ROM to hold programs such as card operating system and immutable data, EEPROM to hold customer-specific data such as user name, secret keys as well as account numbers, RAM to hold transient data during computation and serial I/O, USB or PCMCIA to communicate with the host computer through card readers.
Who manufactures the hardware? • Motorola • MSC0402 chip • ROM 23K • EEPROM 8K • RAM 384 bytes • 2ms programming • Random Number Generator (RNG) • Hitachi • H8/300 chip • ROM 16K • EEPROM 8K • RAM 512bytes • 2 I/O ports
Who manufactures the hardware? (cont) • GPM2K card by Gemplus • Modest data storage, with some security used for retail loyalty, low value purse, vending, general data storage (Health cards, ID cards, portable files) • 256 bits ROM • 1792 bits application storage
Contact interface E²PROM memory Microprocessor Contactless interface Types of Smart Cards • Contact Cards must be inserted into a reader • Contactless Cards powered by an RF signal using inductive coils • Combi-Cards can be powered by insertion or RF Compatible ISO7816-4 ISO 14443 - A (Mifare Pro) or 14443 - B (Moto / ST)
Smart Card Classification • Memory Smart Cards • Stored value cards, (pre-paid phone cards, retail, etc.) • Limited read/write capabilities • Useful when security not an overriding issue • Intelligent Smart Cards • Contain a central processing unit, 8-bit architecture • Have ability to store information • Have power to make decisions • Sophisticated protocols for read/write operations • Can implement a co-processor for arithmetic operations
Fero-Electric Random Access Memory (FRAM) • Contactless ‘walk and wave’ operation • Read & write to the card by Radio Frequency • Non-volatile: maintain data for ~10 years • Card is powered by an RF signal • Store 128-512 bytes in a card • Used mostly for access control
What Is Inside the Smart Card • Components inside a smart card • Power, Ground, Reset, Clock and I/O are the inputs of a smart card • Battery memory is possible
Smart Card Technology OS Support • *SCFS (Smart Card File System), Smart Card is considered as a a directory of a host OS • 3COM, PalmOS • *Java Virtual Machine by Sun • *Microsoft Card SDK • *MultiOS for multi-application • Friendly development environment (Compiling and Loading) at host * will discuss
Java Smart Card Technology • Java byte codes can reside in smart cards and perform predetermined tasks • A simple Java Virtual Machine is support in smart card • Simple HTTP/TCP/IP stack is support • Smart card is a server responding to requests from hosts • Possible small databases like medical records, financial information exists in smart cards • Easy to standardize, program and develop
SC49 Implementation Statistics • ROM • Java Card Interpreter 4KB • Smart Card Primitives 8KB • RAM • Java Card Interpreter 200MB • Smart Card Primitives 90MB • CPU • Java Card Interpreter 1.5 codes/sec • Smart Card Primitives 300K instrs/sec
How about Multi-application Technology? • One card can have multi-application for multiple purpose – one card is enough? • Card issuer has full control of the card and can add other applications from card service providers to smart card • Download Java Applets to smart card
Smart Card Standardization • ISO7816 (1,2,3,4) • Open Card Framework OCF1.2 • Java Card 2.0 Specification by Sun • Smart Card SDK (Microsoft)
Smart Card Standardization (cont) • ISO7816 • #1 to #3: Physical Properties: dimension , mechanical stress, power, resistant to static electronic and radiation, electronic signal and transmission protocol • #4: a set of commands across all industries to provide access, security and transmission of card data, e.g. commands to read, write and update records
Smart Card Standardization (cont) • OpenCard Framework • functions and roles of smart cards can vary widely by service • OpenCard Framework (OCF) separates terminal software into terminal specific components and card specific components, thus making it possible to add or remove components on demand • application developer simply uses the APIs provided by CardService, enabling the application to be shared across multiple platforms that support OCF
Smart Card Standardization (cont) • Java Card • Is a standard set of APIs and classes that allows Java applets to run directly on the ISO 7816 compliant cards • The specifications are announced by Sun and Visa, with the support of leading smart card suppliers • Provides all the benefits of Java – portability, security, etc.
Smart Card Standardization (cont) • Smart Card SDK • Developed by Microsoft • Provides a set of APIs for developers to write smart card-aware Windows applications to operate with smart card readers that conform to the specifications
Why do we need this technology? • Secure Technique Point Of View • Password based system (Kerberos) suffers from dictionary attack • Create a list of words, names • Derive keys from the words in the list • Obtain a <plaintext, ciphertext> pair • Decrypt ciphertext with the derived key • Smart card is able to store long random key (password) in advance and provides it as login in
Why do we need this technology? Cont. • Application Point Of View • Internet and electronic business prompts the distribution of smart card • Platform (Hardware and OS) independent programming language (Java) matches the portability of smart card • Multi-application cards make one card be able to do everything; You do not need carry student ID, driver ID, credit card, ATM card, medical card and etc
Advantages of Smart Card Technology • Tamper-resistant • Store data in smart card can be protected against unauthorized access • Loose coupling to host • Especially attractive for use as secret key storage when hosts cannot be trusted to themselves to store secret keys • Low cost • Portability
Disadvantages of Smart Card Technology • Low performance • Slow processor • Slow I/O channel • Small memory (ROM, EEPROM and RAM) • Unsuitable for computation-intensive task (cryptography) • Executable code size is strictly limited, hens OS, security algorithms and protocols should be simplified • New technologies may improve the performance • Interoperation and standardization is relatively difficult • Card specific attacks (invasive or non-invasive) • Invalid card holder • PIN + Smart Card • Biometric + Smart Card
Emerging Smart Card Technology (IP) • End-to-End Security • Standards-Based Card-Edge Interoperability • Web-Based Application Development • Direct Addressing • More Points of Acceptance • Remote Card Management • Multiple Non-Proprietary Implementations
Conclusion • Smart card modules are particularly attractive on-line identity tokens regardless of the nature of the network or the device used to connect to it. • Smallest operating system run on smart cards • Alternative to meet various security threats
References: • “How much does it cost?” http://www.gemplus.com/basics/cost.html • Jackson, William. DOD picks middleware for Common Access Cards. (DOD Computing). Government Computer News, August 26, 2002 v21 i25 p37(1). • “Java Card” http://java.sun./products/javacard/ • “Java Card: Java on Card” http://www.citi.umich.edu/projects/smartcard/JavaCard/sld002.htm • Messmer, Ellen. “Pentagon gets 'smart'; Military smart cards will access nets, encrypt data. (Government Activity)” Network World, Sept 20, 1999 p1. • Microsoft SDK. http://microsoft.com/HWDEV/TECH/input/smartcard/default.asp • Pepe, Michael. “Smart Cards Gaining Traction. (Smart Card Alliance)” Computer Reseller News, Jan 6, 2003 p55. • Smart Card Terminology. http://www.gemplus.com/basics/terms.htm
Questions? Thank You! Slide 19 of 19