Introduction to smart cards
Boldizsár BENCSÁTH
Budapest University of Technology and Economics
Laboratory of Cryptography and Systems Security
http://www.crysys.hu/
Laboratory of Cryptography and Systems Security,
BME, Híradástechnikai Tanszék
Budapest University of TE
Boldizsár BENCSÁTH, 2004
1
Topics
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
-From the magnetic stripe cards to the intelligent chip cards
-What is the security of the smart card?
-contact and contactless cards
-contact smartcard: ISO 7816
-contactless cards: close-coupled,proximity,vicinity
-Applications
-Banking, AFC, ID, RFID, Digital Signature
-Smart Card file system (ISO7816)
-Multi-application smart cards
-Structure of a Java Card
-Sample Java Card application
-Pitfalls of the smart card development
-PC/SC, Cryptoapi and PKCS#11
-Attacks against smart cards: direct manipulation, side channel, logical
-Smart card as the part of the system
-Typical available smart cards
..
Budapest University of TE
Boldizsár BENCSÁTH, 2004
2
What is a processor card?
(intelligent card, smart card)
ISO 7816
Budapest University of TE
Boldizsár BENCSÁTH, 2004
3
Card types
• Basic card type: storage card
–
–
–
–
Magnetic storage card
Bar code
Laser storage
Electronic storage card (“chip card”, simple RFID tag,
etc.)
• Card with wired logic, “file system” cards: Basic
authentication function based on stored data.
“Configurable”, “sometimes crypto capable”
• Processor based cards: programmable or
reprogrammable
Budapest University of TE
Boldizsár BENCSÁTH, 2004
4
The goal of using smart cards
• Secure data storage (only authorized reader can
read the data back)
• Secure signature creation (the key won’t leave the
chip)
• Identification of the owner
The card is a well defined TRUSTED environment,
manipulation, cloning of a proper card is a hard
task.
The goals above are hard to solve in a standard
computer (PC)
Budapest University of TE
Boldizsár BENCSÁTH, 2004
5
Storage card (e.g. magnetic)
Processor-based card
•Data Storage only
(might be encrypted!)
•Stores data and can
manipulate the data
•Data is directly
read/writable
•Like a storage unit
(~floppy disk)
Budapest University of TE
Boldizsár BENCSÁTH, 2004
•Every function can be
accessed through
authorization process
•Like a secure
microcomputer
6
Wired-logic cards
• Access is controlled by keys/access bits
stored on the card
• Some cryptographic functions can also be
available on the card
• Strict structure for memory usage etc.
• Not as flexible as a programmable card (e.g.
javacard)
• might be o.k. for many applications
• can be crypto capable
Budapest University of TE
Boldizsár BENCSÁTH, 2004
7
Contact and contactless cards
• Contact based processor (smart) cards:
standardized by ISO 7816 1-15:
(Physical dimensions, eletrical properties, transfer protocol,
data units, security functions)
Contactless cards: Various standards.
Close-coupled (0-10mm), ISO 10536
Proximity cards: ISO 14443, 0-10cm, “100 millions”
(106kbps 13,56MHz)
Vicinity cards: ISO 15693 10cm-1,5m e.g. parking.
(smart label: ISO 15693, animal id ISO 14223, etc.)
Budapest University of TE
Boldizsár BENCSÁTH, 2004
8
Hybrid and dual cards
• Hybrid card: A single chip with both contact
and contactless interface
• Dual card: Two-in one. Two chips, a
contactless and one chip with contact.
Budapest University of TE
Boldizsár BENCSÁTH, 2004
9
Deployment
• Chip producer (makes the chip)
• Operating System programmer (e.g. java virtual
machine)
• Card producer ( plastic body, printing)
• Card provider/owner
• User
• The card is modified (programmed) according to
the needs of the provider, owner
• Personalization: The information of the user (card
holder) is uploaded on the card, name, photo is
printed, PKI certificate is installed etc.
Budapest University of TE
Boldizsár BENCSÁTH, 2004
10
Applications
•
•
•
•
•
•
•
•
•
•
Banking card (Contact card, RSA, etc.)
GSM SIM
Loyalty card
E-purse
AFC (Automative Fare Collection – Mass transit, parking,
etc) (fast, contactless card, simple functions)
Identification (entry systems, etc.)
EID (national ID cards)
Electronic/digital signature generation (Contact card, RSA,
etc.)
Pay TV
etc.
Budapest University of TE
Boldizsár BENCSÁTH, 2004
11
Inside the card
RAM
8-bit
CPU
(~256-512 byte)
EEPROM
(~16-64 kilobyte)
ROM
(operating system)
Budapest University of TE
Boldizsár BENCSÁTH, 2004
~1MHz
12
A dual interface card: Mifare ProX
Budapest University of TE
Boldizsár BENCSÁTH, 2004
13
Smart Card File System (ISO 7816)
MF (Master File, 0x3F00
Dedicated File (DF) 1
Elementary File (EF) 1
DF3
EF2
DF2
EF3
EF4
EF,DF,MF: FID – File ID
DF: can have a “name” also
DF: like an APPLICATION(!)
Every file can have access
conditions, PIN auth. etc.
Budapest University of TE
Boldizsár BENCSÁTH, 2004
14
APDU
• Data transfer in ISO 7816 (contact sc.) is based on
APDU (application protocol data unit)
CLA
INS
P1
parameter1
Class of
the instruction
code of the
instruction
answer:
DATA
P2
SW1
LC
DATA
LE
length of data sent
parameter2
data
length of
expected
answer
SW2
Status word. 0x9000: Everything O.K.
Budapest University of TE
Boldizsár BENCSÁTH, 2004
15
Important APDU commands
•
•
•
•
•
•
•
•
•
Select File
Read/Write/Update/Erase Binary
Read/Update/… Record
Get Response
Verify (PIN),
Change Reference Data,
Reset Retry Counter
Manage Security Environment
Perform Security Operation (pl.: Hash, Digital
Signature, stb.)
• …
Budapest University of TE
Boldizsár BENCSÁTH, 2004
16
Sample. Selecting MF
length
• Command:
00 A4
00
00
select file
select DF or EF by FID?
• Answer:
90 00
02
3F 00
FID
Type 3
minden rendben
Budapest University of TE
Boldizsár BENCSÁTH, 2004
17
Reading 8 bytes from File ‘1234’
• Select the DF with FID ‘20 00’:
00
A4
00
00
02
20 00
• Select the EF with FID ’12 34’ :
00
A4
02
00
02
00
LE
12 34
• reading 8 bytes:
00
B0
00
90
00
11 22 33 44 55 66 77 88
Budapest University of TE
Boldizsár BENCSÁTH, 2004
18
Digital Signature with HUNEID
• Identify with PIN (Verify)
00 20 00 84 04 ‘1’:’2’:’3’:’4’
• Select signing key (MSE)
00 22 41 B6 03 84 01 84
• Signature (PSO: Compute Digital Signature)
00
2A
90
00
Budapest University of TE
9E
9A
14
20=0x14 hash
80
128 = 0x80 byte sign.
Boldizsár BENCSÁTH, 2004
19
Sample APDU sequence
1. Reset card (response: ATR, answer to reset)
2. Select AID (Selecting our application on the
card, SW:0x9000)
3. Select MF (file id: 0x3F00) SW:0x9000
4. Select DF (0x????) SW:0x9000
5. Select EF (0x????) SW:0x9000
6. Read Binary (length expected, Le: 20)
answer: SW: 0x6c10 + data. The file length is only
16 bytes, here-is-the-data.
…
Budapest University of TE
Boldizsár BENCSÁTH, 2004
20
Transaction in Philips Mifare (AFC)
card (contactless, wired logic)
Budapest University of TE
Boldizsár BENCSÁTH, 2004
21
Multi-application java card
Applet #1
Applet #2
Applet #3
loyalty
ID card
credit card
Java Virtual Machine
Natív applications
Card OS
Budapest University of TE
Boldizsár BENCSÁTH, 2004
22
Java Card structure
Budapest University of TE
Boldizsár BENCSÁTH, 2004
23
package hu.crysys.javacardmeres;
import javacard.framework.*;
import javacard.security.*;
public class SkeletonApplet extends javacard.framework.Applet {
// constructor, called by “install”
private SkeletonApplet()
{
register();}
// called when installing an instance of our application
public static void install(byte buffer[],short offset,byte length)
{
// creating instance (once-in-a-card)
new SkeletonApplet();
}
// called when selecting our applet with
// 00 A4 04 00 AIDlength AID
// APDU-val
public boolean select()
{
// e.g. exit by PIN
return true;
} … ….
Budapest University of TE
Boldizsár BENCSÁTH, 2004
24
public void process(APDU apdu)
{
byte buffer[] = apdu.getBuffer();
if (selectingApplet())
{ ISOException.throwIt(ISO7816.SW_NO_ERROR); }
//branch according to the command received
switch( buffer[ISO7816.OFFSET_INS] )
{
case 0: blahblahblah…
ISOException.throwIt ((short)0x9000);
case 2:
ISOException.throwIt ((short)0x9002);
case 4:
ISOException.throwIt ((short)0x9004);
default:
ISOException.throwIt
(ISO7816.SW_INS_NOT_SUPPORTED);
}
} // process function ends
} // SkeletonApplet ends
Budapest University of TE
Boldizsár BENCSÁTH, 2004
25
Security issues using smart cards
C:>_
Protection of
the chip
Validity of the
programs
Program #1
Terminal and
communication
with the card
Budapest University of TE
Program #2
Multiple
application on the
same card
Boldizsár BENCSÁTH, 2004
26
„Side channel” attacks
Input
(e.g. document
to be signed)
We gain information
(sometimes only bits)
about
keys, protected data
protected
data
crypto
keys
•
•
•
•
•
Budapest University of TE
analysis of the timing
analysis of th epower
electromagnetic fields
analysis of the output of a manipulated
card
…
Boldizsár BENCSÁTH, 2004
27
Application on the terminal
GSC OCF CAPI/CSP PKCS#11
PC/SC layer
Terminal
driver of SC reader
SC reader
PKCS#15
Budapest University of TE
Boldizsár BENCSÁTH, 2004
28
PKCS 11 és 15
• PKCS#11 is a generic C library for using a
card az a “crypto-token”.
• PKCS#15 describes the data structure of a
crypto token. E.g. One can find the PINs,
certificates on the card. (e.g. there is no
standard FID for certificate, but the
PKCS#15 “directory” can tell us where is it)
Budapest University of TE
Boldizsár BENCSÁTH, 2004
29
PKCS #15 data objects
Budapest University of TE
Boldizsár BENCSÁTH, 2004
30
PKCS #15 directory structure
Budapest University of TE
Boldizsár BENCSÁTH, 2004
31
PKCS #15 references
Budapest University of TE
Boldizsár BENCSÁTH, 2004
32
PKCS#11 (Cryptoki)
•
•
•
•
•
•
Interface for the application
needs a „Token-drivert” for every card
ANSI C
Widely deployed (Netscape, Mozilla)
Login/Logout, Security Officer / User
Multiple token at once, multiple application
can reach the token at the same time
Budapest University of TE
Boldizsár BENCSÁTH, 2004
33
Functions of PKCS#11
• Standard functions
(initialization, etc.)
• Dealing with slots and tokens (readers,
cards, is the card inserted, etc.)
• Session management
(Open, Close)
• Objects (keys, certificate, data files) create,
modify, delete, etc.
Budapest University of TE
Boldizsár BENCSÁTH, 2004
34
Common problems
• The resources of the card is very limited
(some kilobytes of memory, processor is
slow. RSA functions can take seconds)
• Programming environment has many
limitations (e.g. no integer in javacard)
• Documentation is missing, contains errors,
development tools are “not perfect”
• Limited debugging abilities
• Limited community background, unlimited
lobby background…
Budapest University of TE
Boldizsár BENCSÁTH, 2004
35
Common problems of development
Interoperability
• Interoperability is important
• Many organizations try to define interoperable solutions.
• E.g. AFC:
Calypso (Europe)
ITSO (England)
Resekortsföreningen (Sweden)
GSC-IS (USA)
Intercode (France)
Trans Link (Netherland)
VDV Kernapplikation (Germany)
Elektra Hungária (Hungary)
• Too many incompatible solutions…
Budapest University of TE
Boldizsár BENCSÁTH, 2004
36
The case of insecure terminals
insecure
C:>_
Network
A wide range of terminals
fall into the insecure category!
( © Berta 2004)
Budapest University of TE
Boldizsár BENCSÁTH, 2004
37
Most important
-A correctly designed smart card can safely
store something important
-The key never leaves the card
-It might be cracked/cloned for million dollars
-But the security of the system depends on
HOW do You use the smart card
-e.g. You don’t really know what did your
card sign
Budapest University of TE
Boldizsár BENCSÁTH, 2004
38
Thank You!
Boldizsár BENCSÁTH
http://www.crysys.hu/
bencsath@crysys.hu
Budapest University of TE
Boldizsár BENCSÁTH, 2004
39
Usual approaches against
the threat of insecure terminals
-
4
3
PIN code 2
4
3
1
One-time-PIN 12 45
3
2
Biometric identification of the user
The user must confirm whenever the terminal
uses the smart card
The user should remove the card
Read-only terminals
Using a trusted third party...
The user should authenticate the message
Budapest University of TE
Boldizsár BENCSÁTH, 2004
40