Smart cards
a fascinating and fruitful adventure
Nguyen Quang Huy
Gemalto Technology & Innovation
Smart Cards in the our life
 Secure transaction (banking, pay-TV)
 Telecom (SIM/USIM/RUIM, M2M,
convergence, M-TV, M-banking, Mticket)
 Control Access (physical and logical resource)
 E-citizen (e-passport, e-ID, e-Heath, e-driving license, ..)
2
Smart Card HW
25 mm2
 No internal timer, battery
 No keyboard, display, network interface
 Current generation





µ-processor: 16-bits, <=10MHz
RAM: 4K
ROM: 100K for code storage
E2PROM (105 updates ): 64K for data storage
I/O: serial (9600 bps),
– Contactless protocols: MiFare, FeliCa, Calypso
 Next generation
 µ-processor: 32-bits, up to 100MHz
 Flash memory: more durable and more rapid
 I/O: USB (12 Mbps)
– Contactless open protocols: NFC, ZigBee
3
Smart Card SW
 Proprietary architecture
 Undisclosed specification
 Tedious application development
 Closed configuration: no application can be added after issuance
 Open architecture
 Open specification
 High-level programming languages
 Post-issuance applications are available
 Some open architectures




Java Card
MULTOS
.NET Card
Basic Card
4
Example: Java Card
 Introduced by Schlumberger in 1996
 Leading open multi-applicative architecture
 >5 billions Java-embedded cards issued
 Applications (applets) developed in Java
JC Firewall
I/O command
Card
Manager
Applet 1
API in Java
Java Card Virtual Machine
Operating System
Integrated Circuit
5
Applet 2
Native
API
Security threats
 No battery
 Card tearing (or power failure ) may cause inconsistency data
 No internal timer
 Logging for post-mortem analysis is not possible
 No keyboard, display, network device  secure usage environment
 Payment terminals (POS and ATM): security certification
 Security of PC and handset: keyboard logger, false display (phishing), etc
 Contactless interface
 Cardholder is not aware of malicious actions
 Physically owned by attackers
 Vulnerable to both logical and physical attacks
6
Attacks
 Logical attacks: use I/O commands to exploit SW vulnerabilities
 buffer overflow, type confusion, covert channels, protocol attacks, etc
 Physical attacks: use physical phenomenon to exploit SW/HW
vulnerabilities
 Invasive attacks: destructive and require specific logistics
 HW reverse-engineering; disabling HW security features, etc
 Non invasive attacks: affordable logistics
– Side-channel: use the emitted signals (power consumption, execution time) to
guess the secret (keys, PIN)
 Execution signature (E2PROM update, DES rounds, etc) may leak secret
– Fault-injection attacks: use physical means (infrared heat, laser, X-ray) to flip
some bits in the memory
 Modify code and runtime control flow, data: the consequence is hardly
predictable
 Combined attacks
7
Counter-measures and beyond
 Detection
 HW: (shield-removal, temperature, frequency, laser, light) sensors
 SW: checksum, fault-trap
 Protection
 HW: memory/bus encryption, redundancy, error-correcting code
 SW: transaction mechanism (anti-tearing), random noise, protection of control flow
 Auditing
 HW: security registers
 SW: fault-counters, security exception
 Reaction
 Muting (infinite loop) and clearing RAM
No counter-measure is perfect
Trade-off between security and performance (tender eligibility criterion)
 Use of mathematical techniques: formal methods
8
Mathematically proven
security assurances
9
Vietnam: smart card deployment
 Mobile telecom
 Low-end cards: <=64K EEPROM
 Banking
 Small-scale migrations to EMV standard: VP Bank, VCB, etc
 Online banking (secure reader/authentication server): VCB
 Why the banks are not keen on using smart cards ?
– Cards mainly used for ATM withdrawal: rare (offline) POS payment
 fraud is limited
– Card holders are usually paying for the fraud !
– Insfratructure cost for a migration (ATM, POS, servers, etc)
 E-government
 e-passport project (since 2006)
10
Dosmetic industry
 Small market implies small players
 Few smart cards manufacturers
 MK Technology JSC: 20 milions smart cards delivered in 2008
 Main products: SIM, USIM, RUIM
– Sale representative of foreign products
 Dosmetic share in final products
– Card personalization for final clients
– A first Vietnamese smart card OS ? MKCos (Sao Khue 2008)
 Even fewer application developers
 Vietnamizing imported applications
11
Joining the adventure
 Expanding dosmetic market by SIM-based attractive
applications e.g.,
 M-payment, online payment
 Value-added applications on mobile network
 M-ticket for public transport
 Making E-Government come true
 Healthcare card, ID-card, etc
 Education/Training
 More training courses for
– embeded programming: lucrative outsourcing market
– security engineering: go beyond anti-virus
 Support of overseas experts
 Enterprising
 Win-win JV with foreign partners to learn technology
12