Smart Cards
By
Sravanthi Karumanchi
Introduction
 The semiconductor revolution has advanced to the
point where the computing power that once took
up an entire room can now me lost among the
spare change, house keys or candy wrappers in the
average pocket.
 Smart cards have proven to be quite useful as a
transaction/authorization/identification medium.
 As their capabilities grow, they could become the
ultimate thin client, eventually replacing all of the
things we carry around in our wallets, including
credit cards, licenses, cash, and even family
photographs.
History
 The roots of the current day smart card can be
traced back to the US in the early 1950s when
Diners Club produced the first all-plastic card to
be used for payment applications.
 VISA and MasterCard then entered the market, but
eventually the cost pressures of fraud, tampering,
merchant handling, and bank charges made a
machine-readable card necessary
What is a Smart card?
 A smart card is a credit card sized plastic
card with an embedded computer chip.
 The chip can either be a microprocessor
with internal memory or a memory chip
with non-programmable logic.
 They can be programmed to accept, store
and send data.
Need for a smart card
 An advanced security system is worthless if it is
so inconvenient for the users that they always find
a way around it. For example, many users have so
many passwords to remember today that they
often write them down in easily accessible places
or choose simple easily guessed passwords. Smart
cards can easily store large passwords.
 Being a computer in itself, smart cards can also
perform advanced security functions like storage
of cryptographic keys and ability to perform
cryptographic algorithms.
Need for a smart card
 Smart cards provide tamper-resistant storage for
protecting sensitive information like private keys,
account numbers, passwords, and other forms of
personal information.
 They can isolate security-critical computations
that involve authentication, key exchange and
digital signatures from other parts of the system
that do not have a "need to know". Since
computations can be done in the card itself, the
keys need not exist anywhere other than the card
itself. This prevents malicious sniffing programs
from getting hold of the key.
Need for a smart card
 They provide a level of portability to
securely move information from one system
to another.
 They can run custom code and thus are
programmable.
Smart card
 Difference between smart cards and
magnetic smart card
Magnetic stripe card does not have a chip
embedded in them
A smart card carries more information than can
be accommodated on a magnetic stripe card. It
can make a decision, as it has relatively
powerful processing capabilities that allow it to
do more than a magnetic stripe card (e.g., data
encryption).
Electronic Module
 The information or application stored in the
IC chip is transferred through an electronic
module that interconnects with a terminal or
a smart card reader.
Physical structure
 The International Standards Organization
( ISO) 7810, 7816/1, 7816/2 specifies the
physical structure of the smart card.
 A printed circuit and an integrated chip are
embedded on the card
Physical Structure
 An integrated circuit chip consists of a
–
–
–
–
Microprocessor
Read only memory (ROM)
Nonstatic random access memory (RAM)
Electrically erasable programmable read only memory
(EEPROM), which will retain its state when the power is removed.
– Programmable read only memory (PROM)
– Erasable programmable ROM (EPROM)
 The current circuit chip is made from silicon, which is not
flexible and particularly easy to break. Therefore, in order
to avoid breakage when the card is bent, the chip is
restricted to only a few millimeters in size.
 This also limits the memory and processing resources that
may be placed on the card. As a result, the smart card
always has to incorporate with other external peripherals to
operate.
Smart card architecture
elements
 Central Processing Unit
– Traditionally there is a 8 bit controller, but nowadays 16 bit and 32
bit chips are also used.
– Smart Card CPUs execute machine instructions at a speed of
approximately 1 MIPS. A coprocessor is often included to improve
the speed of encryption computations.
 Memory System
– RAM. 1K. This is needed for fast computation and response. Only
a tiny amount is available.
– EEPROM (Electrically Erasable PROM). Between 1 to 24K.
Unlike RAM, its contents are not lost when power is. Applications
can run off and write to it, but it is very slow and one can only
read/write to it so many (100 000) times.
– ROM. Between 8 to 24K. The Operating System and other basic
software like encryption algorithms are stored here.
Smart card architecture
elements
 Input /Output
– This is via a single I/O port that is controlled by the processor to
ensure that communications are standardized, in the form of
APDUs (A Protocol Data Unit).
 Interface Devices(IFDs)
– Smart Cards need power and a clock signal to run programs, but
carry neither. Instead, these are supplied by the Interface Device usually a Smart Card Reader - in contact with the card.
– In addition to providing the power and clock signals, the reader is
responsible for opening a communication channel between
application software on the computer and the operating system on
the card
– The communication channel to a Smart Card is half-duplex.
Smart card architecture
elements
 Interface Devices
– The receiver is required to sample the signal on the serial line at
the same rate as the transmitter sends it in order for the correct data
to be received. This rate is known as the bit rate or baud rate.
– Data received by and transmitted from a Smart Card is stored in a
buffer in the Smart Card's RAM. As there isn't very much RAM,
relatively small packets (10 - 100 bytes) of data are moved in each
message.
Smart Card Dimensions
 Two physical dimensions are specified for smart cards. The
most popular form is approximately the size of a credit
card. Small enough to be conveniently portable, the card is
large enough to display graphics and advertising on its
side. The second, smaller smart card size, specified by the
European Telecommunications Standards Institute (ETSI),
is used specifically for Global System for Mobile
Communications (GSM) phones, the predominant cellular
phone technology system in Europe.
How does a smart card work?
 All smart cards have essentially the same physical
interface to the outside world, the smart card
reader. To use a smart card, an end user simply
inserts it into a read / write device where it
remains for the duration of a session or
transaction.
 The user provides a PIN or password as they
would at an ATM machine providing the added
protection of two-factor authentication.
How does a smart card work?
 While still in the reader, the card interacts with
security software on the local machine and the
network as needed. It confines certain operations,
such as those involving a user’s private key, to
the card itself. That means the private key and
any digital certificates never leave the card. All
computations involving them happen internally
and securely so only the cardholder can access
the private key.
 When a session or workday is over, the user
removes the card and keeps it in a safe place.
Without the card, unauthorized individuals can’t
hack into protected resources.
How is authentication done
1.
2.
3.
4.
5.
6.
7.
Insert the smart card into a reader. The smart card contains the
cryptographic keys and biometric fingerprint data.
Enter PIN (or password), in order to unlock the digital
representation of the fingerprint. In the trade, this is known as the
minutia data.
Place the finger on the scanner. The scanned fingerprint is compared
to the fingerprint data on the smart card.
If the data matches, the smart-card fingerprint data is converted into
a number and combined with the smart-card secret PIN (retrieved in
Step 2) and used as a symmetric cryptographic key to decrypt the
private key.
A nonce (random number) is passed from the computer application
to the smart card.
The private key on the smart card is used to encrypt the nonce and
pass it back to the application.
The application verifies that a certified public key obtained from the
network-based directory service or from the card does, in fact,
decrypt the encrypted message from the card and reveal the same
nonce that was originally passed to the card.
Smart card Variations
Contact Smart Cards
 Contact smart cards must be inserted into a
smart card reader device where pins
attached to the reader make contact with
pads on the surface of the card to read and
store information in the chip.
Contactless Smart Cards
 Contactless smart cards contain an embedded
antenna instead of contact pads attached to the
chip for reading and writing information contained
in the chip's memory.
 Contactless cards do not have to be inserted a
smart card reader. Instead, they need only be
passed within range of a radio frequency acceptor
to read and store information in the chip.
 These cards have an antenna embedded inside the
microchip that allow the card to communicate
with an antenna coupler unit without physical
contact.
Contactless Smart Cards
 The range of operation is typically from
about 2.5" to 3.9" (63.5mm to 99.06mm)
depending on the acceptor.
 Student identification, electronic passport,
vending, parking and tolls are common
applications for contactless cards.
Proximity Cards
 Proximity cards or simply prox cards
communicate through an antenna similar to
contactless smart cards except that they are readonly devices that generally have a greater range of
operation.
 The range of operation for prox cards is typically
from 2.5" to 20" (63.5mm to 508mm)
 They are growing in popularity because of the
convenience they offer markets such as walkthrough access terminals in mass transportation,
security, identification, and access control
Proximity Cards
 Prox cards are available from several sources in
both ISO thickness cards from .027" to .033" and
clamshell cards from .060" to over .070" thick
 They are used in security, identification, and
access control applications, especially door access
where fast, hands-free operation is preferred.
Hybrid Card
 There will be some period of time in which there
will be some magnetic stripe-only cards, some
chip-only cards, and many cards that will carry
both a chip and a magnetic stripe as seen by the
recent release of the America Express Blue card. A
hybrid infrastructure is expected to accommodate
the transition.
 A Hybrid card has two chips, each with its
respective contact and contactless interface. The
two chips are not connected, but for many
applications, this Hybrid serves the needs of
consumers and card issuers.
Hybrid Card
 Hybrid card is the term given to e-cards that
contain two or more embedded chip technologies
such as a contactless smart chip with its antenna, a
contact smart chip with its contact pads, and/or a
proximity chip with its antenna all in a single card.
Combi Card
 The combi card also known as a dual-
interface card i.e., with a contact and
contactless interface.
 It has one smart chip embedded in the card
that can be accessed through either contact
pads or an embedded antenna. It is now
possible to access the same chip via a
contact or contactless interface, with a very
high level of security.
Combi Card
 In the mass transit application, a contact-
type acceptor can be used to place a cash
value in the chip's memory and the
contactless interface can be used to deduct a
fare from the card.
Difference between a Hybrid
and a Combi card
 The main difference between a combi card
and a hybrid card is that a combi card has
only one chip and a hybrid card has two
chips.
Cryptographic Smart cards
 Cryptographic cards or crypto cards are high-end
microprocessor memory cards with additional
support for cryptographic operations (digital
signatures and encryption)
 Crypto cards are designed to allow secure storage
of private keys (or other secret keys).
 These cards will also perform the actual
cryptographic functions on the smart card itself. In
this way, the private key need never leave the
smart card.
Cryptographic Smart cards
 Since the EEPROM of these cards is
designed to be tamper-resistant,
unauthorized individuals are unable to hack
the card secrets it’s virtually hackerresistant. As a result, crypto cards play an
essential part of any public/private key
system
Vault Smart Cards
 These cards are activated upon user entry of a PIN
(personal identification number) directly on the card.
 The card self verifies the PIN, and then activates the smart
module. The card is then handed to the merchant to
complete the transaction.
 After a transaction is completed, the card automatically
returns to an inactive state and cannot be used again
without reactivation PIN input.
 Entry and verification process is fast, simple, and secure.
Card self-verification eliminates the need for an external
PIN database and also eliminates transmission of a PIN,
reducing the chance of interception and misuse.
Memory and Microprocessor
Chips
 The chips used in all the cards mentioned
above fall into three categories:
microprocessor chips
memory chips.
Optical memory cards
Memory Chip
 A memory chip can be viewed as small floppy
disks with optional security
 Memory cards can hold from 103 bits to 16,000
bits of data, but have no processor on the card
with which to manipulate that data.
 They are less expensive than microprocessor
cards but with a corresponding decrease in data
management security.
 They are used for storage and retrieval only.
Memory Chip
 They depend on the security of the smart
card reader for their processing and are
ideal when security requirements permit use
of cards with low to medium security.
 Smart-card memory chips are used for data
storage and identification applications.
Classification of memory cards
 Memory chips are of three kinds
 Straight memory cards: These cards just store data and have
no data processing capabilities. They should be regarded as floppy
disks of varying sizes without the lock mechanism.
 Protected/Segmented memory cards: These cards have
built-in logic to control the access to the memory of the card.
Sometimes referred to as intelligent memory cards these devices
can be set to write protect some or the entire memory array. Some
of these cards can be configured to restrict access to both reading
and writing. This is usually done through a password or system
key. Segmented memory cards can be divided into logical sections
for planned multi-functionality.
Classification of memory cards
 Stored value memory cards:
These cards are designed
for the specific purpose of storing value or tokens. The cards are either
disposable or rechargeable. Most cards of this type incorporate
permanent security measures at the point of manufacture. These
measures can include password keys and logic that are hard-coded into
the chip by the manufacturer. For simple applications such as a
telephone card the chip has 60 or 12 memory cells, one for each
telephone unit. A memory cell is cleared each time a telephone unit is
used. Once all the memory units are used, the card becomes useless
and is thrown away. This process can be reversed in the case of
rechargeable cards.
Microprocessor Chips
 Microprocessor cards (also generally referred to
by the industry as chip cards) offer greater
memory storage and security of data.
 Chips that contain both memory and a
microprocessor are also similar to a small floppy
disk, except they contain an intelligent controller
used to securely add, delete, change, and update
information contained in memory.
 The more sophisticated microprocessor chips
have state-of-the-art security features built in to
protect the contents of memory from unauthorized
access.
Microprocessor Chips
 A microprocessor chip can add, delete and otherwise
manipulate information in its memory. It can be viewed as
a miniature computer with an input/output port, operating
system and hard disk.
 Microprocessor chips are available 8, 16, and 32 bit
architectures. Their data storage capacity ranges from 300
bytes to 32,000 bytes with larger sizes expected with
semiconductor technology advances.
 The current generation of chip cards has an eight-bit
processor, 16KB read-only memory, and 512 bytes of
random-access memory. This gives them the equivalent
processing power of the original IBM-XT computer, albeit
with slightly less memory capacity.
Optical Memory Cards
 Optical memory cards look like a card with a
piece of a CD glued on top, which is basically
what they are.
 Optical memory cards can store up to 4 MB of
data.
 These cards can carry many megabytes of data,
but the cards can only be written once and never
erased with today’s technology.
 Thus, this type of card is ideal for record keeping
for example medical files, driving records, or
travel histories.
Multi-application Smart Card
 Since the microprocessor cards have a reasonable amount
of memory, one can have multiple applications residing in
the card at the same time.
 Multifunction smart cards allocate card memory into
independent sections assigned to a specific function or
application.
 Within the card is a microprocessor or microcontroller chip
that manages this memory allocation and file access.
 This type of chip is similar to those found inside all
personal computers and when implanted in a smart card,
manages data in organized file structures, via a card
operating system (COS).
Multi-application Smart Card
 The technology permits information updates
without replacement of the installed base of cards,
greatly simplifying program changes and reducing
costs.
Multi-application Smart Card
 A student uses the card as a basic ID, to check out books
from the library, and to decrement value for the meal plan
and campus vending machines. The student might also use
it for secure access to certain buildings and to the
university’s computer system.
 The figure shows a overview of uses of multi-application
smart card
Chip Operating System
 The smart card’s chip operating system, is a sequence of
instructions, permanently embedded in the ROM of the
smart card.
 The functional characteristics of the smart card are
determined by its operating system
 The operating system receives outside commands and
executes them provided that certain processing conditions
are met.
Chip Operating System
 The baseline functions of the COS which are common
across all smart card products include:
 Management of interchanges between the card and the outside
world, primarily in terms of the interchange protocol
 Management of the files and data held in memory
 Access control to information and functions (for example, select
file, read, write, and update data.)
 Management of card security and cryptographic algorithm
procedures.
 Maintaining reliability, particularly in terms of data consistency,
sequence interrupts, and recovering from an error.
 Management of various phases of the card’s life cycle (that is,
microchip fabrication, personalization, active life, and end of life)
Communication Protocol
 Smart cards speak to the outside world using data packages
called APDU( application protocol data units)
 APDU contains either command or response message
 Smart card always waits for command APDU from a
terminal. It plays a passive role
 It then executes the action specified and replies to the
terminal using a response APDU.
A Smart card transaction
 The steps in a typical smart card transaction are set
out below:
 Step 1: Connection
In a smart card system for contact cards, the card is
inserted in a reader device. Contactless cards need only
be passed near a target.
 Step 2: Authentication of the card
The card generates a message to the reader, which
confirms that it is a valid card. The message may be
encrypted for security purposes. The reader can also
check the card against a list of stolen cards and if
necessary lock it so that it can no longer be used.
A Smart card transaction
 Step 3: Authentication of the reader
The reader sends a message to the card, which is
checked against pre-programmed codes to establish if
the reader is valid. If the card is not satisfied that the
reader is valid, it can prevent the reader gaining access
to the information held on the card.
 Step 4: Selecting an application
A single smart card may support many different
applications, which may be inter-related or quite
distinct. The desired application can be selected by the
cardholder, by a person with access to the reader, or
chosen automatically by the reader or the card
depending on the form of the initial authentication.
A Smart card transaction
 Step 5: Identifying security requirements
The card is able to define the security requirements for
the selected application. The card can enforce different
levels of security for different purposes or for different
persons or organizations.
 Step 6: Authenticating the card-holder
This can be done by either requiring the cardholder to
enter a PIN (personal identification number) or some
sort of biometric information (for example; fingerprints,
retina scan or signature dynamics). The card keeps the
relevant information to make a comparison in a secret
area. It can make the comparison without divulging to
the cardholder the data it holds for the authentication
procedure.
A Smart card transaction
 Step 7: The transaction
The transaction is generated by manual entry or by an
automated process. The card or reader checks and
authorizes the transaction.
 Step 8: Transaction record
The card generates a record of the transaction and
transmits it electronically to the reader. The record may
be used in another part of the system (for example; to
allow the service provider to collect actual payment
from a bank in a stored value application); by a third
party to the transaction for other purposes (for example;
collecting statistics); or as back up data storage in case
the card is lost or damaged.
 Step 9: Hard copy
A paper record (such as a receipt) can be generated by
the reader for the cardholder or the service provider.
Life cycle of a smart card
 There are five phases for a typical smart card life
cycle
 Fabrication Phase: The chip manufacturers carry out
this phase. The silicon integrated circuit chip is created
and tested in this phase. A fabrication key (KF) is added
to protect the chip from fraudulent modification until it
is assembled into the plastic card support. The KF of
each chip is unique and is derived from a master
manufacturer key. Other fabrication data will be written
to the circuit chip at the end of this phase. Then the chip
is ready to deliver to the card manufacturer with the
protection of the key KF.
Life cycle of a smart card
 Pre-personalization Phase: The card suppliers carry
out this phase. In this phase, the chip will be mounted
on the plastic card. The connection between the chip
and the printed circuit will be made, and the whole unit
can be tested. To allow secure delivery and for added
security of the card to the card issuer, the fabrication
key will be replaced by a personalization key (KP).
After that, a personalization lock VPER will be written to
prevent further modification of the KP. In addition,
physical memory access instructions will be disabled.
Access of the card can be achieved only by using
logical memory addressing. This preserves the system
and fabrication areas being accessed or modified.
Life cycle of a smart card
 Personalization Phase: The card issuers conduct this
phase. It completes the creation of logical data
structures. Data files contents and application data are
written to the card. Information of cardholder identity,
PIN, and unblocking PIN will be stored as well. At the
end, a utilization lock VUTIL will be written to indicate
the card is in the utilization phase.
 Utilization Phase: This is the phase for the normal use
of the card by the cardholder. The application system,
logical file access controls, and others are activated.
Access of information on the card will be limited by the
security policies set by the application.
Life cycle of a smart card
 End-of-Life Phase (Invalidation Phase): There are
two ways to move the card into this phase. One is
initiated by the application, which writes the
invalidation lock to an individual file or the master file.
All the operations including writing and updating will
be disabled by the operating system. Only read
instructions may remain active for analysis purposes.
Another way to put the card into this phase is that,
when the control system irreversibly blocks access
because both the PIN and unblocking PIN are blocked,
then all the operations will be blocked including reads.
Logical File Structure
 Files are organized in hierarchical form
 There is one master file (MF), which is like the root
directory. Under the root, there can be different files,
which are called elementary files (EFs). There can be
various subdirectories called dedicated files (DFs). Under
each subdirectory will be elementary files again. The root
or MF is the peak of the hierarchy and it contains
information and locations of files contained within it.
– Dedicated Files (DF) contains the actual data files.
– The elementary file is where the actual data is stored
Logical File Structure
 After the success of selection, the header of the file can be
retrieved, which stores the information about the file such
as identification number, description, types, size, and so
on. Particularly, it stores the attribute of the file, which
states the access conditions and current status. Access of
the data in the file depends on whether those conditions
can be fulfilled or not.
 In order to provide greater security control, adding
accessing conditions and file status fields in the file header
enhances the attribute of each file.
 Moreover, file lock is also provided to prevent the file
being accessed. These security mechanisms and algorithms
provide a logical protection of the smart card.
Access Control
 The smart card access control system covers file access
mainly. Each file is attached by a header, which indicates
the access conditions or requirements of the file and the
current status as well.
 Levels of Access Conditions
 Always (ALW): Access of the file can be performed
without any restriction.
 Cardholder verification 1 (CHV1): Access can only be
possible when valid CHV1 value is presented.
 Cardholder verification 2 (CHV2): Access can only be
possible when valid CHV2 value is presented.
 Administrative (ADM): Allocation of these levels and
the respective requirements for their fulfillment are the
responsibility of the appropriate administrative
authority.
 Never (NEV): Access of the file is forbidden.
Access Control
 Two counters have to be implemented for each of the
cardholder verification numbers (CHVs), There are three
states in the management of the PIN, which are
described below.
 PIN has been presented: Files or functions, which have PIN
presentation as a pre-requisite or condition, can be carried out. Every
time the PIN is presented correctly, the PIN counter will be reset to
the maximum number of tries, three for example.
 PIN has not been presented or was presented incorrectly: The PIN
counter will be decremented by one after each incorrect PIN was
presented. All the operations or instructions, which require PIN
presentation, will be invalidated. If the PIN counter reaches zero, then
the PIN will be blocked.
 PIN is blocked: In this state, all the operations require PIN
presentation and even the PIN presentation instruction itself is
blocked. Unblock PIN instruction has to be carried out. If correct
unblocking PIN is presented, the PIN counter will be reset to the
maximum number of tries and backed to the first state. However, if
invalid unblocking PIN is presented, the unblock PIN counter will be
decremented by one and when this counter reaches zero, the PIN can
never be unblocked again.
Smart card Standards
 International Standards Organization
 American National Standards Institute
 International Airline and Transportation
Association.
– It has formed a task force to develop interoperability standards for
smart card ticketless travel.
 G-8 Health Standards
– The G-8 countries have come together to develop a standard
format for populating data on a health card.
 GSM Standards
– The specifications tie a telephone number to smart card, called a
Subscriber Identification Module (SIM) or User Identity Module
(UIM), rather than to a telephone handset. The SIM is inserted into
a telephone to activate it.
Smart card Standards
 EMV Specifications
– The EMV specification resolves the problem of disparate chip card
systems across the European continent, thereby eliminating a
major impediment to the widespread, cost effective
implementation of a global credit and debit card system.
 PC/SC Workgroup Open Specifications
– This group has developed open specifications for integrating smart
cards with personal computers.
 OpenCard Framework
– The OpenCard Framework is a set of guidelines announced by
IBM, Netscape, NCI, and Sun Microsystems Inc. for integrating
smart cards with network computers.
 Secure Electronic Transactions (SET).
– Secure Electronic Transactions (SET) is a protocol for secure
payments across the Internet. Announced in 1996 by VISA and
MasterCard, SET establishes a single technical protocol for
protecting payment card purchases made over the Internet and
other open networks. It is based on public key encryption and
authentication technology.
ISO
 ISO 7816-1:Physical characteristics
 ISO 7816-2:Dimensions and location of the
contacts
 ISO 7816-3:Electronic signals and transmission
protocols
 ISO 7816-4:Industry commands for
interchange
 ISO 7816-5: Number system and registration
procedure for application identifiers
 ISO 7816-6: Interindustry data elements
Security related standards
 PKCS#11:Cryptographic Token Interface Standard:
This standard specifies an Application Programming
Interface (API), called Cryptoki, to devices which hold
cryptographic information and perform cryptographic
functions.
 PKCS#15: Cryptographic token information format
standard: PKCS#15 is intended to standardize the use of
cryptographic tokens to identify themselves to multiple,
standard-aware applications regardless of the application’s
cryptographic token interface provider. The key issue in
such cases is the interoperability.
Security related standards
 JavaCard: The JavaCard API is a specification that
enables the Write Once, Run Anywhere capabilities of Java
on smart cards and other devices with limited memory.
 Common Data Security Architecture: Developed by
Intel, the Common Data Security Architecture (CDSA)
provides an open, interoperable, extensible, and crossplatform software framework that makes computer
platforms more secure for all applications including
electronic commerce, communications, and digital content.
 Microsoft Cryptographic API: The Microsoft
Cryptographic API (CryptoAPI) provides services that
enable application developers to add cryptography and
certificate management functionality to their Win32
applications.
Principles of security standards
 Multi-platform
– Standard should be applicable to numerous modern day operating
systems and computer architectures
 Open participation
– Standard should accept input and peer review from members of
industry, academia, and government
 Interoperability
– Standard should be interoperable with other leading standards and
protocols.
 Real, Functional
– Standard should apply to real world problems and markets and
adequately address their requirements.
 Experience, Products
– Standard should be created by a group of people with experience in
security-related products and standards.
 Extensibility
– Standard should facilitate expansion to new applications, protocols,
and smart card capabilities that weren’t yet around when the
standard was created.
Attack Technologies
 Attacks on smart cards are as follows
– Invasive attacks
– Noninvasive attacks
– Physical attacks
– Logical attacks
– Trojan Horse attacks
– Social Engineering attacks
Invasive attacks
 Microprobing techniques are usually used to
access the chip surface directly, thus facilitating
the observation and manipulation of the integrated
circuit of the smart card.
– Depackaging: Invasive attacks start with the
removal of the chip package. The card plastic is
heated until it becomes flexible. This softens
the glue and the chip module can then be
removed easily by bending the card.
– Layout reconstruction: The next step is to
reconstruct the layout of the new processor
Invasive attacks
– Manual microprobing: Its major component is
a special optical microscope
– Memory read out techniques: It is usually not
a practice to read out data from processor
directly. Microprobing is used to observe the
entire bus and record the values in the memory
as they are accessed.
Non-Invasive attacks
 The attacked card is not physically harmed and the
equipment used in the attack are usually disguised as smart
card readers
– Software attacks: use the normal communication interface of the
processor and exploit security vulnerabilities found in the
protocols, cryptographic algorithms, or their implementations
– Fault generation attacks: use abnormal environmental conditions
to generate malfunctions in the processor that provide additional
access.
– Glitch attacks: In a glitch attack, a malfunction is deliberately
generated, which causes one or more flip-flops to adopt the wrong
state.
– Eavesdropping Attacks: These attacks take advantage of the
analog characteristics of all supply and interface connections and
any other electromagnetic radiation produced by the smart card
processor during normal operation.
Physical attacks
 Physical attacks attempt to reverse engineering the
card and determine the secret keys
 This involves techniques like
–
–
–
–
Peeling off the LSI chip
Analysis using operational test circuits
Analysis using low-frequency clocks
Introduce computational errors into the smart card can
deduce the value of the cryptographic keys
– Voltage manipulation, temperature manipulation
– DPA(Differential Power Analysis) is a complicated
attack that relies on statistical references drawn from
power consumption data measured during smart card
computation
Logical attacks
 Logical attacks occur when a smart card is
operating under normal physical conditions, but
sensitive information is gained by examining the
bytes going to and from the smart card.
 In this attack, various byte patterns are sent to the
card to be signed by the private key. Information
such as the time required performing the operation
and the number of zeroes and ones in the input
bytes are used to eventually obtain the private key.
Trojan horse attacks
 Trojan horse attacks: This attack involves a rogue,
Trojan horse application that has been planted on
an unsuspecting user’s workstation. The Trojan
horse waits until the user submits a valid PIN from
a trusted application, thus enabling usage of the
private key, and then asks the smart card to
digitally sign some rogue data. The operation
completes but the user never knows that their
private key was just used against their will.
Trojan horse attacks
 Prevention
– The countermeasure to prevent this attack is to use
single-access device driver architecture. With this type
of architecture, the operating system enforces that only
one application can have access to the serial device
(and thus the smart card) at any given time.
– Another way to prevent the attack is by using a smart
card that enforces a "one private key usage per PIN
entry" policy model. In this model, the user must enter
their PIN every single time the private key is to be used
and therefore the Trojan horse would not have access to
the key.
Social Engineering attacks
 In computer security systems, this type of attack is usually
the most successful, especially when the security
technology is properly implemented and configured.
Usually, these attacks rely on the faults in human beings.
An example of a social engineering attack has a hacker
impersonating a network service technician. The
serviceman approaches a low-level employee and requests
their password for network servicing purposes. With smart
cards, this type of attack is a bit more difficult. Most
people would not trust an impersonator wishing to have
their smart card and PIN for service purposes.
Smart card features
 Two factor authentication
 Secure storage for private keys
 Non-repudiation
– cryptographic smart cards are designed to ensure that a user’s
private key never leaves the smart card, it cannot be copied,
replicated or misused by another individual. As a result, you can be
extremely confident that the private key (which is the lynch pin to
an entire PKI infrastructure) is always in the sole possession of the
user. That means that one has undeniable evidence that connects a
specific user to each transaction.
 Single sign-on
– The corporate user no longer has to remember multiple passwords
to multiple applications. On the contrary, the user simply inserts
his smart card, enters the PIN and the rest of the work is performed
by the smart card.
 Mobility
 Multiple applications on a single card
Smart card features
 Personalization
– Personalization involves customizing smart cards for your business.
Physical personalization and electronic personalization
 PKI
– The core of solutions based on the Public Key Infrastructure (PKI)
consists of a pair of keys - the public key and the private key.
Storing the private key of the key pair underlying the PKI system
is an essential part of security and ease of use. The private key is
stored in the chip of the smart card; thus, only the cardholder can
use his private key. The register of public keys is maintained and
administered by a trusted third party.
 Economic benefits
– Smart cards reduce transaction costs by eliminating paper and
paper handling costs in hospitals and government benefit payment
programs. Contact and contactless toll payment cards streamline
toll collection procedures, reducing labor costs as well as delays
caused by manual systems.
Smart card features
 Customization
– A smart card contains all the data needed to personalize networking, Web
connection, payments and other applications.
 Increase the security of password based systems
– One of the biggest problems in typical password systems is that
users write down their password and attach it to their monitor or
keyboard. They also tend to choose weak passwords and share
their passwords with other people. If a smart card is used to store a
user’s multiple passwords, they need only remember the PIN to the
smart card in order to access all of the passwords.
 Portability of Keys and Certificates
– With smart cards the certificate and private key are portable, and
can be used on multiple workstations, whether they are at work, at
home, or on the road.
 Auto-disabling PINs Versus Dictionary Attacks
Smart card features
 Counting the Number of Private Key Usages
– Smart card based digital signatures provide benefits
over handwritten signatures because they are much
more difficult to forge and they can enforce the
integrity of the document through technologies such as
hashing.
Smart Card Readers
 Though commonly referred to as smart card readers, all
smart card enabled terminals, by definition, have the
ability to read and write as long as the smart card supports
it and the proper access conditions have been fulfilled.
 Some examples include: reader integrated into a vending
machine, handheld battery-operated reader with a small
LCD screen, reader integrated into a GSM mobile phone,
and a reader attached to a personal computer.
Smart card applications
 Financial services - Financial institutions are looking to use Smart
Cards to deliver higher value-added services to businesses and
consumers at a lower cost per transaction.
– Electronic purse to replace coins for small purchases in vending
machines and over-the-counter transactions
– Credit and/or Debit Accounts, replicating what is currently on the
magnetic stripe bank card, but in a more secure environment.
– Securing payment across the Internet as part of Electronic
Commerce.
 Affinity programs - Airlines want to use Smart Cards not only as a
vehicle for issuing and carrying tickets - even though the single benefit
of being able to securely order/provide a ticket directly to chip cards
via the Internet is substantial. Airlines also want to use the cards to
provide tie-ins to their frequent-flyer programs and to cross-marketing
deals with auto rentals and hotels, as well as to provide simplified
access to private airline lounges.
Smart card applications
 Government Programs
 Electronic Benefits Transfer using smart cards to carry Food
Stamp and WIC food benefits in lieu of paper coupons and
vouchers.
 Agricultural producer smart marketing card to track quotas.
 Communication applications
 The secure initiation of calls and identification of caller (for
billing purposes) on any Global System for Mobile
Communications (GSM) phone.
 Subscriber activation of programming on Pay-TV.
 Information Security
 Employee access card with secured passwords and the
potential to employ biometrics to protect access to computer
systems
Smart card applications
 Secure network access
Smart Cards can carry an individual's digital signature. With
this ability, they provide a special mechanism to secure access
to computer networks within a corporation, they help ensure
that only individuals with the proper authority can get access to
specific network resources, and they reduce the likelihood that
hackers can break into a system.
 Healthcare
 Banking
 Internet
Smart Card Applications
 Information Technology
Businesses, the government and healthcare organizations
continue to move towards storing and releasing information via
networks, Intranets, extranets and the Internet. These
organizations are turning to smart cards to make this
information readily available to those who need it, while at the
same time protecting the privacy of individuals and keeping
their informational assets safe from hacking and other
unwanted intrusions. In this capacity, smart cards enable:
 Secure logon and authentication of users to PCs and
networks
 Secure B2B and B2C e-commerce
 Storage of digital certificates, credentials and passwords
 Encryption of sensitive data
Smart Card Applications
 Mobile Telecommunications
People using the Global System for Mobile communications (GSM)
standard for mobile phones use smart card technology. The smart card
is inserted or integrated into the mobile handset. The card stores
personal subscriber information and preferences that can be PIN code
protected and transported from phone to phone. The smart cards
enable:
– Secure subscriber authentication
– Roaming across networks
– Secure mobile value added services
Smart Card Applications
 Commercial Applications
Smart cards also provide benefits for a host of commercial applications
in both B2B and B2C environments. The smart card’s portability and
ability to be updated make it a technology well suited for connecting
the virtual and physical worlds, as well as multi-partner card programs.
The cards store information, money, and/or applications that can be
used for:
– Banking/payment
– Loyalty and promotions
– Access control
– Stored value
– Identification
– Ticketing
– Parking and toll collection
Smart card Applications
 Physical Access




– Employee access card with secured ID and the potential to employ
biometrics to protect physical access to facilities
Transportation
– Drivers Licenses.
– Mass Transit Fare Collection Systems.
– Electronic Toll Collection Systems.
Retail and Loyalty
– Consumer reward/redemption tracking on a smart loyalty card, that
is marketed to specific consumer profiles and linked to one or
more specific retailers serving that profile set.
Health Card
– Consumer health card containing insurance eligibility and
emergency medical data.
University Identification
– All-purpose student ID card (a/k/a/ campus card) , containing a
variety of applications such as electronic purse (for vending and
laundry machines), library card, and meal card.
Bibliography














R. Anderson and M. Kuhn, "Tamper Resistance---a Cautionary Note," Proc. 2nd Usenix
Workshop on Electronic Commerce, Usenix, Berkeley, Calif., 1996, pp. 1-11.
R. Anderson, M. Kuhn, “Low Cost Attacks on Tamper Resistant Devices," Security
Protocol workshop, April 1997, http://www.cl.cam.ac.uk/ftp/users/rja14/tamper2.ps.gz.
D. Boneh, R. DeMillo, and R. Lipton, “On the Importance of Checking Cryptographic
Protocols for Faults," Advances in Cryptology: Proceedings of EUROCRYPT '97,
Springer-Verlag, May 1997, pp. 37-51.
Gemplus, http://www.gemplus.com/
Smart card Alliance, http://www.smartcardalliance.org/
Smart card basics, http://www.smartcardbasics.com/
Prepaid Smart Card Techniques,
http://ntrg.cs.tcd.ie/mepeirce/Project/Chaum/cardcom.html
Smart card groups: http://www.smartcardclub.co.uk/
Smart cards: A primer, http://www.javaworld.com/javaworld/jw-12-1997/jw-12javadev.html
CITI Projects: Smart cards: http://www.citi.umich.edu/projects/smartcard/
Schlumberger sema smart cards: http://www.smartcards.net/
Smart card center: White papers:
http://www.datacard.com/smart_card_center/white_papers.shtm
Multifunctionality of smart card: http://www.oberthurusa.com/whitepapers-multi.asp
M.U.S.C.L.E: http://www.linuxnet.com/
Bibliography













Paul Kocher, Joshua Jaffe, Benjamin Jun, Differential Power Analysis, Advances in
Cryptology, proceedings of Crypto'99, Lecture Notes in Computer Science 1666,
Springer-Verlag, pp. 388--397, 1999.
http://citeseer.nj.nec.com/kocher99differential.html
Verisign: http://www.verisign.com/products/smartcard/
Smart card authority: http://www.smartcardauthority.com/
Comdex white papers: http://whitepapers.comdex.com/data/rlist?t=pd_10_30_10_68_4
SCIA: www.scia.org
CREC/KPMG: White paper, Smart cards:
http://cism.bus.utexas.edu/works/articles/smartcardswp.html
Smart card applications: http://www.smartcard.com.au/
Smart cards Overview: http://developer.netscape.com/tech/security/certs/cards.html
Smart card: http://palazzolo.members.easyspace.com/sun/smartcards.html
SSP Solutions: http://www.litronic.com/
Smart card: http://www.atis.org/tg2k/_smart_card.html
Smart card:
http://www.computerworld.com/databasetopics/data/story/0,10801,43436,00.html
Schlumberger sema smart cards: http://www.smartcards.net/infosec