Security on the move
Download
Report
Transcript Security on the move
Introduction to
Smart Cards
Pascal Paillier
Crypto & Security Department
Gemplus
1/41
7/17/2015
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
2/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
What is a Smart Card?
3/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
A Closer Look (1)
4/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
A Closer Look (2)
5/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
6/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Cutting
7/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Gluing
8/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Bonding
9/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Encapsulation
10/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Finished Modules
11/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Module on Body
Electrical Initialisation
12/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smart Card
Personalization
Artwork
13/41
7/17/2015
Electrical
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
The Players
Chip Manufacturer Electronic Circuit
Initialization
Card Manufacturer Personalization
Card Issuer
Card Distribution
( Personalization )
Card Holder
14/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Card Manufacturer’s role
Initialization
Card associated with issuer
Security conditions
Initialization
Personalization
Application profile into every
card.The cards belong to one
given application.
Cardholder profile into the card:
name, identification number...
15/41
7/17/2015
Personalization
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Card Personalization
Electrical personalization:
downloading of data (application & cardholder)
Graphical personalization:
printing text or artwork on the card body
My name
My name
Making each card unique !
16/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Personalisation
Electrical and Physical Personalisation
17/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
18/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
What is a Chip...
Chips?
Sheep?
Cheap?
19/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Main features
Tiny semiconductor based component
Millions of basic electronic components
Contains memory zones
Erasable or not
Protected or not
20/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
The Chip
pad
A Chip
Different memory blocks
Silicon wafer
21/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Main chip providers
22/41
ST
ATMEL
Infineon
Philips
Hitachi
Samsung
Nec
Others …
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Chip Layout
•CPU
8 bits (8051, 6805, Custom)
16 & 32 bits
•Memory (EEPROM, RAM, ROM, Flash)
•Control registers
•Clock generator (3.57 MHz)
•Timer(s)
•Serial IO interface (9600 bit/s)
•Crypto-Coprocessor (DES, AES, RSA)
•25 mm² max.
23/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Close-up view...
Vcc
24/41
GND
7/17/2015
RST
CLK
Introduction to Smart Cards - Crypto & Security Training
I/O
Bull Patents
Memory Characteristics
•EEPROM (non volatile memory)
Up to 64K Bytes
Application data storage
•ROM (write once)
Up to 208 K Bytes
Software (Operating System) storage
•RAM (temporary)
Up to 5 K Bytes
Working memory
•Flash (non volatile memory)
Software patches or static application code & data
25/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
What Does It Stand For?
ROM
Read Only Memory
EEPROM
Electrically Erasable Programmable R O M
RAM
Random Access Memory
26/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smart Cards and
Cryptography
Typical figures (internal clock @ 5 to 33 MHz)
Assembly language (software implementation)
DES : 5 ms
SHA-1 : 10 ms
AES : 5 ms
Public Key coprocessors (hardware implementation)
RSA 1024 signature: ~ 200 ms
ECC 160 signature: ~ 200 ms
Introduction to Smart Cards - Crypto & Security Training
Smart Card Life cycle
Card
Software
Silicon
Personalization
Manufacturing
Development Manufacturing
EEPROM
(Files)
Software
burning
(ROM)
Hardware: CPU, RAM, EEPROM, …
Silicon
Manufacturer
28/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Card Life Cycle
IC Manufacturer
From
Manufacturing to
Application phase
End User
Card Issuer
29/41
7/17/2015
Card
Manufacturer
System
Integrator
Software
Manufacturer
Card Accepting
Devices
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
30/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Card Families
Memory
Microprocessor
31/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Memory Cards
Bitmap, synchronous access
First Generation Technology
Read
Erase
00000000
00000000
00000
1111
Second Generation Technology
10110101
001110
111
10110111
Read
Write
Erase
32/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Enhanced Memory Cards
Onboard hardwired crypto engine
Card Authentication
MAC on balance
33/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Memory Card Application
Loyalty
34/41
7/17/2015
Payphones
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smarter Smart Cards
Chip Stucture (0,25mm2 )
RAM
FLASH / EEPROM
CPU
35/41
7/17/2015
ROM
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smarter Smart Cards
Microprocessor based
Onboard Memory (RAM, ROM and EEPROM/Flash)
Programmable
Onboard processing
Security features
Crypto coprocessor (PK, DES,…)
Physical sensors (V, freq,…)
Physical protections (shielding,…)
36/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Standards : ISO/IEC 7816
Integrated circuits cards with contacts
ISO/IEC 7816-1 : Physical characteristics.
ISO/IEC 7816-2 : Dimension & location of contacts.
ISO/IEC 7816-3 : Electronic signals & transmission protocols.
ISO/IEC 7816-4 : Inter-industry commands.
ISO/IEC 7816-5 : Registration system for applications in IC card.
ISO/IEC 7816-6 : Inter-industry data elements.
ISO/IEC 7816-7 : Inter-industry commands for
Structured Card Query Language (SCQL).
ISO/IEC 7816-8 : Security architecture and related inter-industry commands.
37/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smart Card Module
Data Bus
Microprocessor
Vcc
Ground
Reset
Vpp
Clock
I/O
CPU
EEPROM /
FLASH
ROM
Address Bus
Microchip
Microcontact
Micromodule
38/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
RAM
Communications
One communication channel: serial line
“Layered” transmission protocol
Application: Application Protocol Data Unit
Transport: T=0, T=1, T=14
39/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
How to communicate
with a smart card ?
40/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Required Infrastructure
Personalisation Center
Issuing Center
Reader
Middleware
Back-end System
http://www.gemplus.com/usb
41/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Messages
The card communicates with the reader by
exchanging APDU messages (Application
Protocol Data Unit)
A message is
a Command : From the reader to the card
a Response : From the card to the reader
Command
Response
42/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Example
Read Name
Gemplus
Id: Gemplus
43/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Syntax
APDU Command
CLA
Class
INS
P1
P2
Lc
Data
Le
Parameters
Instruction
Command Data
Data Length
Response Length
APDU Response
Data
SW
Response Data
44/41
7/17/2015
Status Word
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Example
READ BINARY (P1,P2,Le)
Data, SW
CLA
INS
P1
P2
Lc
A0
B0
xx
xx
0
Data
Le
Le
P1, P2 : specify the data to be retrieved
Le : length of data to retrieve
45/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Commands Model
•Based on ISO 7816-3
Command
•APDU Format
Command
CLA INS P1 P2
Lc
DATA
Le
Response
Response
DATA
46/41
7/17/2015
SW1 SW2
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Commands - 4 Cases
(1/2)
Case 1
No command data, No response data
COMMAND: CLA INS P1 P2
RESPONSE: SW1 SW2
Case 2
No command data, sends response data
COMMAND: CLA INS P1 P2 Le
RESPONSE: Data SW1 SW2
47/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Commands - 4 Cases
(2/2)
Case 3
Card Receives command data, No response data
COMMAND:
RESPONSE:
CLA INS P1 P2 Lc Data
SW1 SW2
Case 4
Card Receives command data, sends response data
48/41
7/17/2015
COMMAND:
CLA INS P1 P2 Lc Data Le
RESPONSE:
Data SW1 SW2
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Select WIM Application
Command
49/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
50/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Mask your Own Code
Pros:
Small code footprint
“Complete” control
Cons:
Development in C and target assembly language
Use emulators
Mask lead time (~2 month)
Bug fixes
51/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Use Proprietary Cards
What you (usually) get:
File System
Fixed set of APDU Commands
Read/Write files
Access to cryptographic functions
Pros:
Off the shelf products
Cheaper
Cons:
Not extensible
Bug fixes
52/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Use Open Cards
Choice
Java
Microsoft
Standard API
Crypto
GSM (SMS, Pro active commands…)
53/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Applet Life Cycle
Write code in Java
Compile it
Debug it (simulator)
Verify and Convert it (specific byte code)
Load it
Personalisation center
Point of sale
Over Networks (Internet, Wireless,…)
54/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Resources
On Card development:
Java card : http://www.javacard.org
“Java Card Technology for Smart Cards”, Zhiqun Chen, Sun Java Series,
ISBN: 0-201-70329-7
Windows for SC : http://www.microsoft.com/smartcard/
Gemplus
Developer web site: http://www.gemplus.fr/developers/index.htm
Developer conference: http://www.key3studios.com/gemplusworld/
June 20, 21, Paris.
Middleware:
PCSC-Lite : http://www.linuxnet.com/
OCF (java) : http://ww.opencard.org/
CDSA : http://www.opengroup.org/security/l2-cdsa.htm
PKCS : http://www.rsasecurity.com/rsalabs/pkcs/index.html
55/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
56/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
A Smart Card is
part of an
57/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Application Players
HOST
58/41
7/17/2015
READERS
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
CARDS
Application Software
Application software developed for
customer’s needs
Designed to communicate with user
card
Application
software
59/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Readers
Link between:
the host
the cards
60/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Role of the Reader
The reader is the interface between the
card and the application
It serves as a translator
It accepts the messages
from the card and
from the application software
Reader
Card
Application
Software
61/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Why use a Smart Card?
Crypto
Theoretical
62/41
7/17/2015
Practical
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Advantages of a Smart Card
Tamper resistance
Storage
Tamper resistance
Processing
[Blah Blah]
[@ç^#~r&¤]
Portability
63/41
7/17/2015
Ease of use
Onboard key generation
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Main applications
Public phone cards (pre-paid),
Cellular phone GSM cards,
Banking cards,
Health cards.
64/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
New applications
Electronic purse,
Transport,
Security of information system,
Identity,
Loyalty,
Games,
Physical access control.
65/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Where is Cryptography
Basic Electronic purse principle :
Smart card reader asks user to enter his PIN code
PIN code plays 2 roles :
Authenticating the user
Releasing the READ access right within the card
Reader checks the Purse identity against Black list
Reader (SAM) Authenticates the Purse (3-DES)
Purse authenticates the Reader (SAM).
Reader Decreases securely the purse value :
Ask the SAM to generate a MAC
Send the value to decrease & the MAC to purse
Reader Increases securely the SAM counter :
Read the new purse value with a MAC
Send the whole to SAM
66/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Attacking Smart Cards
Timing Attacks
Power Analysis
Simple Power Analysis
Differential Power Analysis
High-order, EMA, …
Invasive Attacks
Probe Stations
Focused Ion Beam
67/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Security Notions
68/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Attacks on Smart cards :
Wide range of techniques, requiring
various skills, equipment and time:
Physical security
Invasive Attacks
Side Channel Attacks
Fault Generation
69/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Open Platform Threats
Flawed program (ex: server)
Bad design (ex: no verification)
Bad implementation (ex: buffer overflow)
Trojan horse
Piece of software (plug-ins..) hiding amongst its
normal functionalities some malicious ones
70/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
JavaCard Threats
Stack overflow / underflow
Type mismatch (e.g. pointer forgery)
Data execution
as Byte Code
as native code
Goal: bypass Java Virtual Machine controls and
access local resources directly
71/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Cryptographic Attacks
Integrity
hash algorithms
Checksums
Authentication
MAC forgery
External authentication
Internal Authentication
Mutual authentication
Confidentiality
72/41
7/17/2015
Plaintext recovery
Key recovery
Ciphertext forgery
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Application level security
: Protocols
Replay attacks
Man-in-the middle attacks
Session high-jacking
Eavesdropping
73/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Focus on
Smart Card Security
or
How to defeat
Tamper resistance
74/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Conclusion
=
75/41
7/17/2015
Smart
Personal
Portable
Secure
Introduction to Smart Cards - Crypto & Security Training
Bull Patents