smartcards - Villanova University
Download
Report
Transcript smartcards - Villanova University
SMARTCARDS
What we’ll cover:
• How does the Smart Card work (layout
and operating system)?
• Security issues for the card holder
• The present and future of Smart Card
technology
Smart Card Hardware Layout
• Chip surrounded by epoxy in a pit on
the card
• Chip surface area usually under 25 mm2
• Components are:
– Microprocessor (8 bit, Motorola or Intel)
– ROM - Contains OS information
– RAM - For short term processing
– EEPROM- For long term storage
Smart Card Operating System
• First generation was very simple and
specific
• Nothing like DOS or UNIX, they were
merely a collection of commands
• Were required by ISO to have a
hierarchical file structure as they were
mostly for data storage
Smart Card OS (cont)
• In order to support transaction
processing, smart cards needed to have
a new OS design.
• Second generation OS handles multiple
applications at the same time
• More complex programs are written
Other features of the “new”
card
• Object oriented design
– Safer
– “Packet” data transferring
• Kernel for application management
• Execution security for multiple
applications
– Kernel execution privileges
– User execution privileges
Other features (cont)
• Application programming interface (API)
– Used for custom software development
– Basis for the Java Card
• The Java card is a stripped down version of
Java
• Allows for programs to be created easily by a
Java programmer
• API creates a need for increased
security
Security for the Card Holder
•
Why do we need security?
1. Must protect valuable personal or financial
data stored on card
2. To use Smart Card for authenticating card
holders
Attacks on the Card
• Physical Attack
– Rare due to the amount of time required and
the tools necessary to perform
– Passive
• Attacker “watches” and tries to break encryption
from glommed data
– Active
• Attacker will attempt to tamper with data transfer
or microcontroller
Physical Attack Prevention
• Resin coating on chip must be removed
prior to visual inspection or tampering
– Temperature sensors detect resin removal
and delete data on card
• Chip can be viewed under microscope
– Light sensors detect light under microscope
and delete data
• PROBLEM!! – these sensors require a
power source to function
Physical Attack Prevention (cont)
• Dummy Structures – Extra
Semiconductors installed on chip
• Build with all busses built internally in the
chip
• Build ROM internally into chip to prevent
reading bit by bit
User Authentication
• Smart Cards can hold Super-PINS, PIN
numbers that are longer than 4 digits
• The Smart Card can be programmed to
disallow certain PINS
– Birthdate
– “1234”
• Can store Biometric data – used with
additional hardware
Future Security Features
• Parasitic Authentication
– Smart Card must be in close proximity to
another device in possession of cardholder
– Uses Radio Frequency Identification (RFID)
• Pressure Sequencing
– Piezo-electric pad installed on card
– Unique signatures for length, strength, and
duration between each press
Applications
• Financial
• Telecommunications
• Health
• Transportation
• User Identification
Financial Applications
•Bank Cards
•Credit / Debit Cards
•Electronic Purses
•Online Transactions
Telecommunications
• Prepaid Phone Cards
• Television Decryption
• Computer Networks
• The Internet
Health Care
• Insurance
• Medical Records
• Prescriptions
• Patient Monitoring
Transportation
• Local Public Transportation
• Trains
• Taxies
• Air Travel
• Parking
User Identification
• Government Agencies
• Corporate World
• Schools
• Identification Document
Looking Forward
• Uniformity and Universality
• Design issues with advances
• Beyond Smart Cards
• Questions??