Smart CardsSmart Cards

By Simon Siu and Russell Doyle

OverviewOverview

Size of a credit cardSmall embedded computer chip

– Memory cards– Processor cards– Electronic purse cards (FSU ID card)– Security cards

Processor cards require a reader

History of Smart cardsHistory of Smart cards

Patented in 1970s (several different designs)1983: first mass use in France for pay phone1992: second mass use again in France for

debit cards1993: Visa, MasterCard, Europay agreed on

a standard (EMV)Contactless technology is the new trend

Hardware: Chip is accessed electronically via gold plate

Smart card vs. Magnetic strip Smart card vs. Magnetic strip cardcard

Smart card is more secure– Data encryption ability– Difficult to access data without terminal

Smart card is more expensiveSmart card is less durable

UsageUsage

Banking– ATM

Payment– Like credit card

Access control– Certificate holder (able to do triple DES)

IdInformation storage

Prime examplesPrime examples

Medical application: Germany issues smart cards to all citizens

India driver’s licenses (becoming popular in other countries)

China transit (GuongZhou)England tracking device in airports

Programming the CardProgramming the Card

OpenCard– Java interface, Java Electronic Commerce

Framework (JECF)

PC/SC– Window’s based interface

Modeling Security ThreatsModeling Security Threats

Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards by Schneier and Shostack

Smart Card’s handicapSmart Card’s handicap

Functionality is split in unusual ways compare to a computer

Unable to interact with the world without outside peripherals

Multiple parties

CardholderCardholder

Holding the cardMay or may not control the info in cardDoes not control the protocols, software, or

hardware in the card system

Data OwnerData Owner

May or may not control data in the cardDigital certificatesAmount of money in account

TerminalTerminal

Control all I/O to and from the cardPhoneATMSet-top box

Card IssuerCard Issuer

Control operating system running on the card

Initial dataCard manufacturerSoftware manufacturer

Examples of Trust Splits in Examples of Trust Splits in Smart card systemsSmart card systems

Digital Stored Value Card– Cash card– Mondex– VisaCash

Digital Check Card– Similar to cash card– Card owner is also the data owner

Prepaid Phone Card– Value card

Account-based Phone Card– Account number

ContinuesContinues

Access Token– Key to login or authenticatio protocol

Web Browsing Card– Cash card– Cardholder and terminal owner are the same

ContinuesContinues

Digital Credential Device– Digital certificates or ther credentials– Cardholder and data owner are the same– Kerberos– DSSA/SPX

Key Storage Card– Key

Multi-Function Card

ThreatsThreats

Attack is an attempte by one or more parties involved in a smart card transaction to cheat

Interfere with one or more partiesInside vs Outside Attacks

– One of the parties– Outsider stealing a card

Motives for AttackMotives for Attack

Financial theftImpersonation attack: gain accessPrivacy attackPublicity attack

Classes of AttackClasses of Attack

Attack by the Terminal against the cardholder or data owner– Fake ATM machines– Assume we trust the terminal– Preventions

Limit the time to modify Limit the amount of $ reduced at a given time Real prevention is monitering by back-end system

ContinuesContinues

Attack by the cardholder against the terminal– Fake cards with rogue software– Preventions

Good protocol design Hard-to-forge physical aspects

– Hologram on Visa

ContinuesContinues

Attack by the cardholder against the data owner– Pay-TV access cards– Reverse-engineering– Defeat tamper-resistance– Fault analysis

Attack by the cardholder against the issuer– Randomly access an acount with account-based phone

cards– If there is a key, capture the key and use it

ContinuesContinues

Attack by the cardholder against the software manufacturer– One application on a smard card to subvert

another running on the same card.

Conclusion on SecurityConclusion on Security

Resistance– Make specific attacks harder: stronger cryptographic

protocols, increase tamper-resistance– Few splits to eliminate certain attacks altogeter

Example cardholder is also the data owner which means no cardholder attacking data owner

– Adding screen and data entry to the card Increase the cost

– More Transparency Open publication leads to review and analysis Cleanly separating roles

– Example Mondex system with various terminals– User can check his/her account in any one of them

Evolution of Smart cards or Evolution of Smart cards or lack there oflack there of

Why is it not popular in America yet?– Social environment

Split government systems Class differences Market forces

– Cost vs. Benefit

Future of smart cardsFuture of smart cards

Security of smart card is similar with the security of PC

New technology help to further secure smart system– Digital display on the card

Contact vs. Contactless

ReferencesReferences

http://www.schneier.com/paper-smart-card-threats.pdf

http://en.wikipedia.org/wiki/Smart_cardhttp://smartcard.nist.gov/faq.html