OverviewOverview
Size of a credit cardSmall embedded computer chip
– Memory cards– Processor cards– Electronic purse cards (FSU ID card)– Security cards
Processor cards require a reader
History of Smart cardsHistory of Smart cards
Patented in 1970s (several different designs)1983: first mass use in France for pay phone1992: second mass use again in France for
debit cards1993: Visa, MasterCard, Europay agreed on
a standard (EMV)Contactless technology is the new trend
Smart card vs. Magnetic strip Smart card vs. Magnetic strip cardcard
Smart card is more secure– Data encryption ability– Difficult to access data without terminal
Smart card is more expensiveSmart card is less durable
UsageUsage
Banking– ATM
Payment– Like credit card
Access control– Certificate holder (able to do triple DES)
IdInformation storage
Prime examplesPrime examples
Medical application: Germany issues smart cards to all citizens
India driver’s licenses (becoming popular in other countries)
China transit (GuongZhou)England tracking device in airports
Programming the CardProgramming the Card
OpenCard– Java interface, Java Electronic Commerce
Framework (JECF)
PC/SC– Window’s based interface
Modeling Security ThreatsModeling Security Threats
Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards by Schneier and Shostack
Smart Card’s handicapSmart Card’s handicap
Functionality is split in unusual ways compare to a computer
Unable to interact with the world without outside peripherals
Multiple parties
CardholderCardholder
Holding the cardMay or may not control the info in cardDoes not control the protocols, software, or
hardware in the card system
Data OwnerData Owner
May or may not control data in the cardDigital certificatesAmount of money in account
Card IssuerCard Issuer
Control operating system running on the card
Initial dataCard manufacturerSoftware manufacturer
Examples of Trust Splits in Examples of Trust Splits in Smart card systemsSmart card systems
Digital Stored Value Card– Cash card– Mondex– VisaCash
Digital Check Card– Similar to cash card– Card owner is also the data owner
Prepaid Phone Card– Value card
Account-based Phone Card– Account number
ContinuesContinues
Access Token– Key to login or authenticatio protocol
Web Browsing Card– Cash card– Cardholder and terminal owner are the same
ContinuesContinues
Digital Credential Device– Digital certificates or ther credentials– Cardholder and data owner are the same– Kerberos– DSSA/SPX
Key Storage Card– Key
Multi-Function Card
ThreatsThreats
Attack is an attempte by one or more parties involved in a smart card transaction to cheat
Interfere with one or more partiesInside vs Outside Attacks
– One of the parties– Outsider stealing a card
Motives for AttackMotives for Attack
Financial theftImpersonation attack: gain accessPrivacy attackPublicity attack
Classes of AttackClasses of Attack
Attack by the Terminal against the cardholder or data owner– Fake ATM machines– Assume we trust the terminal– Preventions
Limit the time to modify Limit the amount of $ reduced at a given time Real prevention is monitering by back-end system
ContinuesContinues
Attack by the cardholder against the terminal– Fake cards with rogue software– Preventions
Good protocol design Hard-to-forge physical aspects
– Hologram on Visa
ContinuesContinues
Attack by the cardholder against the data owner– Pay-TV access cards– Reverse-engineering– Defeat tamper-resistance– Fault analysis
Attack by the cardholder against the issuer– Randomly access an acount with account-based phone
cards– If there is a key, capture the key and use it
ContinuesContinues
Attack by the cardholder against the software manufacturer– One application on a smard card to subvert
another running on the same card.
Conclusion on SecurityConclusion on Security
Resistance– Make specific attacks harder: stronger cryptographic
protocols, increase tamper-resistance– Few splits to eliminate certain attacks altogeter
Example cardholder is also the data owner which means no cardholder attacking data owner
– Adding screen and data entry to the card Increase the cost
– More Transparency Open publication leads to review and analysis Cleanly separating roles
– Example Mondex system with various terminals– User can check his/her account in any one of them
Evolution of Smart cards or Evolution of Smart cards or lack there oflack there of
Why is it not popular in America yet?– Social environment
Split government systems Class differences Market forces
– Cost vs. Benefit
Future of smart cardsFuture of smart cards
Security of smart card is similar with the security of PC
New technology help to further secure smart system– Digital display on the card
Contact vs. Contactless