Smart Card Technology Why is a Smart Card So Smart? CIS4360 – Introduction Computer Security Joey Ferreira Joshua Lawrence

History 1968 German inventor Jurgen Dethloff along with Helmet Grotrupp filed a patent for using plastic as a carrier for microchips. 1970 Dr. Kunitaka Arimura of Japan filed the first and only patent on the smart card concept 1974 Roland Moreno of France files the original patent for the IC card, later dubbed the “smart card.” 1977 Three commercial manufacturers, Bull CP8, SGS Thomson, and Schlumberger began developing the IC card product. Source: smart.gov

History 1979 Motorola developed first single chip Microcontroller for French Banking 1982 World's first major IC card testing 1992 Nationwide prepaid card project started in Denmark 1999 Federal Government began a Federal employee smart card identification Source: smart.gov

What is a Smart Card? The standard definition of a a smart card, or integrated circuit card (ICC), is any pocket sized card with embedded integrated circuits. Loosely defined, a smart card is any card with a capability to relate information to a particular application such as: Magnetic Stripe Cards Optical Cards Memory Cards Microprocessor Cards

Magnetic Stripe Cards Standard technology for bank cards, driver’s licenses, library cards, and so on……

Optical Cards Uses a laser to read and write the card CANPASS Contains: Photo ID Fingerprint

Memory Cards Can store: Financial Info Personal Info Specialized Info Cannot process Info

Microprocessor Cards Has an integrated circuit chip Has the ability to: Store information Carry out local processing Perform Complex Calculations Smart Cards with a microprocessor look like standard plastic cards but are equipped with embedded circuit IC chip. Microprocessor cards can: store information, carry out local processing on the data stored, and perform complex calculations. A microprocessor chip can add, delete and otherwise manipulate information in its memory. It can be viewed as a miniature computer with an input/output port, operating system and hard disk. Microprocessor chips are available 8, 16, and 32 bit architectures. There are two types of microprocessor cards. These cards take the form of either contact cards, which require a card reader, or contact-less cards, which use radio frequency signals to operate.

Microprocessor Cards Contact Smart Card

Contact

Microprocessor Cards Contactless Smart Card

Microprocessor Cards Combi / Hybrid Cards Has two chips: contact and contactless interface. The two chips are not connected. Combi Card Has a single chip with a contact and contactless interface. Can access the same chip via a contact or contactless interface, with a very high level of security.

Microprocessor Cards Combi / Hybrid Cards

How are Smart Cards Used? Commercial Applications Banking/payment Identification Ticketing Parking and toll collection Universities use smart cards for ID purposes and at the the library, vending machines, copy machines, and other services on campus. Mobile Telecommunications SIM cards used on cell phones Over 300,000,000 GSM phones with smart cards Contains mobile phone security, subscription information, phone number on the network, billing information, and frequently called numbers.

How are Smart Cards Used? Information Technology Secure logon and authentication of users to PCs and networks Encryption of sensitive data Other Applications Over 4 million small dish TV satellite receivers in the US use a smart card as its removable security element and subscription information. Pre-paid, reloadable telephone cards Health Care, stores the history of a patient Fast ticketing in public transport, parking, and road tolling in many countries

Advantages In comparison to it’s predecessor, the magnetic strip card, smart cards have many advantages including: Life of a smart card is longer A single smart card can house multiple applications. Just one card can be used as your license, passport, credit card, ATM card, ID Card, etc. Smart cards cannot be easily replicated and are, as a general rule much more secure than magnetic stripe cards Data on a smart card can be protected against unauthorized viewing. As a result of this confidential data, PINs and passwords can be stored on a smart card. This means, merchants do not have to go online every time to authenticate a transaction.

Advantages • chip is tamper-resistant - information stored on the card can be PIN code and/or read-write protected - capable of performing encryption - each smart card has its own, unique serial number • capable of processing, not just storing information - Smart cards can communicate with computing devices through a smart card reader - information and applications on a card can be updated without having to issue new cards • A smart card carries more information than can be accommodated on a magnetic stripe card. It can make a decision, as it has relatively powerful processing capabilities that allow it to do more than a magnetic stripe card (e.g., data encryption).

Disadvantages + NOT tamper proof + Can be lost/stolen + Lack of user mobility – only possible if user has smart card reader every he goes + Has to use the same reader technology + Can be expensive + Working from PC – software based token will be better + No benefits to using a token on multiple PCs to using a smart card + Still working on bugs

Security Mechanisms

OS Based Classification Smart cards are also classified on the basis of their Operating System. There are many Smart Card Operating Systems available in the market, the main ones being: 1. MultOS 2. JavaCard 3. Cyberflex 4. StarCOS 5. MFC Smart Card Operating Systems or SCOS as they are commonly called, are placed on the ROM and usually occupy lesser than 16 KB. SCOS handle: • File Handling and Manipulation. • Memory Management • Data Transmission Protocols.

References http://sec.isi.salford.ac.uk/download/smart.pdf http://www.smart.gov http://www.gemplus.com http://www.smartcardalliance.org/industry_info/smart_cards_primer.cfm http://www.axalto.com/Company/Governance/pdf/Annual%20Report%202004.pdf http://www.smartcard.co.uk/tutorials/sct-itsc.pdf