Everything you always wanted to know about Smart Cards... Marc Witteman November 2001.

Slides:

Advertisements

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.

Smart Card Syed Jabbar Computer Science Course:

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

Cryptography Introduction Last Updated: Aug 20, 2013.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?

FIT3105 Smart card based authentication and identity management Lecture 4.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Applied Cryptography for Network Security

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Chapter 20: Network Security Business Data Communications, 4e.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

SMARTCARDS. What we’ll cover: How does the Smart Card work (layout and operating system)? Security issues for the card holder The present and future of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 3: VPN and Encryption Technology.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Cryptography, Authentication and Digital Signatures

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

Smart card security Nora Dabbous Security Technologies Department.

Smart Card Technology & Features

Chapter 4 Application Level Security in Cellular Networks.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

By Brian Sutherland and Chou Peter Hoang

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Introduction Architecture Hardware Software Application Security Logical Attack Physical Attack Side channel Attack.

Lecture7 –More on Attacks Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

CONTACTLESS SMART CARD Betty Yu. What is contactless smart card? A contactless smart card is a contactless MHz credential whose dimensions are credit-card.

e-Wallet – THE FUTURE OF CARDS

Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.

A smart card is a credit card sized plastic card embedded with an integrated circuit chip that makes it "smart". This made between a convenient plastic.

Message Authentication Code

AGENDA Introduction Kind of information smart card contain

Crypto in information security

كارت هوشمند چيست وچگونه كار مي‌كند؟

Security Of Wireless Sensor Networks

Module 2 OBJECTIVE 14: Compare various security mechanisms.

PLANNING A SECURE BASELINE INSTALLATION

CRYPTOGRAPHY & NETWORK SECURITY

S m a r t C a r d s & S e c u r i t y E b r a h i m G h a s e m i

Presentation transcript:

Everything you always wanted to know about Smart Cards... Marc Witteman November 2001

Contents Secure communication –threats –objective of cryptography –cryptographic services, principles and algorithms Smart cards –concepts –applications –architecture Security –basic security features –attacks –counter measures

What are the threats ? disclosure Confidentiality:unauthorized disclosure of information modification Integrity:unauthorized modification of information use Authenticity:unauthorized use of service sender receiver

Objective of cryptography Giving trust in: –authenticity of message and/or sender –integrity of message –(sometimes) confidentiality of message by using an algorithm based on a secret shared between participants in a scheme.

Cryptographic services Encryption (confidentiality) encryptiondecryption message Key = ? encryption message Key encryption MAC message = ? Key Challenge encryption Key encryption response Message Authentication Codes (integrity) Electronic signatures (authentication)

Cryptographic principles based on: – key secrecy – strong algorithms – difficult to guess key from message/ciphertext pairs – sufficient key length (brute force) Kerckhoffs principle: –strength should reside in secrecy of key, –not in secrecy of algorithm

Classical systems: transposition (mixing character sequence) substitution (changing characters) poly-alphabetic substitution (Viginere, Hagelin) easily broken, using language statistics Cryptographic algorithms (1)

Cryptographic algorithms (2) Today two kinds of algorithms: repetitive permutations and substitutions of bits: –DES, 3-DES, IDEA, RC5, Blowfish … –secret key mathematical calculations –RSA, Rabin, ElGamal, zero-knowledge, elliptic curve… –public key

Smart card concepts A smart card: can store data (e.g. profiles, balances, personal data) provides cryptographic services (e.g. authentication, confidentiality, integrity) is a microcomputer is small and personal is a secure device Anne Doe

Smart card application areas Communication Entertainment Retail Transportation Health care Government E-commerce E-banking Education Office

Smart card applications (1) Retail –Sale of goods using Electronic Purses, Credit / Debit –Vending machines –Loyalty programs –Tags & smart labels Communication –GSM –Payphones Transportation –Public Traffic –Parking –Road Regulation (ERP) –Car Protection Entertainment –Pay-TV –Public event access control

Smart card applications (2) Healthcare –Insurance data –Personal data –Personal file Government –Identification –Passport –Driving license E-commerce –sale of information –sale of products –sale of tickets, reservations E-banking –access to accounts –to do transactions –shares

Smart card applications (3) Educational facilities –Physical access –Network access –Personal data (results) –Copiers, vending machines, restaurants,... Office –Physical access –Network access –Time registration –Secure & Web applications

Smart card architecture Vcc Reset Clock Gnd Vpp I/O Physical appearance: Credit card or SIM dimensions Contacts or contactless

Whats inside a smart card ? CPU Central Processing Unit: heart of the chip

Whats inside a smart card ? CPU security logic security logic: detecting abnormal conditions, e.g. low voltage

Whats inside a smart card ? CPU serial i/o interface security logic serial i/o interface: contact to the outside world

Whats inside a smart card ? CPU test logic serial i/o interface security logic test logic: self-test procedures

Whats inside a smart card ? CPU test logic ROM serial i/o interface security logic ROM: – card operating system – self-test procedures – typically 16 kbytes – future 32/64 kbytes

Whats inside a smart card ? CPU RAM test logic ROM serial i/o interface security logic RAM: scratch pad of the processor typically 512 bytes future 1 kbyte

Whats inside a smart card ? CPU RAM test logic ROM EEPROM serial i/o interface security logic EEPROM: –cryptographic keys –PIN code –biometric template –balance –application code –typically 8 kbytes –future 32 kbytes

Whats inside a smart card ? CPU RAM test logic ROM EEPROM serial i/o interface security logic databus databus: connection between elements of the chip 8 or 16 bits wide

Smart card chip

Basic smart card security features Hardware –closed package –memory encapsulation –fuses –security logic (sensors) –cryptographic coprocessors and random generator Software –decoupling applications and operating system –application separation (Java card) –restricted file access –life cycle control –various cryptographic algorithms and protocols

Smart card attacks Internal Attacks Side Channel Attacks Logical Attacks

InternalAttacks etching tools Microscope Probe station laser cutters Scanning Electron Microscope Focussed Ion Beam System and more……. Lab pictures provided by TNO

Reverse engineering

Staining of ion implant ROM array

Sub micron probe station

Probing with eight needles

FIB: fuse repair

Internal attack counter measures Alarm (sensors) –light –active grid Hide –feature size (< 300 nm) –multi-layer –buried bus –bus scrambling –shield Confuse –glue logic –redundant logic

Logical attacks Communication Command scan File system scan Invalid / inopportune requests Crypt-analysis and protocol abuse

Logical attack counter measures Command scan –limit command availability –restrict and verify command coding –life cycle management File system scan –restrict file access –test file access mechanisms (PIN. AUT, etc) Invalid / inopportune requests –exclude non-valid behaviour –verify conformance Crypt analysis and protocol abuse –publish algorithms and initiate public discussion –evaluate crypto algorithm and protocol

Side channel Attacks Use of hidden signals electromagnetic emission power consumption timing Insertion of signals power glitches electromagnetic pulses

Power analysis peak slope time I ddq area shape

Power waveform

Fault injection on smart cards Change a value read from memory to another value by manipulating the supply power: Threshold of read value A power dip at the moment of reading a memory cell

Side channel attack counter measures Signal analysis –reduce processor signal by balancing or equalising the power and/or shielding the emission –add noise to the processor activity (both in time and amplitude) –eliminate timing relation with processed key and or data –variable ordering of processes –blinding of intermediate values with random values –retry counters –limited control and visibility of crypto input and output Signal insertion –use sensors for supply voltage, light and temperature –double implementation path (for verification) –check for runtime parameter validity

Conclusions Smart card technology is emerging, applications are everywhere Smart cards enhance service and security Perfect security does not exist, even not for smart cards Risk analysis is essential More info? Mailto: