Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Published byYazmin Maggart Modified over 10 years ago

Similar presentations

Presentation on theme: "Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University."— Presentation transcript:

1 Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University

2 Overview Introduction Security Technologies Physical structure and life cycle Communication with the outside world Operating system Attacks on Smart Card Conclusion

3 Introduction Smart card is a credit card sized plastic card embeds an integrated circuit chip. Smart card provides memory capacity and computational capabilities. It is used in the applications that require high security protection and authentication.

4 Introduction (Cont.) Main applications of smart card Credit/debit card Medical card Identification card Entertainment card Voting card

5 Security Technologies Three Points of Views Physical Structure and Life Cycle Communication with Outside World Operating System

6 Physical Structure Three basic elements A plastic card A printed circuit An integrated circuit chip

7 Life Cycle of the Smart Card Five phases in smart cards life cycle Fabrication phase Pre-personalization phase Personalization phase Utilization phase End-of-lift phase Every phase has its own limitations on transferring and accessing data

8 Fabrication Phase The chip manufacturer makes and tests the integrated circuit chip A unique fabrication key (FK) is added to prevent chip from modifying FK stays in the chip until it is assembled into the plastic card FK is derived from a master manufacture key

9 Pre-personalization Phase Controlled by the card suppliers Circuit chip is mounted on the plastic card A personalization key (PK) replaces the fabrication key A personalization lock V PER is set to prevent further modification The card only can accessed by the logical memory addressing

10 Personalization Phase Card issuer writes the data files and application data to the card Stores identity of card holder, PIN, and unblocking PIN Set a utilization lock V UTIL to indicate the card is in the utilization phase

11 Utilization Phase For normal use of the card by the card holder Application system and logical file access controls are available There are application security policies to rule the access of the information

12 End-of-Life Phase Also called invalidation phase There are two ways to move the card into this phase Set an invalidation lock to an individual or master file. Operating system disables all operations except read for analysis Block all the PINs to disable all operations Operating system disables all operations including read

13 Communication with Outside World Smart card usually needs external peripherals to cooperate e.g. needs to connect to card acceptor device to obtain power and input/output information The untrusted external peripherals reduce the security

14 Communication with Outside World (Cont.) To prevent massive data attack Data exchange limits to 9600 bits/second Use half duplex mode Mutual authentication protocol is used between smart card and CAD Use message authentication code (MAC) to protect integrity

15 Authentication between Smart Card and CAD

16 Operating System Logical File Structure Access Controls

17 Logical File Structure Files are in a hierarchal tree form Master file (MF) Dedicated file (DF) Elementary file (EF) Every file has header and body Header consists security attributes to indicate users rights Body stores all the headers of its immediate children or data Application can access files only it has the appropriate right

18 Access Controls Depends on the correct presentation of PIN and their management 5 Levels of access conditions Always (ALW) Card holder verification 1 (CHV1) Administrative (ADM) Never (NEV) PIN presentation and management Counter Maximum number Unblocking PIN

19 Attacks on Smart Card Logical attacks Control the voltage or temperate on EEPROM Physical attacks Wash away the surface of circuit chip and Examine it Use UV light Logical and physical attacks are expensive. They are only available in well-funded laboratories.

20 Attacks on Smart Cart (Cont.) Functional attacks Smart card consists five parties Cardholder, terminal, data owner, card issuer, card manufacturer, and software manufacturer There are potential attacks between any two parties Solutions Use strong cryptographic protocols to increase tamper resistance Reduce the party number Make the system more transparent Consider the security issue at the beginning of the system design

21 Conclusion Smart card uses integrated circuit chip rather than magnetic strip to store data Smart card can be programmed to compute the cryptographic keys Smart card is a good device to store important information Private key Account numbers Biometrics information Smart card has weakness, but it is secure enough for present requirements

22 Q & A ???

Download ppt "Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Chapter 3: Introduction to Data Communications and Networking

Chapter 3: Introduction to Data Communications and Networking
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Exercises and Solutions Lecture 1

Exercises and Solutions Lecture 1
Smart Card Syed Jabbar Computer Science Course:

Smart Card Syed Jabbar Computer Science Course:
Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.

Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.
PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.

PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.
POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.

POC Security System High security system combining PIN-on-Card, information security, physical access, control and alarm – all in one system.
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.

File Management Chapter 12. File Management File management system is considered part of the operating system Input to applications is by means of a file.
SSH: An Internet Protocol By Anja Kastl IS 373 - World Wide Web Standards.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?

Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
OS2-1 Chapter 2 Computer System Structures. OS2-2 Outlines Computer System Operation I/O Structure Storage Structure Storage Hierarchy Hardware Protection.

OS2-1 Chapter 2 Computer System Structures. OS2-2 Outlines Computer System Operation I/O Structure Storage Structure Storage Hierarchy Hardware Protection.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Similar presentations

Ads by Google