Smartcards

ABSTRACT:

The physical and logical structure of the smart card and the corresponding
security access control has been discussed in this paper. It is believed that smart cards
offer more security and confidentiality than the other kinds of information or transaction
storage. Moreover, applications applied with smart card technologies are illustrated
which demonstrates smart card is one of the best solutions to provide and enhance their
system with security and integrity.

Today, smart cards are being used in different areas as they can be used together
with other technologies, such as asymmetric cryptographic algorithms, biometrics
identification and to provide highly assured and trusted applications. This paper discusses
three particular areas where demonstrated how different systems can make use of the
smart card to enhance their securities.

At the end of the paper, an overview of the attack techniques on the smart card is
discussed as well. Having those attacks does not mean that smart card is insecure. It is
important to realize that attacks against any secure systems are nothing new or unique.
Any systems or technologies claiming 100% secure are impossible. The main
consideration of determining whether a system is secure or not depends on whether the
level of security can meet the requirement of the system.

CONTENTS:
 1. Introduction 01

2. Physical structure 01

3. Life cycle of a Smart Card 02

4. Logical Structure and Access Controls 04

5. Procedural Protection 05
- Identification of Documents
- Authentication through

6. Attacks on Smartcard 08

- Logical Attacks
- Physical Attacks

7. Conclusion 10

8. References 10

Smartcards
1. Introduction
Definition:
A smart card resembles a credit card in size and shape, but inside it is completely
different. The inside of a smart card usually contains an embedded microprocessor. The
microprocessor is under a gold contact pad on one side of the card.
 It provides not only memory capacity, but computational capability as well. The
self-containment of smart card makes it resistant to attack as it does not need to depend
upon potentially vulnerable external resources. Because of this characteristic, smart cards
are often used in different applications which require strong security protection and
authentication.
For examples, smart card can act as an identification card which is used to prove
the identity of the card holder. It also can be a medical card which stores the medical
history of a person. Furthermore, the smart card can be used as a credit/debit bank card
which allows off-line transactions. All of these applications require sensitive data to be
stored in the card, such as biometrics information of the card owner, personal medical
history, and cryptographic keys for authentication, etc.
In the near future, the traditional magnetic strip card will be replaced and
integrated together into a single card by using the multi-application smart card, which is
known as an electronic purse or wallet in the smart card industry. The smart card is
becoming more and more significant and will play an important role in our daily life. It
will be used to carry a lot of sensitive and critical data about the consumers ever more
than before when compared with the magnetic strip card. Therefore, there are many
arguments and issues about whether or not the smart card is secure and safe enough to
store that information. This has always been a source of controversy.

2. Physical Structure
The physical structure of a smart card is specified by the International Standards
Organization (ISO) 7810, 7816/1 and 7816/2. The plastic card is the most basic one and
has the dimensions of 85.60mm x 53.98mm x 0.80mm. A printed circuit and an integrated
circuit chip are embedded on the card. Figure 1 shows an overview of the physical
structure of a smart card.
Figure 1: Physical structure of a smart card (Source: Philips DX smart card reference
manual, 1995)
The printed circuit conforms to ISO standard 7816/3 which provides five connection
points for power and data. The printed circuit protects the circuit chip from mechanical
stress and static electricity. Communication with the chip is accomplished through
contacts that overlay the printed circuit.
The capability of a smart card is defined by its integrated circuit chip. Typically, an
integrated circuit chip consists of a microprocessor, read only memory (ROM), non static
random access memory (RAM) and electrically erasable programmable read only
memory (EEPROM) which will retain its state when the power is removed.

3. Life Cycle of a Smart Card

There is an operating system inside each smart card which may contain a manufacturer
identification number (ID), type of component, serial number, profile information, and so
on. More important, the system area may contain different security keys, such as
manufacturer key or fabrication key (KF), and personalization key (KP). All of this
information should be kept secret and not be revealed by others.
Hence, from the manufacturer to the application provider, then the card holder, the
production of a smart card is divided into different phases. Limitation on transfer and
access of data is incremental at different phases in order to protect different areas in the
smart card. There are five main phases for a typical smart card life cycle. We will discuss
each of them below.

3.2.1 Fabrication Phase

 This phase is carried out by the chip manufacturers. The silicon integrated circuit
chip is created and tested in this phase. A fabrication key (KF) is added to protect the chip
from fraudulent modification until it is assembled into the plastic card support. The KF of
each chip is unique and is derived from a master manufacturer key. Then the chip is ready
to deliver to the card manufacturer with the protection of the key KF.
3.2.2 Pre-personalization Phase
This phase is carried out by the card suppliers. In this phase, the chip will be
mounted on the plastic card. The connection between the chip and the printed circuit will
be made, and the whole unit can be tested. For added security and to allow secure
delivery of the card to the card issuer, the fabrication key will be replaced by a
personalization key (KP). After that, a personalization lock VPER will be written to
prevent further modification of the KP. Access of the card can be done only by using
logical memory addressing. This preserves the system and fabrication areas being
accessed or modified.
3.2.3 Personalization Phase
This phase is conducted by the card issuers. It completes the creation of logical data
structures. Data files contents and application data are written to the card. Information of
card holder identity, PIN, and unblocking PIN will be stored as well.
3.2.4 Utilization Phase
This is the phase for the normal use of the card by the card holder. The application
system, logical file access controls, and others are activated. Access of information on the
card will be limited by the security policies set by the application.

3.2.5 End-of-Life Phase (Invalidation Phase)

There are two ways to move the card into this phase. One is initiated by the application
which writes the invalidation lock to an individual file or the master file. All the
operations including writing and updating will be disabled by the operating system. Only
read instructions may remain active for analysis purposes.

4. Logical Structure and Access Controls

After a smart card is issued to the consumer by the application provider, the protection of
the card will be controlled by the application operating system mainly. Physical
addressing mode of accessing data is no longer available. Access of data has to be done
through the logical file structure on the card. This section will discuss how the operating
system accomplishes the security protection of the data stored on the card by examining
the logical file structure and the corresponding access controls of a smart card.
4.1 Logical File Structure
In general, in terms of data storage, a smart card can be viewed as a disk drive where files
are organized in a hierarchical form through directories. Similar to MS-DOS, there is one
master file (MF) which is like the root directory. Under the root, we can have different
files which are called elementary files (EFs). We can also have various subdirectories
called dedicated files (DFs). Under each subdirectory will be elementary files again. The
main difference of a smart card file structure and a MS-DOS file structure is that
dedicated files can also contain data. Figure 2 shows logical view of a smart card file
structure.

Figure 2: Logical file structure of smart card

In smart card terminology, the root or master file (MF), besides the header part which
consists of itself, the body part contains the headers of all of the dedicated files and
elementary files which contain the MF in their parental hierarchy. The dedicated file (DF)
is a functional grouping of files consisting of it and all the files which are immediate
Childs of the DF. The elementary file (EF) simply consists of its header and the body
which stores the data.
The ways that the data is managed within a file differ and are dependent on different
operating systems. Some of them may manage the data simply by offset and length, while
the others may organize data in fixed or variable lengths of records such as Global
System for Mobile Communication (GSM) system. In any cases, the file must be selected
before performing any operations. This is equivalent to opening a file.
The logical access and selection mechanisms are activated after the power is supplied to
the card while the master file is selected automatically. The selection operation allows
movement around the tree. It can be descending by selecting an EF or a DF, or it can be
ascending by selecting a MF or DF. Horizontal movement can be done by selecting an EF
from another EF as well.
After the success of selection, the header of the file can be retrieved, which stores the
information about the file such as identification number, description, types, size, and so
on. Particularly, it stores the attribute of the file which states the access conditions and
current status. Access of the data in the file depends on whether those conditions can be
fulfilled or not.
4.2 Access Control
The smart card access control system covers file access mainly. Each file is attached by a
header which indicates the access conditions or requirements of the file and the current
status as well. The fundamental principle of the access control is based on the correct
presentation of PIN numbers and their management.
5. Procedural Protection
After an overview of the physical and logical protection given by the smart card, its time
to look at how we can make use of the smart card to protect and secure our systems in the
real life.
Because of the on-board computing power of the smart card, it is possible to achieve off-
line transactions and verifications. For instance, a smart card and a card acceptor device
(CAD) can identify each other by using the mutual active authentication method.
Moreover, data and codes stored on the card are encrypted by the chip manufacturer by
using computational scrambling encryption, which makes the circuit chip almost
impossible to be forged. All of these features together with the protected access control
are discussed in the previous section.
Today, smart cards are being used in different areas because they can be used together
with other technologies, such as asymmetric cryptographic algorithms and biometrics
identification, to provide highly assured and trusted applications. This section discusses
three particular areas where demonstrated how different systems can make use of the
smart card to enhance their securities.
5.1 Identification of Documents
Traditional document based identifications, such as identification card, licenses,
passport/visa, and so on, are always considered unreliable. All of them are easy to be
forged and copied. Particularly with today’s technologies, high quality color photocopies,
printers, and scanners are easily accessed and owned, as a result high quality fraudulent
documents can be produced easily. This makes the inspection of documents more and
more difficult.
The smart card probably is the best solution to solve this problem. Printed information
and photographs can be digitized and stored into the card. By setting up the access
condition and password on files, only authorized persons or authorities, such as
government departments, are allowed to access the information. Moreover, together with
the biometrics technology, biometrics information of the card holder can be placed on the
card, so that the smart card can corporate with biometrics scanner to identify or verify
whether the card is owned by the card holder or not. This significantly improves the
reliability of the document the smart card carries.
Here instead of verifying the documents by observation of an inspection officer, a card
acceptor device will be used. The device which contains the authorized code and PIN can
unlock the file and retrieve the owner’s information for verification.

5.2 Authentication through Kerberos Server

In an open distributed computing environment (DCE), to protect a system from
being attacked by remote network hosts, a certain kind of authentication must be taken
into account.
Kerberos is one of the systems which provide trusted third-party authentication services
to authenticate users on a distributed network environment. Basically, when a user or
client requests an access to a particular service from the server, he/she has to obtain a
credential from the Kerberos authentication server (AS). The user then presents that
credential to the Authentication Granting server (AGS) and obtains a service. Hence, the
user can request for service by submitting the service credentials to the desired server.
Figure 3 shows this authentication protocol.
An attacker can obtain the credential of another user, and perform off-line attack by using
a password guessing approach. This security weakness of Kerberos is pointed out by
Mark and Gary (1995) in one of their papers "Integrating Smart Card In to Authentication
Systems".
In their report, they proposed to integrate the smart card into the Kerberos system to
overcome this problem.

5.3 Access Control on Operating System

Access control is one of the important usages of the smart card technology. It is
also the motivation behind the development of smart card. In this section, we discuss how
to control the access of an operating system in a personal computer by using the smart
card.
The single-user nature of personal computers is lack of security protection on
their system, especially the system areas such as the boot sector of a hard disk or floppy.
They are allowed to be modified by anyone without any protection; this causes the
possibility of infection by computer virus. In the present days, a personal computer is
powerful enough to take the place of mini-computers to act as a network server, but its
single-user nature has not changed and this has caused the problem to become more
serious.
A boot integrity token system (BITS) is introduced by Paul and Lance who make use of
smart card technology to protect the operating system. The basic idea is that the host
computer is booted actually from a smart card or it requires critical information from the
card to complete the boot sequence. So that even if an attacker can gain physical access
to the hardware, it is impossible to guarantee system integrity.
The smart card is configured to require user authentication prior to the data access.
During system startup, two authentications have to be performed before the completion
of boot sequence. At first, the user is authenticated to the smart card by means of a
password. And then the host authenticates the card by reading the shared secret from the
card. After both of them are matched, host reads boot section information from the smart
card and completes the boot sequence. Then the PC operates as normal.
The smart card can also store the checksum of critical data and executable programs. It is
effective against virus by validating files integrity rather than scan for known virus
signatures. In general, the use of smart card here enhanced the security of the computer
by utilizing the inherent secure storage and processing capabilities.

6. Attacks on Smart Card

As discussed in all above, the smart card seems to be a superior tool for enhancing
system security and provides a place for secure storage. One of the security features
provided by most of the smart card operating systems, which is not mentioned in this
paper, is the cryptographic facilities. They provide encryption and decryption of data for
the card; some of them can even be used to generate cryptographic keys.
The secret of the cryptographic algorithm, the keys stored, and the access control inside
the smart card become the targets of attackers. Nowadays many companies and
cryptographers claim to be able to break the smart card and its microcontroller. Some of
them perform logical non-invasive attacks; some of them attack the card physically while
others just prove their success by mathematical theorems.
We will review the first two briefly and examine how the attacks are achieved. For the
third one, since their attacks are theoretical and relate to a lot of complicated
mathematical calculations and formulas which are outside the scope of this paper, it is not
discussed here.
6.1 Logical Attacks
As all the key material of a smart card is stored in the electrically erasable programmable
read only memory (EEPROM), and due to the fact that EEPROM write operations can be
affected by unusual voltages and temperatures, information can be trapped by raising or
dropping the supplied voltage to the microcontroller. In the report of "Tamper Resistance
- A Cautionary Note" by Ross and Markus (1996), several examples of attacking the
smart card microcontroller by adjusting the voltage are provided.
For example, a widely known attack of PIC16C84 microcontroller is that the security bit
of the controller can be clear with erasing the memory by raising the voltage VCC to VPP
- 0.5V. An attack on DS5000 security processor is another example. A short voltage drop
can release the security lock without erasing the secret data sometimes. Low voltage can
facilitate other attacks as well; such as an analogue random generator used to create
cryptographic keys will produce an output of almost all 1’s when the supply voltage is
lowered slightly.
For these reasons, some security processors implemented sensors which will cause an
alarm when there is any environmental change. However, these kinds of sensors always
cause false alarm due to the occurrence of fluctuations when the card is powered up and
the circuit is stabilizing. Therefore this scheme is not commonly used.
6.2 Physical Attacks
Invasive physical attacks are typical. Before this kind of attack can be performed, the
circuit chip has to be removed from the plastic card. This can be done by simply using a
sharp knife to cut away the plastic behind the chip module until the epoxy resin becomes
visible. And then the resin can be dissolved by adding a few drops of fuming nitric acid
(>98% HNO3). The acid and resin can be washed away by shaking the card in acetone
until the silicon surface is fully exposed. Ultimately the chip can be examined and
attacked directly.
At Cavendish laboratory in Cambridge, a technique is developed for reverse engineering
the circuit chips. The layout and function of the chip can be identified using that
technique. Then another technique developed by IBM can be used to observe the
operation of the chip. As a result its secret can be fully revealed.
Besides this, there are many different ways to perform physical attacks. For instance,
erasing the security lock bit by focusing UV light on the EPROM, probing the operation
of the circuit by using micro probing needles, or using laser cutter microscopes to explore
the chip, and so on. However, these kinds of attacks are only available for well funded
laboratories as the costs associated are considerably high.
7. Conclusion
 Finally, it is concluded that the smart card is an intrinsically secure device. It
is a safe place to store valuable information such as private keys, account numbers, and
valuable personal data such as biometrics information. The smart card is also a secure
place to perform off-line processes such as public or private key encryption and
decryption. The smart card can be an element of solution to a security problem in the
modern world.
8. References
 www.smartcardgroup.com
 www.smartcard.uk
 www.electronics.howstuffworks.com
 www.securingjava.com