Smart Cards

Our Inevitable Future

GROUP 12
ANMOL BHORE, APARNA A. ARSHE NOOR, MALAVIKA C, SHARAD ANAND

Smart card concepts

A smart card:
can store data (e.g. profiles, balances, personal data) provides cryptographic services (e.g. authentication, confidentiality, integrity) is a microcomputer is small and personal is a secure device

Examples of Smart Cards

Examples of Smart Cards

Examples of Smart Cards

What are smart cards?

Credit card sized plastic card with an embedded chip. May come in 2 types:
Memory Micro-processor

Contact and Contact-less type cards. Used as a replacement for magnetic stripe cards.

TYPES OF SMART CARDS

CONTACT SMART CARDS

CONTACTLESS SMART CARDS

COMBINATION SMART CARDS

Interfaces of Smart Cards

Antenna

Interfaces of Smart Cards

Whats inside a smart card ?

CPU test logic ROM security logic serial i/o interface RAM EEPROM

EEPROM:
cryptographic keys PIN code biometric template balance application code typically 8 kbytes future 32 kbytes

Whats inside a smart card ?

databus

CPU

test logic ROM

databus:
connection between elements of the chip 8 or 16 bits wide

security logic serial i/o interface

RAM
EEPROM

Construction of Smart Cards

Construction of Smart Cards

Vcc RST CLK I/O GND Vpp

RFU

RFU

Why use smart cards?

Can store currently up to 7000 times more data than a magnetic stripe card. Information that is stored on the card can be updated. Magnetic stripe cards are vulnerable to many types of fraud.
Lost/Stolen Cards Skimming Carding/ Phishing

Greatly enhances security by communicating with card readers using PKI algorithms. A single card can be used for multiple applications (cash, identification, building access, etc.) Smart cards provide a 3-fold approach to authentic identification:
Pin Smartcard Biometrics

Security of Smart Cards

Public Key Infrastructure (PKI) algorithms such as DES, 3DES, RSA and ECC. Key pair generation. Variable timing/clock fluctuation. 0.6 micron components. Data stored on the card is encrypted. Pin Blocking.

Elliptical Curve Cryptography

y=x+ax+b Q(x,y) =kP(x,y) Uses point multiplication to compute and ECDLP to crack. Beneficial for portable devices. Cryptographic coprocessors can be added to speed up encryption and decryption.

CAIN
Confidentiality is obtained by the encryption of the information on the card. Authenticity is gained by using the PKI algorithm and the two/three factor authentication. Integrity is maintained through error-checking and enhanced firmware. Repudiation is lower because each transaction is authenticated and recorded.

Common and Future Uses of Smart Cards

Current uses:
Chicago Transit Card Speed Pass Amex Blue Card Phone Cards University ID cards Health-care cards Access to high level government facilities.

Future uses:
Federally Passed Real-ID act of 2005. ePassports

Current Applications
Payphones

ID Verification and Access Control

Banking & Retail

Smart Cards
Health Care
Electronic Purse
Mobile Communications

Advantages
Flexibility Security Portability Increasing data storage capacity Reliability

SECURITY

RESPONSIBILITY OF THE CARD

DISADVANTAGES

EXPENSIVE

ALL READERS CANNOT READ ALL TYPES OF SMART CARDS (DEPEND ON THE SMART CARD BRAND)

Future
Tele-communications

Transportation

Education
Health Services