Smart Cards - PowerPoint PPT Presentation

About This Presentation
Title:

Smart Cards

Description:

Smart Cards By Simon Siu and Russell Doyle Overview Size of a credit card Small embedded computer chip Memory cards Processor cards Electronic purse cards (FSU ID ... – PowerPoint PPT presentation

Number of Views:511
Avg rating:3.0/5.0
Slides: 28
Provided by: csFsuEdu7
Learn more at: http://www.cs.fsu.edu
Category:
Tags: card | cards | smart

less

Transcript and Presenter's Notes

Title: Smart Cards


1
Smart Cards
  • By Simon Siu and Russell Doyle

2
Overview
  • Size of a credit card
  • Small embedded computer chip
  • Memory cards
  • Processor cards
  • Electronic purse cards (FSU ID card)
  • Security cards
  • Processor cards require a reader

3
History of Smart cards
  • Patented in 1970s (several different designs)
  • 1983 first mass use in France for pay phone
  • 1992 second mass use again in France for debit
    cards
  • 1993 Visa, MasterCard, Europay agreed on a
    standard (EMV)
  • Contactless technology is the new trend

4
Hardware Chip is accessed electronically via
gold plate
5
Smart card vs. Magnetic strip card
  • Smart card is more secure
  • Data encryption ability
  • Difficult to access data without terminal
  • Smart card is more expensive
  • Smart card is less durable

6
Usage
  • Banking
  • ATM
  • Payment
  • Like credit card
  • Access control
  • Certificate holder (able to do triple DES)
  • Id
  • Information storage

7
Prime examples
  • Medical application Germany issues smart cards
    to all citizens
  • India drivers licenses (becoming popular in
    other countries)
  • China transit (GuongZhou)
  • England tracking device in airports

8
Programming the Card
  • OpenCard
  • Java interface, Java Electronic Commerce
    Framework (JECF)
  • PC/SC
  • Windows based interface

9
Modeling Security Threats
  • Breaking Up Is Hard To Do Modeling Security
    Threats for Smart Cards by Schneier and Shostack

10
Smart Cards handicap
  • Functionality is split in unusual ways compare to
    a computer
  • Unable to interact with the world without outside
    peripherals
  • Multiple parties

11
Cardholder
  • Holding the card
  • May or may not control the info in card
  • Does not control the protocols, software, or
    hardware in the card system

12
Data Owner
  • May or may not control data in the card
  • Digital certificates
  • Amount of money in account

13
Terminal
  • Control all I/O to and from the card
  • Phone
  • ATM
  • Set-top box

14
Card Issuer
  • Control operating system running on the card
  • Initial data
  • Card manufacturer
  • Software manufacturer

15
Examples of Trust Splits in Smart card systems
  • Digital Stored Value Card
  • Cash card
  • Mondex
  • VisaCash
  • Digital Check Card
  • Similar to cash card
  • Card owner is also the data owner
  • Prepaid Phone Card
  • Value card
  • Account-based Phone Card
  • Account number

16
Continues
  • Access Token
  • Key to login or authenticatio protocol
  • Web Browsing Card
  • Cash card
  • Cardholder and terminal owner are the same

17
Continues
  • Digital Credential Device
  • Digital certificates or ther credentials
  • Cardholder and data owner are the same
  • Kerberos
  • DSSA/SPX
  • Key Storage Card
  • Key
  • Multi-Function Card

18
Threats
  • Attack is an attempte by one or more parties
    involved in a smart card transaction to cheat
  • Interfere with one or more parties
  • Inside vs Outside Attacks
  • One of the parties
  • Outsider stealing a card

19
Motives for Attack
  • Financial theft
  • Impersonation attack gain access
  • Privacy attack
  • Publicity attack

20
Classes of Attack
  • Attack by the Terminal against the cardholder or
    data owner
  • Fake ATM machines
  • Assume we trust the terminal
  • Preventions
  • Limit the time to modify
  • Limit the amount of reduced at a given time
  • Real prevention is monitering by back-end system

21
Continues
  • Attack by the cardholder against the terminal
  • Fake cards with rogue software
  • Preventions
  • Good protocol design
  • Hard-to-forge physical aspects
  • Hologram on Visa

22
Continues
  • Attack by the cardholder against the data owner
  • Pay-TV access cards
  • Reverse-engineering
  • Defeat tamper-resistance
  • Fault analysis
  • Attack by the cardholder against the issuer
  • Randomly access an acount with account-based
    phone cards
  • If there is a key, capture the key and use it

23
Continues
  • Attack by the cardholder against the software
    manufacturer
  • One application on a smard card to subvert
    another running on the same card.

24
Conclusion on Security
  • Resistance
  • Make specific attacks harder stronger
    cryptographic protocols, increase
    tamper-resistance
  • Few splits to eliminate certain attacks altogeter
  • Example cardholder is also the data owner which
    means no cardholder attacking data owner
  • Adding screen and data entry to the card
  • Increase the cost
  • More Transparency
  • Open publication leads to review and analysis
  • Cleanly separating roles
  • Example Mondex system with various terminals
  • User can check his/her account in any one of them

25
Evolution of Smart cards or lack there of
  • Why is it not popular in America yet?
  • Social environment
  • Split government systems
  • Class differences
  • Market forces
  • Cost vs. Benefit

26
Future of smart cards
  • Security of smart card is similar with the
    security of PC
  • New technology help to further secure smart
    system
  • Digital display on the card
  • Contact vs. Contactless

27
References
  • http//www.schneier.com/paper-smart-card-threats.p
    df
  • http//en.wikipedia.org/wiki/Smart_card
  • http//smartcard.nist.gov/faq.html
Write a Comment
User Comments (0)
About PowerShow.com