Chapter 6 - Card Security Applications
Dec 18, 2015
6.0 Card Era
credit cards have become part of our daily life as forms of plastic money since its first launch in 1960
a magnetic card verse a smart card
6.1 Magnetic Card
composed of a layer of magnetic material for storing information
easy to carrycan be use for authenticationwhat is its principles?
6.1.1 Information on Magnetic Card
the stripe is
8.5cm X 1.2cmdata is constructed
based on ISO 7811/2
maximum 3 stripescan store around 1K
bits
6.1.2 ISO Standards
Based on ISO 7811Track 1 is developed by International Air
Transportation Association (IATA) which contains adaptive 6-bit alphanumerical characters
Track 2 is used by American Bankers Association (ABA) which stores 4-bit numerical information containing identification number and control information.
Track 3 is originated by Thrift Industry which contains information which is intended to be updated with each transaction.
TRACK 1
TRACK 2
TRACK 3
IATA ANSI X4.16 — 1983 ISO 3554
ABA ANSI X4.16 — 1983 ISO 3554
THRIFT ANSI X4.16 — 1983 ISO 3554
0.223”
0.110”
0.110”
0.110”
Track 1
SS FC PAN FS NAME FS Additional Data ES LRCPrimary Acc.
No.(19 digits max.)
Name(26 alphanumericcharacters max.)
Exipiry Date 4 Restriction or Type 3 Offset or PVN 5 Discretionary Data
Track 2
FC
SS PAN FS Additional Data ES LRC
Primary Acc.No.
(19 digits max.)
Exipiry Date 4 Restriction or Type 3 Offset or PVN 5 Discretionary Data
SS Start Sentinel % Format Code
FS Field Seperator { ES End Sentinel ? LRC Longitudinal Redundany Code
FCSS Start Sentinel ; Format Code
FS Field Seperator = ES End Sentinel ? LRC Longitudinal Redundany Code
3.250”
FC
Magnetic stripe Content of Financial Cards
6.1.3 Capacity
Track Record density bits/inch Capacity
1 210 79 (7 bits/char.)
2 75 40 (5 bits/char.)
3 210 107 (5 bits/char)
6.1.4 Fraud card activities
Stealing — A legal card may be stolen and used in ATMs or EPOSs.
Altering and re-embossing a genuine card, that is modifying the visual features of card.
Skimming or altering the original electronic data stored on the magnetic stripe, for example the expire date or the credit limit.
Buffering or re-encoding the original data to the magnetic card. This technique is commonly used in producing card counterfeits of store-value ticket.
Copying of data from a genuine card to another in an on-line fashion “white plastic fraud”
Counterfeiting — “color plastic fraud” may be prepared by reading another legal card and encoding the same information onto another fraud card in an off-line fashion.
6.1.5 Design of card protection technologies
Validation by Appearance — this is a visual mean to protect against illegal duplication of plastic card. The aim is to make the appearance of card so unique and difficult to duplicate that shopkeepers or card handlers can identify the genuine card instantly.
Verification on Access — this validation relies on the interaction with the card holder, the objective of the protection mechanism is to identify the person accessing the card is an authorized one.
Protection on Data — this is a machine readable protection to avoid data from being access and duplication illegally. The importance of stripe data protection is .to ensure the security of electronic transaction and provide an alternative verification mechanism of magnetic card.
Magnetic StripeProtection
Card Protection Technologies
Visual ProtectionTechnologies
Protection onAccess
Verification byCard Content
Protection onModification
Protection onDuplication
Holograms
Microprints
UltravioletPattern
Photocard
Signature
DNA
PIN
PVV
EmbossedInformation
CVC
Smart Card
Memory Card P Card
WatermarkSandwichMagneprintValugard
Xsec
Holomagnetic
Xshield
6.5.1 Validation by Appearance
MR. B 12/95 VISB
IN GOD WE TRUST
Authorized Signature
Logo
Hologram
Magnetic Stripe
Bar Code
Computer Chip
Printed &Embossed Data
Signatures
Fine Printings
Photo ID
But Counterfeits Still Exists!
Holograms
are the most notable marking for credit cardsproduced by a combination of photography
and laser beamsinitially counterfeit holograms were crude
and manufactured by stamping tin foilsrecently counterfeit holograms were
produced by professional technical knowledge is needed to validate the authenticity of holograms
Embossed characters
are some raised marks implemented on the plastic surface of card
the embossed information includes the user name, expiry date, card number and unique embossed symbol — VISA embossed a symbol like “CV” besides the expiry date.
However, the card material is a thermal plastic by warming the card to about 50C, it allows “debossing” of the characters and re-embossing with fraud information.
Photocards
are introduced by CitiBank Corporation the effectiveness of photocard on marketing
purposes seems to be greater than that on security
it is not an effective mean to stop card fraud because counterfeiters had the ability to imitate laser engraved photographs and signatures in rather low cost using a photomachine of around US$ 5000.
Ultra-violet dove, bank identifying number (BIN) and micro-printings
can also be duplicated under the existing technology
technical knowledge is needed to recognize a counterfeit card from a genuine one
most card reading terminals contain no visual detector to validate these visual protection features while human eyes are not a reliable mean of verification
difficult to validate a genuine card
6.5.2 Protection on Card Access
the card holder is requested to prove his identity or the authorized user will be acknowledged about the transaction
methods: signature biometrices PIN
Signature
Signature is the most popular way of verification.
When a transaction is made, the card holder is requested to sign and the signature will be verified visually.
this method is simple not useful in protection against “color
plastic fraud” where the criminal can sign their own signature in the fraud card.
Biometrics
biometrics features were developed such as speed of writing, fingerprint or iris pattern
implementation cost is hightheir accuracy is questionable
Personal identifying number (PIN)
PIN is a unique number given by the bank to each user which is effectively fixed by the customer account number and the cryptographic key used in the derived PIN computation.
PIN offset or password is a value that relates a derived PIN to actual PIN value.
When a card holder transfer or withdraw his money from a bank account, a 6-digits password is inputted before transaction processed.
The password will be validated by comparing with the one stored inside the magnetic card by offset or in a centralized database in the bank.
The security of password is relied on the encryption algorithm of PIN, the PIN management scheme and the secrecy of password.
PIN does not provides defense against data copied from another card which contains the correct card verification value.
Moreover, the encryption algorithm adopted in validation codes may be tampered and decoded by professional hackers with some insider information.
6.6 Smart Card
Integrated Circuit - chip
originated from France
invented in 70 and matured in 90
Magnetic Card replacement
Cypto-processor IC CardsCypto-processor IC Cards
composed of cypto-processor & PROM
a powerful MPUcan recognise
illegal signal and security features
MPU IC Smart CardMPU IC Smart Card
Composed of MCU/MPC
software drivenhave flexibility and
primitive intelligence
some security features
Contactless Smart CardContactless Smart Card
similar to contact smart card
with RF transceiver to increase robustness and security
6.6.1 Advantages of Smart Card
Large storage capacitymore security featuresmultiple functionsflexibility in use - intelligent, lower power
consumption, effective packagingas access card, electronic purse, debit/credit
cards, ID card etc. - particular off-line applications
6.6.2 Hardware Technologies
new memory technologies - EEPROM and flash-EPROM
new silicon technologies - 1.3 m to 0.8 m for more storage and security, lower power consumption
new packaging technologies - against breakage, rubbing and bending
6.6.3 Smart Card Software
Intelligent Chip Operating System -COSEncryption techniques - RSA & DESMultiple Application OS (MAOS)
Mondex, EMV, GSM, Loyalty
New requirements hot list, trust key management
6.6.4 Smart Card Worldwide
Use Distribution 40% Western Europe, 25% Asia, 15% North America, 8% South America and 12% others
Major user is France over 130M cardsGermany 80 M health insuranceover 20 countries use GSM and electronic
purse
Smart Card Project Worldwide
Mondex - UKBarclay/Mercury one-2-one project (UK)Detemobil Toll Collection (UK)Advantages Card in RSAID card in TaiwanMastercard &Visa + Netscape and
Microsoft - COS projectCredit Card in USA
Some Difficulties Worldwide
Bank card project cancellation - TaiwanMondex tampering slow down bank sector
development - RSA and New ZealandMastercard - year 2000 delay of massive
launchingVisa - adoption of magnetic card in RSA
debit card project Major concern - COST EFFECTIVENESS
6.6.5 Smart Card in Hong Kong
MondexVisa CashCity SmartOctopus - smart travelling card Jockey Club -pre-pay cardNew airport - access control cardHKT - telephone cardParking Meter - prepay card projectHKID
6.6.6 Smart Card in Electronic Commerce
Electronic Data Interchange (EDI)TradelinkElectronic PurchasingHome BankingInternet Shopping
6.6.7 New Technologies Required
Data Storage Management - information protection
authentication process - biometric: fingerprint, facial features, iris
identification, dynamic signature recognition, speech recognition
encryption methods - Elliptic Curve Cryptography, chaotic techniques
6.6.8 Governing Body
The Hong Kong Monetary Authority will set rules on use of smart card for financial applications
only banks may issue general purpose cardsHKMA can authorize other non-bank issuer
core use relating to business of the issuer needs to establish a business case an non-core
uses non-core uses subject to limits determined by
HKMA
Exemptions
Risk to payment system and card holders is slight
replace an existing non-regulated payment instrument like travelers’ cheques
soundness of issuermax. of HK$1000 limits on cardonly allow 15% for non core usesuse in a limited and distinct areas
6.6.9 Examples
Mondex : equivalent to bank note, and no audit trail
Visa Cash: equivalent to cheques, link to accounts and have audit trails
Note : There is no clearing system for the transfer to Mondex value (in the same way as transfer of bank notes).
Notes IssuingBank
Notes IssuingBank
Other BanksOther Banks
Notes holder ANotes holder A
Notes holder BNotes holder B MerchantMerchantBank notes
Goods/Services
Adjustment tointerbank A/C
Bank notes
Adjustment tocustomer A/C Bank notes
Tran
sfer
of b
ank
note
s
Goods/Services
Bank notes
MondexOriginator
MondexOriginator
Member BanksMember Banks
Cardholder ACardholder A
Cardholder BCardholder B MerchantMerchantMondex value
Goods/Services
Adjustment tointerbank A/C
Mondex value
Adjustment tocustomer A/C Mondex value
Tran
sfer
of M
onde
x
valu
e
Goods/Services
Mondex value
Issue of Bank Notes Origination of Mondex Value
Mondex scheme
Cheques VisaCash
Note : Transfer of VisaCash value would go through a clearing system in same way as clearing for cheques.
Payment by cheque
Issue ofcheques
Presentation of cheque received from customer
Credit Merchant A/C Goods/ Services
Payment by card
Uploadingvalue onto card
Redemption of value received from cardholder
Credit Merchant A/C
Debit Customer A/C (after cheque is cleared)
Debit Customer A/C(once value is uploaded)
Goods/ Services
Bank
ChequeClearingSystem
Merchant
BankCustomer
VisaCashClearingSystem
Bank
Merchant
Cardholder
VisaCash scheme
Smart Card in Mobile Phone Applications
Wireless Application Protocol (WAP) emerges for a mobile Internet access
Research work launched in Japan indicates a good market if available.
Mobile operators will provide add on WAP gateways and WAP services to enable wireless internet services:
Banks, financial institutions, restaurants, retailers, Utilities, transit operators, hotels, entertainment and media, selling goods and information
Limitation, the SIM card inside the WAP phone cannot provide complicated the PKI authentication process thus security is an issue.
A possible solution is to introduce an additional smart card interface (either contact or contactless) to enable the authentication process. (MasterCard – dual card phone)
New technologies requirements: The development of m-PKI (mobile PKI) in the
multiple-application OS is more essential and practical
The development of high security low power card modules
A better interface to new wireless internet platform, other ancillary technologies, such as Bluetooth and Wireless Wallets are also important
Multos
Backs by MastercardMost Secure Hardware/software availableSecurity Level Common Standard Level 6
for Hitachi & Infineon cardsRequires secured terminals and approved
software for downloadingAccepted by Amercian Express for
Amexblue project
Overview
Single OSAPI and virtual machineStandard I/OSecurityDynamic application managementAdvantage: mature & stableDisadvantage: not flexible & independent security
certification
Java Card
Supported by Visa & Sun MicrosystemMore powerful processor & memoriesAllow download of applicationsOpen software platform for code
transportabilityFor multi-function, e-purse, loyalty, health
care database and Internet/Intranet access card
Overview
API: the programmer interfaceVirtual machineRuntime environmentDynamic application managementSuccessful in GSMNo independent security certification
Windows - WfSC
Supported by MicrosoftPopular Windows commandsimmature product - Unstable & unreliableWfSC developed using VB produces
inefficient code – thus OS is bulky
6.7 ISO 7816 Standards
7816/1
• Specifies the physical and dimensional features of the plastic supports. Additional characteristics specified are Mechanical strength, Static electricity, Electromagnetic fields and Bending properties etc.
7816/2
Specifies the meaning and location of the contacts.
This part defines eight contact referred to as C1 to C8. The contacts are located as shown in figure below.
Pin Assignment
Cont
act
No.
Assignment Contact
No.
Assignment
C1 VCC (supply voltage) C5 GND (ground)
C2 RST (reset signal) C6 VPP (Programming
voltage)
C3 CLK (clock signal) C7 I/O (Data input/output
C4 Reserved to ISO/IEC JTC
1/SC 17 for future use
C8 Reserved to ISO/IEC
JTC 1/SC 17 for future
use
7816/3
Specifies electronics signals and transmission protocols that the DC electrical characteristics, the character format and the command protocol for the Smart Card.
This ISO standard describes two types of data transfer between Smart Card and card Reader/Writer: asynchronous protocol with two data coding
conventions synchronous protocol
Asynchronous protocol
Character format:Each character (described in figure below)
is composed of: one start bit 8 bits of data one even parity bit guardtime slot including two stop bits
The data speed transmission depends on the clock signal frequency input into the Smart Card on the CLK contact.
The nominal bit duration sent on the I/O line is called the "elementary time unit" "etu" by the ISO standard.
This bit duration is directly proportional to the input clock during the "answer to reset", but may be requested to be modified (by the Smart Card) for the following data exchange. The parameters of this modification are given during the "answer to reset".
I/O Line management:
The I/O line (Input/output line) is used to exchange data in input mode (reception mode) or in output mode (transmission mode). This line must have two states: stand-by state or high level state working state or low level state:
Furthermore, the I/O line (as shown in figure below) is used to generate or to detect data parity errors in reception or transmission The transmitter must sample the I/O line during the guardtime duration. The transmission is presumed valid if the I/O line stays
at a high level during the guardtime slot The transmission is wrong if the I/O line is pulled
down during at least one etu (two etu max) during the guardtime slot.
The receiver, in order to signal a reception error, must pull down the I/O line.
Data coding
The ISO 7816 - 3 standard gives the possibility of two kinds of data coding. The direct convention or inverse convention. The type of convention is fixed by the Smart Card and is declared in the first character of the "answer to reset'.
In direct convention, the logical "l " level is 5 Volt and the least significant bit (LSB) is transmitted first.
In inverse convention, the logical "1" level is 0 Volt and the most significant bit (MSB) is transmitted first.
Synchronous protocol
In synchronous protocol, successions of bits are sent on the I/O line, synchronized with the clock signal on CLK pin. In synchronous protocol, the data frame format described previously is not available.
7816/4
Specifies the inter-industry command for interchange include:
The content of the message, commands and responses, transmitted by the interface device to the card and conversely.
The structure and content of the historical bytes sent by the card during the answer to reset.
The structure of files and data, as seen at the interface when processing inter-industry commands for interchange.
Access methods to files and data in the card.A security architecture defining access rights
to files and data in the card.Methods for secure messaging.
APDU (application protocol data unit) message structure
A step in an application protocol consists of sending a command, processing it in the receiving entity and sending back the response. Therefore a specific response corresponds to a specific command,
referred to as a command-response pair.
An application protocol data unit (APDU) contains either a command message or a response message, sent from the interface device to the card or conversely.
In a command-response pair, the command message and the response message may contain data, thus inducing four cases, which are summarized by table below.
Command-response pair
Case Command data Expected response data
1 No data No data
2 No data Data
3 Data No data
4 Data Data
Command APDU structure
Header Body
CLA INS P1 P2 (Lc field) (Data field) (Le field)
CLA - Class byteINS - Instruction byteP1, P2 - Parameter byteLc field - number of bytes present in the data fieldLe field - maximum number of bytes expected in the data field of the response APDU
Response APDU structure
The response APDU consists of Conditional body of variable length. Mandatory trailer of 2 byte.
Body Trailer
Data field SW1 SW2
Possible Attacks on Smart Card
EM analysis: use electron microscope to inspect the internal structure of the mask
UV or X-ray inspection: use high efficiency UV or X-ray to inspect the memory areas to extract important information like PIN, secret key and public key
duplication: illegal copying of card content from one to another
confusion: disturb the power supply/frequency during PIN verification to confuse the accurate enter of PIN and allow access to the protected memory
tracking: based on the protocol exchange between the terminal and the card to track the sequence of commands
Possible Attacks on Smart Card
EM analysis: use electron microscope to inspect the internal structure of the mask
UV or X-ray inspection: use high efficiency UV or X-ray to inspect the memory areas to extract important information like PIN, secret key and public key
duplication: illegal copying of card content from one to another
confusion: disturb the power supply/frequency during PIN verification to confuse the accurate enter of PIN and allow access to the protected memory
tracking: based on the protocol exchange between the terminal and the card to track the sequence of commands
Other possible attracts: attract on DES like differentiate methodsattract on RSA using cyclic properties
General Smart Card Security Features
Against UV or X-ray inspection: Using implementation to avoid visible of ROM Code
EM analysis: Address Scrambling of memories
Against confusion: Low/High voltage sensors Low/High Frequencies sensors High Frequency Protection
Against duplication: Security PROM Hardware Protected Unique Chip Identification Number Move Code Blocking
Against Tracking: Secure authentication and data/key encryption
Against DPA: Random Wait State (Advance) Current Scrambling Generator (Advance)
Against Cyclic properties: No simple solutions
Protection Against Tracking
Random Number Generator for dynamic key generation
Cipher Engine for data protection: Block Stream
Random Number Generator
For generation of session keysDigital approach can only generate pseudo
random number based on
Xi =(a Xi-1 + b) mod c
Other use analogue approaches like VCO, white noise generator etc.
Block Cipher
K1: Master Key of length 16-bit
K2: Card ID of length 16-bit
Block Cipher8-bit
K1 : 16-bit
K2 : 16-bit
DataIn DataOut
8-bit
Block Cipher8-bit
K1 : 16-bit
K2 : 16-bit
DataOut DataIn
8-bit
Block Cipher Method – Write to Memory
Block Cipher Method – Read from Memory
Stream Cipher The Stream Cipher can be
viewed as a state machine with K1K2 as the initial state
It generates a pseudorandom number sequences which are XOR with the Input Data to form the Output Data
The data must be in sequence in order to encode and decode correctly
Not suitable
Stream Cipher
K1 : 16-bit
DataOut
8-bit8-bit
DataIn
K2 : 16-bit
Encryption Techniques
Encryption Encryption will modify data into irregular form
for security storage and transmission. The reconstruction is achieved by using a set of relevant Keys.
Two cryptosystems are currently being used, i.e. symmetric (DES/FEAL) and asymmetric (RSA, ECC). Symmetric cryptosystem requires only one common key for encryption and decryption whereas asymmetric system requires two keys, i.e. private/user key and public/system key.
Common Encryption Techniques in Smart CardPrivate:- Data Exchange
DES (Data Encryption Standard)
Public:- Key Exchange RSA (Rivet, Shamir, Adleman) ECC (Elliptic Curve Cryptography)
Also for Authentication
Is Smart Card Secure?
There is no 100% secured/perfect system available
System design and built for minimal attack risk can be treated as secure
Secure system are evaluated/classified in different levels using international standards such as TCSEC/DoD (Orange Book-USA), ITSEC (Europe) and CCITSE (ISO15408)
Trusted Computer Security Evaluation Criteria – USA(DoD)
D: Minimal protection No protection
C1: Discretionary Security Protection Use control access
C2: Controlled Access Protection Use accountability/auditing
B1: Labelled Security Protection Use sensitivity (classification) labels
B2: Structured Protection Use formal security policy more resistant to
penetrate
B3: Security domain Highly resistant to penetration. Use security
administrator, auditing events and system recovery process
A1: Verified protection Highly assure of penetration. Use formal
specification and verification approaches.
Information Technology Security Evaluation Criteria (ITSEC) and Common Criteria (CC) – Europe&Canada
EAL1 - functional testedEAL2 - structurally testedEAL3 - methodologically tested and checkedEAL4 - methodologically designed, tested and
reviewedEAL5 - semiformally designed and tested EAL6 - semiformally verified designed and tested EAL7 - formally verified designed and tested
Federal Information Processing Standards (FIPS) - evaluation
FIPS46-2 and 81 for DESFIPS 186 for Digital SignatureFIPS 140-2 for Cryptographic Modules
Security evaluation requirements
Cryptographic modulesmodule interface role and services finite state machine modelphysical securityEnvironmental Failure Protection/Testing
(EFT/EFP)Software security
Reliability of Reader – Contact Type Smart Card
Mechanical Insertion Life time – around 1-3x105 insertion
For a typical flow of 105 crossing per dayEach reader will only last for 3 daysAssuming 30 readers installed at border, all
readers has to be replaced in 90 days.Whereas, contactless type has MTBF over
115,000 hrs = over 13 years
6.9 References
MC Chu M.Phil thesis: Magnetic card protection system
ISO 7811/1-3ISO 7816/1-4High Security Protection in Electronic
Commerce “III Publication Taiwan” ISBN 957-8364-24-5 (in Chinese)