Chapter 6 - Card Security Applications. 6.0 Card Era §credit cards have become part of our daily life as forms of plastic money since its first launch.

Chapter 6 - Card Security Applications

6.0 Card Era

credit cards have become part of our daily life as forms of plastic money since its first launch in 1960

a magnetic card verse a smart card

6.1 Magnetic Card

composed of a layer of magnetic material for storing information

easy to carrycan be use for authenticationwhat is its principles?

6.1.1 Information on Magnetic Card

the stripe is

8.5cm X 1.2cmdata is constructed

based on ISO 7811/2

maximum 3 stripescan store around 1K

bits

6.1.2 ISO Standards

Based on ISO 7811Track 1 is developed by International Air

Transportation Association (IATA) which contains adaptive 6-bit alphanumerical characters

Track 2 is used by American Bankers Association (ABA) which stores 4-bit numerical information containing identification number and control information.

Track 3 is originated by Thrift Industry which contains information which is intended to be updated with each transaction.

TRACK 1

TRACK 2

TRACK 3

IATA ANSI X4.16 — 1983 ISO 3554

ABA ANSI X4.16 — 1983 ISO 3554

THRIFT ANSI X4.16 — 1983 ISO 3554

0.223”

0.110”

0.110”

0.110”

Track 1

SS FC PAN FS NAME FS Additional Data ES LRCPrimary Acc.

No.(19 digits max.)

Name(26 alphanumericcharacters max.)

Exipiry Date 4 Restriction or Type 3 Offset or PVN 5 Discretionary Data

Track 2

FC

SS PAN FS Additional Data ES LRC

Primary Acc.No.

(19 digits max.)

Exipiry Date 4 Restriction or Type 3 Offset or PVN 5 Discretionary Data

SS Start Sentinel % Format Code

FS Field Seperator { ES End Sentinel ? LRC Longitudinal Redundany Code

FCSS Start Sentinel ; Format Code

FS Field Seperator = ES End Sentinel ? LRC Longitudinal Redundany Code

3.250”

FC

Magnetic stripe Content of Financial Cards

6.1.3 Capacity

Track Record density bits/inch Capacity

1 210 79 (7 bits/char.)

2 75 40 (5 bits/char.)

3 210 107 (5 bits/char)

6.1.4 Fraud card activities

Stealing — A legal card may be stolen and used in ATMs or EPOSs.

Altering and re-embossing a genuine card, that is modifying the visual features of card.

Skimming or altering the original electronic data stored on the magnetic stripe, for example the expire date or the credit limit.

Buffering or re-encoding the original data to the magnetic card. This technique is commonly used in producing card counterfeits of store-value ticket.

Copying of data from a genuine card to another in an on-line fashion “white plastic fraud”

Counterfeiting — “color plastic fraud” may be prepared by reading another legal card and encoding the same information onto another fraud card in an off-line fashion.

Valid Card

Fraud Card

6.1.5 Design of card protection technologies

Validation by Appearance — this is a visual mean to protect against illegal duplication of plastic card. The aim is to make the appearance of card so unique and difficult to duplicate that shopkeepers or card handlers can identify the genuine card instantly.

Verification on Access — this validation relies on the interaction with the card holder, the objective of the protection mechanism is to identify the person accessing the card is an authorized one.

Protection on Data — this is a machine readable protection to avoid data from being access and duplication illegally. The importance of stripe data protection is .to ensure the security of electronic transaction and provide an alternative verification mechanism of magnetic card.

Magnetic StripeProtection

Card Protection Technologies

Visual ProtectionTechnologies

Protection onAccess

Verification byCard Content

Protection onModification

Protection onDuplication

Holograms

Microprints

UltravioletPattern

Photocard

Signature

DNA

PIN

PVV

EmbossedInformation

CVC

Smart Card

Memory Card P Card

WatermarkSandwichMagneprintValugard

Xsec

Holomagnetic

Xshield

6.5.1 Validation by Appearance

MR. B 12/95 VISB

IN GOD WE TRUST

Authorized Signature

Logo

Hologram

Magnetic Stripe

Bar Code

Computer Chip

Printed &Embossed Data

Signatures

Fine Printings

Photo ID

But Counterfeits Still Exists!

Holograms

are the most notable marking for credit cardsproduced by a combination of photography

and laser beamsinitially counterfeit holograms were crude

and manufactured by stamping tin foilsrecently counterfeit holograms were

produced by professional technical knowledge is needed to validate the authenticity of holograms

Embossed characters

are some raised marks implemented on the plastic surface of card

the embossed information includes the user name, expiry date, card number and unique embossed symbol — VISA embossed a symbol like “CV” besides the expiry date.

However, the card material is a thermal plastic by warming the card to about 50C, it allows “debossing” of the characters and re-embossing with fraud information.

Photocards

are introduced by CitiBank Corporation the effectiveness of photocard on marketing

purposes seems to be greater than that on security

it is not an effective mean to stop card fraud because counterfeiters had the ability to imitate laser engraved photographs and signatures in rather low cost using a photomachine of around US$ 5000.

Ultra-violet dove, bank identifying number (BIN) and micro-printings

can also be duplicated under the existing technology

technical knowledge is needed to recognize a counterfeit card from a genuine one

most card reading terminals contain no visual detector to validate these visual protection features while human eyes are not a reliable mean of verification

difficult to validate a genuine card

6.5.2 Protection on Card Access

the card holder is requested to prove his identity or the authorized user will be acknowledged about the transaction

methods: signature biometrices PIN

Signature

Signature is the most popular way of verification.

When a transaction is made, the card holder is requested to sign and the signature will be verified visually.

this method is simple not useful in protection against “color

plastic fraud” where the criminal can sign their own signature in the fraud card.

Biometrics

biometrics features were developed such as speed of writing, fingerprint or iris pattern

implementation cost is hightheir accuracy is questionable

Personal identifying number (PIN)

PIN is a unique number given by the bank to each user which is effectively fixed by the customer account number and the cryptographic key used in the derived PIN computation.

PIN offset or password is a value that relates a derived PIN to actual PIN value.

When a card holder transfer or withdraw his money from a bank account, a 6-digits password is inputted before transaction processed.

The password will be validated by comparing with the one stored inside the magnetic card by offset or in a centralized database in the bank.

The security of password is relied on the encryption algorithm of PIN, the PIN management scheme and the secrecy of password.

PIN does not provides defense against data copied from another card which contains the correct card verification value.

Moreover, the encryption algorithm adopted in validation codes may be tampered and decoded by professional hackers with some insider information.

6.6 Smart Card

Integrated Circuit - chip

originated from France

invented in 70 and matured in 90

Magnetic Card replacement

Types of Smart Card

Memory CardMPU IC cardCrypto-

processor cardContactless card

Memory CardMemory Card

Primitive typecomposed of

EEPROM/PROMsimple functionas prepay card

Cypto-processor IC CardsCypto-processor IC Cards

composed of cypto-processor & PROM

a powerful MPUcan recognise

illegal signal and security features

MPU IC Smart CardMPU IC Smart Card

Composed of MCU/MPC

software drivenhave flexibility and

primitive intelligence

some security features

Contactless Smart CardContactless Smart Card

similar to contact smart card

with RF transceiver to increase robustness and security

6.6.1 Advantages of Smart Card

Large storage capacitymore security featuresmultiple functionsflexibility in use - intelligent, lower power

consumption, effective packagingas access card, electronic purse, debit/credit

cards, ID card etc. - particular off-line applications

6.6.2 Hardware Technologies

new memory technologies - EEPROM and flash-EPROM

new silicon technologies - 1.3 m to 0.8 m for more storage and security, lower power consumption

new packaging technologies - against breakage, rubbing and bending

6.6.3 Smart Card Software

Intelligent Chip Operating System -COSEncryption techniques - RSA & DESMultiple Application OS (MAOS)

Mondex, EMV, GSM, Loyalty

New requirements hot list, trust key management

6.6.4 Smart Card Worldwide

Use Distribution 40% Western Europe, 25% Asia, 15% North America, 8% South America and 12% others

Major user is France over 130M cardsGermany 80 M health insuranceover 20 countries use GSM and electronic

purse

Smart Card Project Worldwide

Mondex - UKBarclay/Mercury one-2-one project (UK)Detemobil Toll Collection (UK)Advantages Card in RSAID card in TaiwanMastercard &Visa + Netscape and

Microsoft - COS projectCredit Card in USA

Some Difficulties Worldwide

Bank card project cancellation - TaiwanMondex tampering slow down bank sector

development - RSA and New ZealandMastercard - year 2000 delay of massive

launchingVisa - adoption of magnetic card in RSA

debit card project Major concern - COST EFFECTIVENESS

6.6.5 Smart Card in Hong Kong

MondexVisa CashCity SmartOctopus - smart travelling card Jockey Club -pre-pay cardNew airport - access control cardHKT - telephone cardParking Meter - prepay card projectHKID

6.6.6 Smart Card in Electronic Commerce

Electronic Data Interchange (EDI)TradelinkElectronic PurchasingHome BankingInternet Shopping

6.6.7 New Technologies Required

Data Storage Management - information protection

authentication process - biometric: fingerprint, facial features, iris

identification, dynamic signature recognition, speech recognition

encryption methods - Elliptic Curve Cryptography, chaotic techniques

6.6.8 Governing Body

The Hong Kong Monetary Authority will set rules on use of smart card for financial applications

only banks may issue general purpose cardsHKMA can authorize other non-bank issuer

core use relating to business of the issuer needs to establish a business case an non-core

uses non-core uses subject to limits determined by

HKMA

Exemptions

Risk to payment system and card holders is slight

replace an existing non-regulated payment instrument like travelers’ cheques

soundness of issuermax. of HK$1000 limits on cardonly allow 15% for non core usesuse in a limited and distinct areas

6.6.9 Examples

Mondex : equivalent to bank note, and no audit trail

Visa Cash: equivalent to cheques, link to accounts and have audit trails

Note : There is no clearing system for the transfer to Mondex value (in the same way as transfer of bank notes).

Notes IssuingBank

Notes IssuingBank

Other BanksOther Banks

Notes holder ANotes holder A

Notes holder BNotes holder B MerchantMerchantBank notes

Goods/Services

Adjustment tointerbank A/C

Bank notes

Adjustment tocustomer A/C Bank notes

Tran

sfer

of b

ank

note

s

Goods/Services

Bank notes

MondexOriginator

MondexOriginator

Member BanksMember Banks

Cardholder ACardholder A

Cardholder BCardholder B MerchantMerchantMondex value

Goods/Services

Adjustment tointerbank A/C

Mondex value

Adjustment tocustomer A/C Mondex value

Tran

sfer

of M

onde

x

valu

e

Goods/Services

Mondex value

Issue of Bank Notes Origination of Mondex Value

Mondex scheme

Cheques VisaCash

Note : Transfer of VisaCash value would go through a clearing system in same way as clearing for cheques.

Payment by cheque

Issue ofcheques

Presentation of cheque received from customer

Credit Merchant A/C Goods/ Services

Payment by card

Uploadingvalue onto card

Redemption of value received from cardholder

Credit Merchant A/C

Debit Customer A/C (after cheque is cleared)

Debit Customer A/C(once value is uploaded)

Goods/ Services

Bank

ChequeClearingSystem

Merchant

BankCustomer

VisaCashClearingSystem

Bank

Merchant

Cardholder

VisaCash scheme

 Smart Card in Mobile Phone Applications

Wireless Application Protocol (WAP) emerges for a mobile Internet access

Research work launched in Japan indicates a good market if available.

Mobile operators will provide add on WAP gateways and WAP services to enable wireless internet services:

Banks, financial institutions, restaurants, retailers, Utilities, transit operators, hotels, entertainment and media, selling goods and information

Limitation, the SIM card inside the WAP phone cannot provide complicated the PKI authentication process thus security is an issue.

A possible solution is to introduce an additional smart card interface (either contact or contactless) to enable the authentication process. (MasterCard – dual card phone)

New technologies requirements: The development of m-PKI (mobile PKI) in the

multiple-application OS is more essential and practical

The development of high security low power card modules

A better interface to new wireless internet platform, other ancillary technologies, such as Bluetooth and Wireless Wallets are also important

Multos

Backs by MastercardMost Secure Hardware/software availableSecurity Level Common Standard Level 6

for Hitachi & Infineon cardsRequires secured terminals and approved

software for downloadingAccepted by Amercian Express for

Amexblue project

Overview

Single OSAPI and virtual machineStandard I/OSecurityDynamic application managementAdvantage: mature & stableDisadvantage: not flexible & independent security

certification

Java Card

Supported by Visa & Sun MicrosystemMore powerful processor & memoriesAllow download of applicationsOpen software platform for code

transportabilityFor multi-function, e-purse, loyalty, health

care database and Internet/Intranet access card

Overview

API: the programmer interfaceVirtual machineRuntime environmentDynamic application managementSuccessful in GSMNo independent security certification

Windows - WfSC

Supported by MicrosoftPopular Windows commandsimmature product - Unstable & unreliableWfSC developed using VB produces

inefficient code – thus OS is bulky

6.7 ISO 7816 Standards

7816/1

• Specifies the physical and dimensional features of the plastic supports. Additional characteristics specified are Mechanical strength, Static electricity, Electromagnetic fields and Bending properties etc.

7816/2

Specifies the meaning and location of the contacts.

This part defines eight contact referred to as C1 to C8. The contacts are located as shown in figure below.

Pin Assignment

Cont

act

No.

Assignment Contact

No.

Assignment

C1 VCC (supply voltage) C5 GND (ground)

C2 RST (reset signal) C6 VPP (Programming

voltage)

C3 CLK (clock signal) C7 I/O (Data input/output

C4 Reserved to ISO/IEC JTC

1/SC 17 for future use

C8 Reserved to ISO/IEC

JTC 1/SC 17 for future

use

7816/3

Specifies electronics signals and transmission protocols that the DC electrical characteristics, the character format and the command protocol for the Smart Card.

This ISO standard describes two types of data transfer between Smart Card and card Reader/Writer: asynchronous protocol with two data coding

conventions synchronous protocol

Asynchronous protocol

Character format:Each character (described in figure below)

is composed of: one start bit 8 bits of data one even parity bit guardtime slot including two stop bits

The data speed transmission depends on the clock signal frequency input into the Smart Card on the CLK contact.

The nominal bit duration sent on the I/O line is called the "elementary time unit" "etu" by the ISO standard.

This bit duration is directly proportional to the input clock during the "answer to reset", but may be requested to be modified (by the Smart Card) for the following data exchange. The parameters of this modification are given during the "answer to reset".

I/O Line management:

The I/O line (Input/output line) is used to exchange data in input mode (reception mode) or in output mode (transmission mode). This line must have two states: stand-by state or high level state working state or low level state:

Furthermore, the I/O line (as shown in figure below) is used to generate or to detect data parity errors in reception or transmission The transmitter must sample the I/O line during the guardtime duration. The transmission is presumed valid if the I/O line stays

at a high level during the guardtime slot The transmission is wrong if the I/O line is pulled

down during at least one etu (two etu max) during the guardtime slot.

The receiver, in order to signal a reception error, must pull down the I/O line.

Data coding

The ISO 7816 - 3 standard gives the possibility of two kinds of data coding. The direct convention or inverse convention. The type of convention is fixed by the Smart Card and is declared in the first character of the "answer to reset'.

In direct convention, the logical "l " level is 5 Volt and the least significant bit (LSB) is transmitted first.

In inverse convention, the logical "1" level is 0 Volt and the most significant bit (MSB) is transmitted first.

Synchronous protocol

In synchronous protocol, successions of bits are sent on the I/O line, synchronized with the clock signal on CLK pin. In synchronous protocol, the data frame format described previously is not available.

7816/4

Specifies the inter-industry command for interchange include:

The content of the message, commands and responses, transmitted by the interface device to the card and conversely.

The structure and content of the historical bytes sent by the card during the answer to reset.

The structure of files and data, as seen at the interface when processing inter-industry commands for interchange.

Access methods to files and data in the card.A security architecture defining access rights

to files and data in the card.Methods for secure messaging.

APDU (application protocol data unit) message structure

A step in an application protocol consists of sending a command, processing it in the receiving entity and sending back the response. Therefore a specific response corresponds to a specific command,

referred to as a command-response pair.

An application protocol data unit (APDU) contains either a command message or a response message, sent from the interface device to the card or conversely.

In a command-response pair, the command message and the response message may contain data, thus inducing four cases, which are summarized by table below.

Command-response pair

Case Command data Expected response data

1 No data No data

2 No data Data

3 Data No data

4 Data Data

Command APDU structure

Header Body

CLA INS P1 P2 (Lc field) (Data field) (Le field)

CLA - Class byteINS - Instruction byteP1, P2 - Parameter byteLc field - number of bytes present in the data fieldLe field - maximum number of bytes expected in the data field of the response APDU

Response APDU structure

The response APDU consists of Conditional body of variable length. Mandatory trailer of 2 byte.

Body Trailer

Data field SW1 SW2

Status Codes of response APDU trailer.

Physical Security & Recliability

Basic Internal Structure of CPU Smart Card

Possible Attacks on Smart Card

EM analysis: use electron microscope to inspect the internal structure of the mask

UV or X-ray inspection: use high efficiency UV or X-ray to inspect the memory areas to extract important information like PIN, secret key and public key

duplication: illegal copying of card content from one to another

confusion: disturb the power supply/frequency during PIN verification to confuse the accurate enter of PIN and allow access to the protected memory

tracking: based on the protocol exchange between the terminal and the card to track the sequence of commands

Physical Security & Recliability

Basic Internal Structure of CPU Smart Card

Possible Attacks on Smart Card

EM analysis: use electron microscope to inspect the internal structure of the mask

UV or X-ray inspection: use high efficiency UV or X-ray to inspect the memory areas to extract important information like PIN, secret key and public key

duplication: illegal copying of card content from one to another

confusion: disturb the power supply/frequency during PIN verification to confuse the accurate enter of PIN and allow access to the protected memory

tracking: based on the protocol exchange between the terminal and the card to track the sequence of commands

Other possible attracts: attract on DES like differentiate methodsattract on RSA using cyclic properties

General Smart Card Security Features

Against UV or X-ray inspection: Using implementation to avoid visible of ROM Code

EM analysis: Address Scrambling of memories

Against confusion: Low/High voltage sensors Low/High Frequencies sensors High Frequency Protection

Against duplication: Security PROM Hardware Protected Unique Chip Identification Number Move Code Blocking

Against Tracking: Secure authentication and data/key encryption

Against DPA: Random Wait State (Advance) Current Scrambling Generator (Advance)

Against Cyclic properties: No simple solutions

Protection Against Tracking

Random Number Generator for dynamic key generation

Cipher Engine for data protection: Block Stream

Random Number Generator

For generation of session keysDigital approach can only generate pseudo

random number based on

Xi =(a Xi-1 + b) mod c

Other use analogue approaches like VCO, white noise generator etc.

Block Cipher

K1: Master Key of length 16-bit

K2: Card ID of length 16-bit

Block Cipher8-bit

K1 : 16-bit

K2 : 16-bit

DataIn DataOut

8-bit

Block Cipher8-bit

K1 : 16-bit

K2 : 16-bit

DataOut DataIn

8-bit

Block Cipher Method – Write to Memory

Block Cipher Method – Read from Memory

Stream Cipher The Stream Cipher can be

viewed as a state machine with K1K2 as the initial state

It generates a pseudorandom number sequences which are XOR with the Input Data to form the Output Data

The data must be in sequence in order to encode and decode correctly

Not suitable

Stream Cipher

K1 : 16-bit

DataOut

8-bit8-bit

DataIn

K2 : 16-bit

Encryption Techniques

Encryption Encryption will modify data into irregular form

for security storage and transmission. The reconstruction is achieved by using a set of relevant Keys.

Two cryptosystems are currently being used, i.e. symmetric (DES/FEAL) and asymmetric (RSA, ECC). Symmetric cryptosystem requires only one common key for encryption and decryption whereas asymmetric system requires two keys, i.e. private/user key and public/system key.

Common Encryption Techniques in Smart CardPrivate:- Data Exchange

DES (Data Encryption Standard)

Public:- Key Exchange RSA (Rivet, Shamir, Adleman) ECC (Elliptic Curve Cryptography)

Also for Authentication

Is Smart Card Secure?

There is no 100% secured/perfect system available

System design and built for minimal attack risk can be treated as secure

Secure system are evaluated/classified in different levels using international standards such as TCSEC/DoD (Orange Book-USA), ITSEC (Europe) and CCITSE (ISO15408)

Trusted Computer Security Evaluation Criteria – USA(DoD)

D: Minimal protection No protection

C1: Discretionary Security Protection Use control access

C2: Controlled Access Protection Use accountability/auditing

B1: Labelled Security Protection Use sensitivity (classification) labels

B2: Structured Protection Use formal security policy more resistant to

penetrate

B3: Security domain Highly resistant to penetration. Use security

administrator, auditing events and system recovery process

A1: Verified protection Highly assure of penetration. Use formal

specification and verification approaches.

Information Technology Security Evaluation Criteria (ITSEC) and Common Criteria (CC) – Europe&Canada

EAL1 - functional testedEAL2 - structurally testedEAL3 - methodologically tested and checkedEAL4 - methodologically designed, tested and

reviewedEAL5 - semiformally designed and tested EAL6 - semiformally verified designed and tested EAL7 - formally verified designed and tested

Federal Information Processing Standards (FIPS) - evaluation

FIPS46-2 and 81 for DESFIPS 186 for Digital SignatureFIPS 140-2 for Cryptographic Modules

Security evaluation requirements

Cryptographic modulesmodule interface role and services finite state machine modelphysical securityEnvironmental Failure Protection/Testing

(EFT/EFP)Software security

Operation securitycryptographic key managementcryptographic algorithmEMI/EMCself tests

Electro-static Discharge – Dry/Wet weather comparison

ESD – failure in various stages

Reliability of Reader – Contact Type Smart Card

Mechanical Insertion Life time – around 1-3x105 insertion

For a typical flow of 105 crossing per dayEach reader will only last for 3 daysAssuming 30 readers installed at border, all

readers has to be replaced in 90 days.Whereas, contactless type has MTBF over

115,000 hrs = over 13 years

6.9 References

MC Chu M.Phil thesis: Magnetic card protection system

ISO 7811/1-3ISO 7816/1-4High Security Protection in Electronic

Commerce “III Publication Taiwan” ISBN 957-8364-24-5 (in Chinese)

*** END ***