Security and Reliability Security and Reliability of Smart Card of Smart Card Smart HKID Card Forum Smart HKID Card Forum J J an 6, 2001 an 6, 2001 Science Museum Science Museum Dr LM Cheng Director Smart Card Design Center Dept. of Electronic Engineering City University of Hong Kong
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Security and Reliability of Security and Reliability of Smart CardSmart Card Smart HKID Card ForumSmart HKID Card Forum JJan 6, 2001 an 6, 2001 Science MuseumScience Museum
Dr LM ChengDirectorSmart Card Design CenterDept. of Electronic EngineeringCity University of Hong Kong
ContentContent
Background General Security Features Simple Cryptographic Engine Encryption Techniques Security Standards & Assessment Physical & Electrical Reliability Electro-static Discharge
BackgroundBackgroundType of Smart CardsWorldwide MarketNew Technologies requirement
Types of Smart CardTypes of Smart Card
Memory CardMPU IC cardCrypto- processor cardContactless card
Basic Internal Structure of Basic Internal Structure of CPU Smart CardCPU Smart Card
Possible Attacks on Smart Possible Attacks on Smart CardCard
EM analysis: use electron microscope to inspect the internal structure of the mask
UV or X-ray inspection: use high efficiency UV or X-ray to inspect the memory areas to extract important information like PIN, secret key and public key
duplication: illegal copying of card content from one to another
confusion: disturb the power supply/frequency during PIN verification to confuse the accurate enter of PIN and allow access to the protected memory
tracking: based on the protocol exchange between the terminal and the card to track the sequence of commands
Other possible attracts: attract on DES like differentiate methodsattract on RSA using cyclic properties
General Smart Card General Smart Card Security FeaturesSecurity Features
Against UV or X-ray inspection:– Using implementation to avoid visible of
ROM Code
EM analysis:– Address Scrambling of memories
Against confusion:– Low/High voltage sensors– Low/High Frequencies sensors– High Frequency Protection
Against duplication:– Security PROM Hardware Protected– Unique Chip Identification Number – Move Code Blocking
Against Tracking:– Secure authentication and data/key encryption
Against DPA: – Random Wait State (Advance)– Current Scrambling Generator (Advance)
Against Cyclic properties:– No simple solutions
Protection Against TrackingProtection Against Tracking
Random Number Generator for dynamic key generation
Cipher Engine for data protection:– Block– Stream
Random Number GeneratorRandom Number Generator
For generation of session keysDigital approach can only generate pseudo
random number based on Xi =(a Xi-1 + b) mod c
Other use analogue approaches like VCO, white noise generator etc.
Block CipherBlock Cipher
K1: Master Key of length 16-bit
K2: Card ID of length 16-bit
Process in block and errors propagate within the block
Block Cipher8-bit
K1 : 16-bit
K2 : 16-bit
DataIn DataOut8-bit
Block Cipher8-bit
K1 : 16-bit
K2 : 16-bit
DataOut DataIn8-bit
Block Cipher Method – Write to Memory
Block Cipher Method – Read from Memory
Stream CipherStream Cipher• Similar to a state
machine with K1K2 as the initial state
• A pseudorandom number sequences generated are XOR with the Input Data to form the Output Data
• The data must be in sequence in order to encode and decode correctly
– Encryption will modify data into irregular form for security storage and transmission. The reconstruction is achieved by using a set of relevant Keys.
Two cryptosystems are currently being used, i.e. symmetric (DES/FEAL) and asymmetric (RSA, ECC). Symmetric cryptosystem requires only one common key for encryption and decryption whereas asymmetric system requires two keys, i.e. private/user key and public/system key.
Common Encryption Common Encryption Techniques in Smart CardTechniques in Smart Card
Private:- Data Exchange– DES (Data Encryption Standard)
Is Smart Card Secure?Is Smart Card Secure? There are no perfect (100%
secured) systems available Systems design and built for
minimal attack risk can be treated as secure sytems
Secure systems are evaluated/classified in different levels using international standards such as TCSEC/DoD (Orange -USA), ITSEC (Europe) and CCITSE (ISO15408)