1 / 75

Introduction to

Bull Patents. Introduction to Smart Cards - Crypto & Security Training ... Bull Patents. Introduction to Smart Cards - Crypto & Security Training ...

HarrisCezar
Télécharger la présentation

Introduction to

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Introduction to Smart Cards

    Pascal Paillier Crypto & Security Department Gemplus

    What are Smart Cards? How do we make them? How do they work? What can you do with them? How can you program them?

    2. Outline

    3. What is a Smart Card?

    4. A Closer Look (1)

    5. A Closer Look (2)

    6. Outline

    What are Smart Cards? How do we make them? How do they work? What can you do with them? How can you program them?

    7. Manufacturing: Cutting

    8. Manufacturing: Gluing

    9. Manufacturing: Bonding

    10. Manufacturing: Encapsulation

    11. Manufacturing: Finished Modules

    12. Manufacturing: Module on Body

    Electrical Initialisation

    13. Smart Card Personalization

    Artwork Electrical

    14. The Players

    Chip Manufacturer Card Manufacturer Card Issuer Card Holder Electronic Circuit Initialization Personalization Card Distribution ( Personalization )

    15. Card Manufacturers role

    Initialization Card associated with issuer Security conditions Personalization Application profile into every card.The cards belong to one given application. Cardholder profile into the card: name, identification number... Initialization Personalization

    16. Card Personalization

    Electrical personalization: downloading of data (application & cardholder) Graphical personalization: printing text or artwork on the card body My name My name Making each card unique !

    17. Manufacturing: Personalisation

    Electrical and Physical Personalisation

    18. Outline

    What are Smart Cards? How do we make them? How do they work? What can you do with them? How can you program them?

    19. What is a Chip...

    Sheep? Chips? Cheap?

    20. Main features

    Tiny semiconductor based component Millions of basic electronic components Contains memory zones Erasable or not Protected or not

    21. The Chip

    Different memory blocks pad Silicon wafer A Chip

    22. Main chip providers

    ST ATMEL Infineon Philips Hitachi Samsung Nec Others

    23. Chip Layout

    CPU 8 bits (8051, 6805, Custom) 16 & 32 bits Memory (EEPROM, RAM, ROM, Flash) Control registers Clock generator (3.57 MHz) Timer(s) Serial IO interface (9600 bit/s) Crypto-Coprocessor (DES, AES, RSA) 25 mm max.

    24. Close-up view...

    25. Memory Characteristics

    EEPROM (non volatile memory) Up to 64K Bytes Application data storage ROM (write once) Up to 208 K Bytes Software (Operating System) storage RAM (temporary) Up to 5 K Bytes Working memory Flash (non volatile memory) Software patches or static application code & data

    26. What Does It Stand For?

    ROM Read Only Memory EEPROM Electrically Erasable Programmable R O M RAM Random Access Memory

    27. Smart Cards and Cryptography

    Typical figures (internal clock @ 5 to 33 MHz) Assembly language (software implementation) DES : 5 ms SHA-1 : 10 ms AES : 5 ms Public Key coprocessors (hardware implementation) RSA 1024 signature: ~ 200 ms ECC 160 signature: ~ 200 ms

    28. Smart Card Life cycle

    Silicon Manufacturing Card Manufacturing Personalization Hardware: CPU, RAM, EEPROM, Software burning (ROM) EEPROM (Files) Software Development

    29. Card Life Cycle

    IC Manufacturer Card Manufacturer From Manufacturing to Application phase Software Manufacturer System Integrator Card Accepting Devices Card Issuer End User Software manufacturer : OS + Gemplus software (software modules that can interface existing software) System integrator : Through our partners and VARsSoftware manufacturer : OS + Gemplus software (software modules that can interface existing software) System integrator : Through our partners and VARs

    30. Outline

    What are Smart Cards? How do we make them? How do they work? What can you do with them? How can you program them?

    31. Card Families

    32. Bitmap, synchronous access

    Memory Cards 1 Read 0 Write Erase 0 Read Erase First Generation Technology Second Generation Technology

    33. Enhanced Memory Cards

    Onboard hardwired crypto engine Card Authentication MAC on balance

    34. Memory Card Application

    Loyalty Payphones

    Chip Stucture (0,25mm2 )

    35. Smarter Smart Cards

    36. Smarter Smart Cards

    Microprocessor based Onboard Memory (RAM, ROM and EEPROM/Flash) Programmable Onboard processing Security features Crypto coprocessor (PK, DES,) Physical sensors (V, freq,) Physical protections (shielding,)

    37. Standards : ISO/IEC 7816 Integrated circuits cards with contacts

    ISO/IEC 7816-1 : Physical characteristics. ISO/IEC 7816-2 : Dimension & location of contacts. ISO/IEC 7816-3 : Electronic signals & transmission protocols. ISO/IEC 7816-4 : Inter-industry commands. ISO/IEC 7816-5 : Registration system for applications in IC card. ISO/IEC 7816-6 : Inter-industry data elements. ISO/IEC 7816-7 : Inter-industry commands for Structured Card Query Language (SCQL). ISO/IEC 7816-8 : Security architecture and related inter-industry commands. Aprs, pour chaque appli, des standards : ETSI, B0, etc...Aprs, pour chaque appli, des standards : ETSI, B0, etc...

    38. Smart Card Module

    Microcontact Microchip Micromodule

    39. Communications

    One communication channel: serial line Layered transmission protocol Application: Application Protocol Data Unit Transport: T=0, T=1, T=14

    40. How to communicate with a smart card ?

    41. Required Infrastructure

    Personalisation Center Issuing Center Reader Middleware Back-end System

    42. APDU Messages

    The card communicates with the reader by exchanging APDU messages (Application Protocol Data Unit) A message is a Command : From the reader to the card a Response : From the card to the reader Command Response

    43. Example

    Read Name Gemplus Id: Gemplus

    44. APDU Syntax

    APDU Command APDU Response SW Data

    45. Example

    P1, P2 : specify the data to be retrieved Le : length of data to retrieve READ BINARY (P1,P2,Le) Data, SW

    46. APDU Commands Model

    Command Response Based on ISO 7816-3 APDU Format Command CLA INS P1 P2 Lc DATA Le Response DATA SW1 SW2

    47. APDU Commands - 4 Cases (1/2)

    Case 1 No command data, No response data COMMAND: CLA INS P1 P2 RESPONSE: SW1 SW2 Case 2 No command data, sends response data COMMAND: CLA INS P1 P2 Le RESPONSE: Data SW1 SW2

    48. APDU Commands - 4 Cases (2/2)

    Case 3 Card Receives command data, No response data COMMAND: CLA INS P1 P2 Lc Data RESPONSE: SW1 SW2 Case 4 Card Receives command data, sends response data COMMAND: CLA INS P1 P2 Lc Data Le RESPONSE: Data SW1 SW2

    49. Select WIM Application Command

    50. Outline

    What are Smart Cards? How do we make them? How do they work? What can you do with them? How can you program them?

    51. Mask your Own Code

    Pros: Small code footprint Complete control Cons: Development in C and target assembly language Use emulators Mask lead time (~2 month) Bug fixes

    52. Use Proprietary Cards

    What you (usually) get: File System Fixed set of APDU Commands Read/Write files Access to cryptographic functions Pros: Off the shelf products Cheaper Cons: Not extensible Bug fixes

    53. Use Open Cards

    Choice Java Microsoft Standard API Crypto GSM (SMS, Pro active commands)

    54. Applet Life Cycle

    Write code in Java Compile it Debug it (simulator) Verify and Convert it (specific byte code) Load it Personalisation center Point of sale Over Networks (Internet, Wireless,)

    55. Resources

    On Card development: Java card : http://www.javacard.org Java Card Technology for Smart Cards, Zhiqun Chen, Sun Java Series, ISBN: 0-201-70329-7 Windows for SC : http://www.microsoft.com/smartcard/ Gemplus Developer web site: http://www.gemplus.fr/developers/index.htm Developer conference: http://www.key3studios.com/gemplusworld/ June 20, 21, Paris. Middleware: PCSC-Lite : http://www.linuxnet.com/ OCF (java) : http://ww.opencard.org/ CDSA : http://www.opengroup.org/security/l2-cdsa.htm PKCS : http://www.rsasecurity.com/rsalabs/pkcs/index.html

    56. Outline

    What are Smart Cards? How do we make them? How do they work? What can you do with them? How can you program them?

    57. A Smart Card is part of an

    HOST READERS CARDS

    58. Application Players

    59. Application Software

    Application software developed for customers needs Designed to communicate with user card

    60. Readers

    Link between: the host the cards

    61. Role of the Reader

    Application Software Reader Card The reader is the interface between the card and the application It serves as a translator It accepts the messages from the card and from the application software

    62. Why use a Smart Card?

    Crypto

    63. Advantages of a Smart Card

    Tamper resistance Storage Portability Tamper resistance Processing Ease of use Onboard key generation

    64. Main applications

    65. New applications

    Security of information system, Loyalty, Physical access control. Transport : Metro SEOUL. Security of information system : login, chiffrement du mail, signature, (Windows 2000). Identity : carte didentit ou permis de conduire dans certains pays dAmrique du Sud. Loyalty : Casino, Carrefour. Jeux : Poker en Russie Physical access control : Gemplus.Transport : Metro SEOUL. Security of information system : login, chiffrement du mail, signature, (Windows 2000). Identity : carte didentit ou permis de conduire dans certains pays dAmrique du Sud. Loyalty : Casino, Carrefour. Jeux : Poker en Russie Physical access control : Gemplus.

    Where is Cryptography Basic Electronic purse principle : Smart card reader asks user to enter his PIN code PIN code plays 2 roles : Authenticating the user Releasing the READ access right within the card Reader checks the Purse identity against Black list Reader (SAM) Authenticates the Purse (3-DES) Purse authenticates the Reader (SAM). Reader Decreases securely the purse value : Ask the SAM to generate a MAC Send the value to decrease & the MAC to purse Reader Increases securely the SAM counter : Read the new purse value with a MAC Send the whole to SAM

    67. Attacking Smart Cards

    Timing Attacks Power Analysis Simple Power Analysis Differential Power Analysis High-order, EMA, Invasive Attacks Probe Stations Focused Ion Beam

    68. Security Notions

    69. Attacks on Smart cards :

    Physical security Invasive Attacks Side Channel Attacks Fault Generation Wide range of techniques, requiring various skills, equipment and time:

    70. Open Platform Threats

    Flawed program (ex: server) Bad design (ex: no verification) Bad implementation (ex: buffer overflow) Trojan horse Piece of software (plug-ins..) hiding amongst its normal functionalities some malicious ones

    71. JavaCard Threats

    Stack overflow / underflow Type mismatch (e.g. pointer forgery) Data execution as Byte Code as native code Goal: bypass Java Virtual Machine controls and access local resources directly

    72. Integrity hash algorithms Checksums Authentication MAC forgery External authentication Internal Authentication Mutual authentication Confidentiality Plaintext recovery Key recovery Ciphertext forgery

    Cryptographic Attacks

    73. Replay attacks Man-in-the middle attacks Session high-jacking Eavesdropping

    Application level security : Protocols

    74. Focus on Smart Card Security or How to defeat Tamper resistance

    75. Conclusion

    Smart Personal Portable Secure =

More Related