1 / 72

Smart Cards Operating Systems

Smart Cards Operating Systems. By: Dr Muhammad Wasim Raad Computer Engineering Department. Smart Chip - 2001+. Power (1.8 Volt). Co-Processor & 3-DES Engine. ROM (96 KB ). Ground. RAM (4 KB). Clock. 16/32-bit RISC Processor. EEPROM (64+ KB) FLASH (64 KB). Reset. ISO

arch
Télécharger la présentation

Smart Cards Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Cards Operating Systems By: Dr Muhammad Wasim Raad Computer Engineering Department Muhammad Wasim Raad

  2. Smart Chip - 2001+ Power (1.8 Volt) Co-Processor & 3-DES Engine ROM(96 KB) Ground RAM (4 KB) Clock 16/32-bit RISC Processor EEPROM (64+ KB) FLASH (64 KB) Reset ISO 7816 I/O Contact: ISO 7816 and USB MMU USB I/O DPA & SPA Resistant Logic Contactless: ISO 14443 Muhammad Wasim Raad

  3. What is a COS? Muhammad Wasim Raad

  4. Card OS Role Muhammad Wasim Raad

  5. Command Processing Muhammad Wasim Raad

  6. Command Processing(Cont) Muhammad Wasim Raad

  7. Transmission Protocol Muhammad Wasim Raad

  8. File Architecture Muhammad Wasim Raad

  9. File Architecture(Cont) Muhammad Wasim Raad

  10. Command Sets Muhammad Wasim Raad

  11. Protocol Application LayerAPDU Format Muhammad Wasim Raad

  12. Access Conditions Muhammad Wasim Raad

  13. Access Conditions(Cont) Muhammad Wasim Raad

  14. Access Conditions Examples Muhammad Wasim Raad

  15. Access Conditions Examples Muhammad Wasim Raad

  16. Smart Card Operating Systems • Smart card operating systems (SCOS) have little resemblance to desktop OS. • SCOS supports a collection of instructions on which user applications can be built. • ISO 7816-4 standardizes a wide range of instructions in the format of APDUs. • Most SMOS supports File Systems Muhammad Wasim Raad

  17. 1990: very few true SM operating systems • STARCOS: first developed by Giesecke & Devrient • COS: Card operating system accepted worldwide • ROM OS only in large no of cards Muhammad Wasim Raad

  18. Cyberflex • MultOS • MFC • StarCOS • Oscar • JavaCard OS Based Classification • Smart Card Operating Systems (SCOS) are placed on the ROM and usually occupy lesser than 16 KB. • SCOS handle: • File Handling and Manipulation. • Memory Management. • Data Transmission Protocols. • Various SCOS available are: Muhammad Wasim Raad

  19. Operating Systems • Consortium-based • Java Card (Sun) • Multos • Proprietary • Card Manufacturers • Microsoft • Windows for Smart Cards(WfSC) Muhammad Wasim Raad

  20. OS protection • PINS & KEYS in EF are not accessible except through OS • Downloadable codes need authentication • Access conditions determine what files to be executed Muhammad Wasim Raad

  21. Fundamentals • Smart Card OS do not include user interfaces or accessability to external memory • Security during program execution and protection of data accesses have highest priority Muhammad Wasim Raad

  22. Very low amount of program code: 3-30KB • ROM masks for OS need 10-12 weeks for correcting errors • The secure state of EEPROM has noticeable influence on design of OS Muhammad Wasim Raad

  23. For example all retry counters must be designed such that their maximum value corresponds to the erased state of the EEPROM • If this is not the case, it would be possible to reset counter to its initial value by intentionally removing the card during transaction Muhammad Wasim Raad

  24. This type of attack can be resisted by proper coding of the counter or by making the process of writing the retry counter an atomic process • Trap doors must be avoided • Cryptographic functions must execute in very short time Muhammad Wasim Raad

  25. OS can be loaded into EEPROM, but due to expensive EEPROM most OS is in ROM • Almost all OS allow program code for additional commands or special cryptographic algorithms to be loaded into EEPROM during completion Muhammad Wasim Raad

  26. OS must be able to automatically recognize the size of the EEPROM • Technical implementation involves OS routine reading the manufacturer’s finishing data • Current Smart Card OS is not able to adapt itself to varyations in size of ROM or RAM Muhammad Wasim Raad

  27. Primary tasks of Smart card OS • Transferring data to and from a smart card • Controlling execution of commands • Managing files • Managing and executing cryptographic algorithms Muhammad Wasim Raad

  28. Smart Card Communication Model * The card sends out an ATR (Answer to Reset) immediately after insertion. ** APDU stands for Application Protocol Data Unit (ISO 7816-4). Muhammad Wasim Raad Source: Z. Chen, “Java Card Technology for Smart Cards”

  29. MF DF DF DF EF EF EF EF EF EF MF Master File (root directory, must always be present) DF Dedicated File (directory file, can contain directory and data files) EF Elementary File (data file) Smart Card File System (ISO 7816-4) Muhammad Wasim Raad

  30. MF FID File Identifier (2 bytes) DF FID File Identifier (2 bytes) EF DF Name (1-16 Bytes)usually ISO 7816-5 AID Short-FID (5bits) FID File Identifier (2 bytes) Smart Card File Names (ISO 7816-4) Reserved FIDs 3F00MF root directory 0000EF PIN and PUK #10100EF PIN and PUK #2 0001EF application keys0011EF management keys 0002EF manufacturing info0003EF card ID info0004EF card holder info0005EF chip info 3FFF file path selection FFFF reserved for future use Muhammad Wasim Raad

  31. EEPROM pages100'000 write cycles64 byte page size Header pointer EF Body Smart Card Internal File Structure • Header: file structure info, access control rights, pointer to data body content changes never or seldom, protected from erasure • Body: data, content might change often, many write operations Muhammad Wasim Raad

  32. Muhammad Wasim Raad

  33. MULTOS • A high security architecture • Apps needing high security can reside next to apps needing low security • Co-residence of multiple, inter-operable, platform independent applications • Dynamic remote loading and deletion of applications over the lifetime of a card • Achieved using the language MEL (MULTOS Executable Language) Muhammad Wasim Raad

  34. PC/SC • Architecture designed to ensure the following work together even if made by different manufacturers: • smart cards • smart card readers • computers • Differs from OpenCard because it offers API interoperability rather than uniform API • Designed for Windows environment with development in Visual C++ Muhammad Wasim Raad

  35. Java card • The Java Card specifications enable Java technology to run on smart cards and other devices • Multi-Application Capable - Java Card technology enables multiple applications to co-exist securely on a single smart card • Dynamic: - New applications can be installed securely • Secure: - relies on the inherent security of the Java programming language to provide a secure execution environment. - platform's proven industry deployments and security evaluations ensure that card issuers benefit from the most capable and secure technology available today. Muhammad Wasim Raad

  36. Muhammad Wasim Raad

  37. Muhammad Wasim Raad

  38. To Managing Finances Securely and Conveniently Entertainment on Demand Earning and redeeming rewards with Virtual Merchants To store personal data for covenience on-line Virtual Health, Govt or other Services To Secure Virtual World Shopping with Credit (Chip SecureCode) or e-Cash How can the SMART card help in new channels? Muhammad Wasim Raad

  39. Native EMV Code Native Loyalty Code Native EMV Code Native EMV Code Native Loyalty Code Proprietary OS A Proprietary OS B Proprietary Smart Card Operating Systems • Proprietary Chip OS developed in “native” code - specific to underlying silicon - to access chip functions. OS often dedicated to performing a single specific function – e.g. EMV Data Data Data Data E2 E2 ROM ROM • OS code is fixed in the ROM of the chip, and cannot be changed after the chip is made. Chip Hardware A Chip Hardware B • Limited number of programmers able to make adaptations to proprietary OS – impact on time to market if changes / new functions required. • In order to multi-source silicon, native code must be redeveloped from scratch for new chip. Muhammad Wasim Raad Chip Hardware A Chip Hardware B

  40. KILLER Applications Muhammad Wasim Raad

  41. Operating System Options Logical & Physical Access WIM SIM Loyalty E-Purse Credit/Debit Open Platform (Card Manager & Security Domain) API MULTOS by Mondex International and MAOSCO Council Windows for Smart Card by Microsoft and Global Platform Java Card by Sun Micro and Global Platform or or Multos Muhammad Wasim Raad

  42. Muhammad Wasim Raad

  43. Muhammad Wasim Raad

  44. Muhammad Wasim Raad

  45. Muhammad Wasim Raad

  46. Proximity Solutions for MULTOS • 2 types of MULTOS “Dual-Interface” cards – supporting communication with the chip via both the contact plate and the contactless interface based on Proximity Standard - ISO 14443 • Hitachi/DNP Contactless MULTOS: 36K EEPROM, Type B contactless interface, Available now • Supports both versions of Paypass transaction (contactless M/Chip 4, or Contactless Track 2 data) and in fact can execute ANY existing MULTOS application over the contactless interface. • Keycorp / Philips Contactless MULTOS, 16K EEPROM, MIFARE Type A contactless interface, Prototypes available now • Supports Mifare ticketing only. Full contactless MULTOS application execution planned for Q3 2004 250K issued for Japan Residential ID card Muhammad Wasim Raad

  47. Smart Card Corporate ID& E-Purse Multi-application system Muhammad Wasim Raad

  48. Smart toolz File creation utility Muhammad Wasim Raad

  49. What is RFID? • RFID is an ADC technology that uses radio-frequency waves to transfer data between a reader and a movable item to identify, categorize, track... • RFID is fast, reliable, and does not require physical sight or contact between reader/scanner and the tagged item Muhammad Wasim Raad

  50. What is RFID • Tag enters RF field • RF signal powers tag • Tag transmits ID, plus data • Reader captures data • Reader sends data to computer • Computer determines action • Computer instructs reader • Reader transmits data to tag Radio Frequency Identification Label (Transponder) Reader/Antenna (Interrogator) Computer Muhammad Wasim Raad

More Related