Tarjetas Inteligentes :: Plataformas :: Tecnologías :: Lectores de Tarjetas | DNI-e :: Servicios Profesionales +34 952608193 +34 686500726 Contact KALYSIS 
Kalysis Página Principal
Lectores de Tarjetas Inteligentes y Criptográficas | Firma Electrónica Avanzada | Tokens USB

El primer Token USB de la Historia.

Lectores de Tarjetas | DNI-e | Lector DNI electronico

Los lectores de DNIe más certificados del mercado.

Lectores de Tarjetas | DNI-e RFID Mifare | Tarjetas de Proximidad

Los sistemas de control de acceso más potentes de la industria :: La gestión informática y electrónica de grandes terminales nacionales de transporte.

usb token patentLa Patente Industrial de Kalysis nº 2.186.534 :: O.E.P.M. :: may 9, 2001 - 10:53
:: Lectores de Tarjetas Inteligentes y Criptográficas | Firma Electrónica Avanzada | Tokens USB
Kalysis MEI®
:: Control de Tiempos y Accesos  |  Lectores y Tarjetas de Proximidad RFID Mifare
Kalysis Community Entrar o crear una cuenta Descargas Envíar Noticias Temas
Índice Usuarios Descargas Envíar Noticias Temas
tarjetas inteligentes Business Intelligence
 
Dec 11, 2018 - 09:39 AM
buscar tarjeta inteligente buscar token usb
  
 Consorcio de Fabricantes de Lectores y Tarjetas
    
tarjeta inteligente tarjetas inteligentes   tarjeta inteligente modulo iot
tarjeta inteligente Tienda Online

Comprar en KALYSIS España Lector de tarjetas DNI - Internet de las cosas

Internet de las Cosas
- Dispositivos de Red
-- Serie a Super Ethernet
-- Serie a Ethernet
-- Serie a GPRS
-- Serie a Wi-Fi
- Módulos IoT

Lectores de Tarjetas DNI

Tarjetas Inteligentes
- Tarjeta Ciudadana
- Tarjeta Mifare

Llave de descarga de tacógrafo

La llave Bluetooth para tacógrafos digitales más avanzada del mundo.


tarjeta inteligente Es seguro. Es Kalysis

¿Preguntas? LLámanos:
(+34)
952608193

HELP CENTER
escribir a kalysisEscríbenos.



tarjeta inteligente Kalysis Lectores Tarjetas Inteligentes
· PRODUCTOS   SERVICIOS
· Lector de Tarjetas Token USB Firma Electrónica
· Lector Grabador Tarjetas Magnéticas
· Firma Electrónica Avanzada
· Teclado Tarjetas Magnéticas e Inteligentes
· APLICACIONES
Tarjetas Inteligentes

· CLIENTES
· BUSINESS PARTNERS
· INVERSORES
· SALA DE PRENSA
· PATROCINIOS
· SUBASTONIC
· CONTACTO
· Descargas
· Archivo de Noticias
· FAQs
· Propiedad Industrial
· Información Técnica
   · Why Smart Cards?
   · Types of Chip Cards
   · Differences
   · Security Info
   · Standards
   · Glossary SmartCards
   · RFID Glossary
· Áreas de Aplicación
· ¿Por qué KALYSIS?
· Reseñas
· COTIZACIÓN

tarjeta inteligente Idioma
InglésEspañol
· Últimos 100 publicados
· Archivo de Artículos

SolounaTendrá solo UNA

Sabía que...

... KALYSIS es portada del Nilson Report?

Nilson Report - Tarjetas Inteligentes
Issue 814, July 2004

... la patente 2.186.534 de Kalysis es la base de la aplicación del DNI Digital o de la firma electrónica en tarjeta inteligente?

token USB... el "token USB" es un invento español patentado presentado publicamente en Bruselas?

...Los beneficios de pagos móviles crecerán drásticamente a USD20,000 millones en todo el mundo en 2005, de acuerdo con un nuevo informe estratégico de ARC Group. Esta cifra representa un crecimiento anual del 100%, y se deriva principalmente de nuevos tipos de transacción como prepago desde cajeros automáticos y otros innovadores ATMs.


tarjeta inteligente Empleo en Kalysis GRUPO
Trabajar en Kalysis
¿Buscas hacer empresa?

Que no te pique la envidia. Ven a inventar a Kalysis


tarjeta inteligente La concurrencia
Actualmente tenemos 14 invitado(s) y 0 Miembros

Eres un usuario anónimo. Puedes registrarte gratis haciendo clic aquí


tarjeta inteligente Kalysis Community
· Todos los Artículos
· AvantGo
· Descargas
· FAQ
· Feedback
· Mensajes
· Noticias
· Recomendarnos
· Reseñas
· Buscar
· Secciones
· Estadísticas
· Enviar Noticias
· Temas
· Top List
· Enlaces Web

tarjeta inteligente Tarjetas Inteligentes Estadísticas


Tarjetas Inteligentes - EstadísticasTarjetas Inteligentes en Europa


Informe mundial del mercado de tarjetas inteligentes Gartner DataQuest

Firma Electrónica Avanzada

Legislación Firma Electrónica

tarjeta inteligente Kalysis GRUPO
España Kalysis GRUPO - Plataforma Kalysis MEI

Kalysis EspañaKALYSIS Iberia, SL
Plaza de Uncibay 3
Primera Planta
29008 Málaga
ESPAÑA

952 60 81 93
686 500 726

CENTRO DE ATENCIÓN AL CLIENTE Voz/Fax

95 222 79 60

CENTRO DE INVESTIGACIÓN
BIC Euronova - Centro Europeo de Empresas e Innovación (CEEI)
Parque Tecnológico de Andalucía (PTA)
Málaga, ES 29590
ESPAÑA

INTERNACIONAL Voz

+34 952 608193

INTERNACIONAL FAX

+34 952 227960

ANID - National Association of Researchers in Educational Methodology
Camino de las Aguas, 48
37003 Salamanca
España

Kalysis SA de CVKALYSIS, SA de CV
:: General Payment Services de México, SA de CV


Camino al Desierto de Los Leones Número 35
Colonia San Ángel Inn
01000 México, Distrito Federal

Kalysis Miami
KALYSIS Central America
USA Office
9800 Southwest 62nd St
Miami, Florida 33173
USA

116 Northeast 3rd Avenue
Miami, Florida 33132
USA

Kalysis NicaraguaKALYSIS Nicaragua, SA
Edificio Grupo Lacayo
Km 5½ Carretera Norte Managua
NICARAGUA

Kalysis Argentina
KALYSIS Argentina

Buenos Aires
ARGENTINA

Kalysis Montevideo
AVICARD Identificación
Avda. Gestido, M-26, S-17, Sangrila
Canelones
URUGUAY

Kalysis Chile
KALYSIS Chile
Obispo Orrego, 42. Ñuñoa
Santiago de Chile
CHILE

Kalysis Colombia
KALYSIS Colombia SA
CRA 46 No 56-63
OFIC. 109
Edificio Argental
Medellín
COLOMBIA

INTERNACIONAL Voz

+34 952 608193

INTERNACIONAL FAX

+34 952 227960


Red de Distribuidores Europeos de Kalysis
Distribuidores EMEA

Austria, Alemania, Suiza, Dinamarca, Suecia, Noruega, Finlandia, Polonia, República Checa, Eslovaquia, Hungría, Eslovenia, Croacia, Latvia, Estonia y Lituania

Relaciones con la prensa y medios de comunicación
Iraís Quintana:
Correo prensa - tarjeta Inteligente


Sindicar Artículos de Kalysis Community
Tarjetas Inteligentes Sindicación Tarjetas Inteligentes


lector tarjeta inteligente

Smart Cards security info

Security Smart Cards

This section discusses the physical structure of a smart card and examines the components of a smart card. It will also discuss all the phases of a card’s life cycle, and explores how the microcontroller handles and transfers data securely from the card manufacturer to the application supplier and then to the bearer. As a result, we can determine how the data or information stored on the card can be protected.

1.1 Physical Structure

The physical structure of a smart card is specified by the International Standards Organisation (ISO) 7810, 7816/1 and 7816/2. Generally it is made up of three elements. The plastic card is the most basic one and has the dimensions of 85.60mm x 53.98mm x 0.80mm. A printed circuit and an integrated circuit chip are embedded on the card. Figure 1 shows an overview of the physical structure of a smart card.

smartcrd.gif - 3.00 K

Figure 1: Physical structure of a smart card (Source: Philips DX smart card reference manual, 1995)

The printed circuit conforms to ISO standard 7816/3 which provides five connection points for power and data. It is hermetically fixed in the recess provided on the card and is burned onto the circuit chip, filled with a conductive material, and sealed with contacts protruding. The printed circuit protects the circuit chip from mechanical stress and static electricity. Communication with the chip is accomplished through contacts that overlay the printed circuit.

The capability of a smart card is defined by its integrated circuit chip. Typically, an integrated circuit chip consists of a microprocessor, read only memory (ROM), nonstatic random access memory (RAM) and electrically erasable programmable read only memory (EEPROM) which will retain its state when the power is removed. The current circuit chip is made from silicon which is not flexible and particularly easy to break. Therefore, in order to avoid breakage when the card is bent, the chip is restricted to only a few millimetres in size.

Furthermore, the physical interface which allows data exchange between the integrated circuit chip and the card acceptor device (CAD) is limited to 9600 bits per second. The communication line is a bi-directional serial transmission line which conforms to ISO standard 7816/3. All the data exchanges are under the control of the central processing unit in the integrated circuit chip. Card commands and input data are sent to the chip which responses with status words and output data upon the receipt of these commands and data. Information is sent in half duplex mode, which means transmission of data is in one direction at a time. This protocol together with the restriction of the bit rate prevent massive data attack on the card.

In general, the size, the thickness and bend requirements for the smart card are designed to protect the card from being spoiled physically. However, this also limits the memory and processing resources that may be placed on the card. As a result, the smart card always has to incorporate with other external peripherals to operate. For example, it may require a device to provide and supply user input and output, time and date information, power and so on. These limitations may degrade the security of the smart card in some circumstances as the external elements are untrusted and precarious.

1.2 Life Cycle of a Smart Card

There is an operating system inside each smart card which may contain a manufacturer identification number (ID), type of component, serial number, profile information, and so on. More important, the system area may contain different security keys, such as manufacturer key or fabrication key (KF), and personalisation key (KP). All of this information should be kept secret and not be revealed by others.

Hence, from the manufacturer to the application provider, then the card holder, the production of a smart card is divided into different phases. Limitation on transfer and access of data is incremental at different phases in order to protect different areas in the smart card. There are five main phases for a typical smart card life cycle. We will discuss each of them below.

1.2.1 Fabrication Phase

This phase is carried out by the chip manufacturers. The silicon integrated circuit chip is created and tested in this phase. A fabrication key (KF) is added to protect the chip from fraudulent modification until it is assembled into the plastic card support. The KF of each chip is unique and is derived from a master manufacturer key. Other fabrication data will be written to the circuit chip at the end of this phase. Then the chip is ready to deliver to the card manufacturer with the protection of the key KF.

1.2.2 Pre-personalisation Phase

This phase is carried out by the card suppliers. In this phase, the chip will be mounted on the plastic card which may have the logo of the application provider printed on it. The connection between the chip and the printed circuit will be made, and the whole unit can be tested. For added security and to allow secure delivery of the card to the card issuer, the fabrication key will be replaced by a personalisation key (KP). After that, a personalisation lock VPER will be written to prevent further modification of the KP. In addition, physical memory access instructions will be disabled. Access of the card can be done only by using logical memory addressing. This preserves the system and fabrication areas being accessed or modified.

1.2.3 Personalisation Phase

This phase is conducted by the card issuers. It completes the creation of logical data structures. Data files contents and application data are written to the card. Information of card holder identity, PIN, and unblocking PIN will be stored as well. At the end, a utilisation lock VUTIL will be written to indicate the card is in the utilisation phase.

1.2.4 Utilisation Phase

This is the phase for the normal use of the card by the card holder. The application system, logical file access controls, and others are activated. Access of information on the card will be limited by the security policies set by the application. This will be discussed in detail in the next section.

1.2.5 End-of-Life Phase (Invalidation Phase)

There are two ways to move the card into this phase. One is initiated by the application which writes the invalidation lock to an individual file or the master file. All the operations including writing and updating will be disabled by the operating system. Only read instructions may remain active for analysis purposes. The another way to put the card into this phase is that, when the control system irreversibly blocks access because both the PIN and unblocking PIN are blocked, then all the operations will be blocked including reads.

Finally, table 1 summarises the conditions and memory accesses of a smart card during the various phases which are mentioned above.

Areas /Phases Fabrication Pre-personalisation Personalisation Utilisation End-of-Life
Access mode Physical addressing Logical addressing
System Not accessible
Fabrication (keys) Write KF Write KP Not accessible
Fabrication (data) Read, write, erase Read Read
Directory Read, write, erase According to logical file access conditions
Data Read, write, erase According to logical file access conditions
Optional code Read, write, erase Not accessible

Table 1: Phases and access rights of smart card's life cycle (Source: Philips DX smart card reference manual, 1995)

2. Logical Structure and Access Controls

After a smart card is issued to the consumer by the application provider, the protection of the card will be controlled by the application operating system mainly. Physical addressing mode of accessing data is no longer available. Access of data has to be done through the logical file structure on the card. This section will discuss how the operating system accomplishes the security protection of the data stored on the card by examining the logical file structure and the corresponding access controls of a smart card.

2.1 Logical File Structure

In general, in terms of data storage, a smart card can be viewed as a disk drive where files are organised in a hierarchical form through directories. Similar to MS-DOS, there is one master file (MF) which is like the root directory. Under the root, we can have different files which are called elementary files (EFs). We can also have various subdirectories called dedicated files (DFs). Under each subdirectory will be elementary files again. The main difference of a smart card file structure and a MS-DOS file structure is that dedicated files can also contain data. Figure 2 shows logical view of a smart card file structure.


figure2.gif - 3.42 K
Figure 2: Logical file structure of smart card



In smart card terminology, the root or master file (MF), besides the header part which consists of itself, the body part contains the headers of all of the dedicated files and elementary files which contain the MF in their parental hierarchy. The dedicated file (DF) is a functional grouping of files consisting of itself and all the files which are immediate childs of the DF. The elementary file (EF) simply consists of its header and the body which stores the data.

The ways that the data is managed within a file differ and are dependent on different operating systems. Some of them may manage the data simply by offset and length, while the others may organise data in fixed or variable lengths of records such as Global System for Mobile Communication (GSM) system. In any cases, the file must be selected before performing any operations. This is equivalent to opening a file.

The logical access and selection mechanisms are activated after the power is supplied to the card while the master file is selected automatically. The selection operation allows movement around the tree. It can be descending by selecting an EF or a DF, or it can be ascending by selecting a MF or DF. Horizontal movement can be done by selecting an EF from another EF as well.

After the success of selection, the header of the file can be retrieved, which stores the information about the file such as identification number, description, types, size, and so on. Particularly, it stores the attribute of the file which states the access conditions and current status. Access of the data in the file depends on whether those conditions can be fulfilled or not. This will be described in the following section.

In short, the file structure of the smart card operating system is similar to other common operating systems such as MS-DOS and UNIX. However, in order to provide greater security control, the attribute of each file is enhanced by adding accessing conditions and file status fields in the file header. Moreover, file lock is also provided to prevent the file being accessed. These security mechanisms and algorithms provide a logical protection of the smart card.

2.2 Access Control

The smart card access control system covers file access mainly. Each file is attached by a header which indicates the access conditions or requirements of the file and the current status as well. The fundamental principle of the access control is based on the correct presentation of PIN numbers and their management.

2.2.1 Levels of Access Conditions

Primarily, the access conditions of a file can be defined into the following five levels. Some of the operating systems may offer more than these depending on the application they provide.

-Always (ALW): Access of the file can be performed without any restriction.
-Card holder verification 1 (CHV1): Access can only be possible when valid CHV1 value is presented.
-Card holder verification 2 (CHV2): Access can only be possible when valid CHV2 value is presented.
-Administrative (ADM): Allocation of these levels and the respective requirements for their fulfilment are the responsibility of the appropriate administrative authority.
-Never (NEV): Access of the file is forbidden.

Those condition levels are not hierarchical. For instance, correct presentation of CHV2 does not mean that access of file is allowed, which requires presentation of CHV1. During the operation, corresponding requirements have to be fulfilled before the selection of the file. For example, correct CHV1 value has to be presented if it is the access condition of a file.

2.2.2 PIN Presentations

The PINs are normally stored in separate elementary files, EFCHV1 and EFCHV2 for example. Use of the access conditions on those files can prevent the PINs from being changed. The PIN can be changed by issuing the change PIN instruction together with the new and old PIN. However, for most of the smart card operating systems, the corresponding PIN will be invalidated or blocked when a fixed number of invalid PINs are presented consecutively. The number of times will vary with different systems.

At this moment, all the files require that PIN will be blocked and unaccessible. Unblocking has to be carried out with the knowledge of the correct PIN and a specific unblocking PIN stored in the card. Still, if an invalid unblocking PIN is presented consecutively and up to a particular number of times, the unblocking PIN will be blocked as well. Then both of the PIN and the unblocking PIN will be invalidated and are no longer to be restored. This is called an irreversible blockage. Some of the systems may even invalidate the whole card in order to prevent further attacks.

2.2.3 PIN Management

To achieve the protection and blockage of the PINs mentioned above, two counters have to be implemented for each of the card holder verification numbers (CHVs). The counters are composed in such a way that any possible errors in writing or erasing will be avoided, which could adversely affect the access control on the card. There are three states in the management of the PIN which are described below.

1. PIN has been presented: Files or functions which have PIN presentation as a pre-requisite or condition can be carried out. Every time the PIN is presented correctly, the PIN counter will be reset to the maximum number of tries, three for example.


2. PIN has not been presented or was presented incorrectly: The PIN counter will be decremented by one after each incorrect PIN was presented. All the operations or instructions which require PIN presentation will be invalidated. If the PIN counter reaches zero, then the PIN will be blocked.


3. PIN is blocked: In this state, all the operations require PIN presentation and even the PIN presentation instruction itself is blocked. Unblock PIN instruction has to be carried out. If correct unblocking PIN is presented, the PIN counter will be reset to the maximum number of tries and backed to the first state. However, if invalid unblocking PIN is presented, the unblock PIN counter will be decremented by one and when this counter reaches zero, the PIN can never be unblocked again.

Summing up the file structure and access control the smart card provided, data stored on the card can be protected either individually by setting access conditions in the header of each file or hierarchically by grouping files together under a single dedicated file (DF) with access conditions set on it. Furthermore, the irreversible blockage gives maximum protection to the card so that enormous intrusions are impossible.

3. Procedural Protection

After an overview of the physical and logical protection given by the smart card, its time to look at how we can make use of the smart card to protect and secure our systems in the real life.

Because of the on-board computing power of the smart card, it is possible to achieve off-line transactions and verifications. For instance, a smart card and a card acceptor device (CAD) can identify each other by using the mutual active authentication method. Moreover, data and codes stored on the card are encrypted by the chip manufacturer by using computational scrambling encryption, which makes the circuit chip almost impossible to be forged. All of these features together with the protected access control are discussed in the previous section.

Today, smart cards are being used in different areas becuase they can be used together with other technologies, such as asymmetric cryptographic algorithms and biometrics identification, to provide highly assured and trusted applications. This section discusses three particular areas where demonstrated how different systems can make use of the smart card to enhance their securities.

3.1 Identification of Documents

Traditional document based identifications, such as identification card, licenses, passport/visa, and so on, are always considered unreliable. All of them are easy to be forged and copied. Particularly with today’s technologies, high quality colour photocopies, printers, and scanners are easily accessed and owned, as a result high quality fraudulent documents can be produced easily. This makes the inspection of documents more and more difficult.

The smart card probably is the best solution to solve this problem. Printed information and photographs can be digitised and stored into the card. By setting up the access condition and password on files, only authorised persons or authorities, such as government departments, are allowed to access the information. Moreover, together with the biometrics technology, biometrics information of the card holder can be placed on the card, so that the smart card can corporate with biometrics scanner to identify or verify whether the card is owned by the card holder or not. This significantly improves the reliability of the document the smart card carries.

The operation procedures could be similar to the traditional paper based identification system. However, instead of verifying the documents by observation of an inspection officer, a card acceptor device will be used. The device which contains the authorised code and PIN can unlock the file and retrieve the owner’s information for verification. In the case when biometrics is used, the user can be authenticated by placing the required portion of his/her body onto a biometrics reader, the data collected by the reader can be used to compare with the one in the card.

Nowadays, many organisations or governments in different countries already have research on this issues. For example, many airlines intend to develop their electronic tickets by using smart cards which co-operate with the baggage handling system in some airports. The smart card typically stores the passenger’s flight details such as name, seat number, flight number, baggage details and so on. This helps to verify correct passenger checked-in and identify the owner of baggage in case of lost or unclaimed baggages. More importantly the system may help to identify criminals and terrorists.

In summary, it is anticipated that using the smart card as an identification document will be the future trend replacing traditional paper-based certificates. Information stored on the card about the owner will be increasing and becoming more and more sensitive. Therefore, the current access control system based on PIN presentation may not be secure enough. It is suggested that the card operating system may have to co-operate with some kind of authentication algorithms to protect all the files or even the whole system.

3.2 Authentication in Kerberos

In an open distributed computing environment (DCE), a workstation cannot be trusted to identify its users because the workstation may not be located in a well controlled environment and may be far away from the central server. A user can be an intruder who may try to attack the system or pretend to be someone else to extract information from the system which he/she is not entitled to. In order to protect a system from being attacked by remote network hosts, a certain kind of authentication must be taken into account.

Kerberos is one of the systems which provides trusted third-party authentication services to authenticate users on a distributed network environment. Basically, when a user or client requests an access to a particular service from the server, he/she has to obtain a ticket or credential from the Kerberos authentication server (AS). The user then presents that credential to the ticket granting server (TGS) and obtains a service ticket. Hence, the user can request for service by submitting the service ticket to the desired server. Figure 3 shows this authentication protocol.


figure3.gif - 4.85 K
Figure 3: Kerberos authentication protocol (source:Jennifer & Clifford & Jeffrey, 1988)



Having this protocol, the server can be assured offering services to the correct client who is entitled to have access. This is because Kerberos assumed that only the correct user can use the credential as others do not have the password to decrypt it. And also because of this, a user can actually request the credential of others. That is, the user is not authenticated at the beginning stage.

In this way, an attacker can obtain the credential of another user, and perform off-line attack by using a password guessing approach as the ticket is sealed by password only. This security weakness of Kerberos is pointed out by Mark and Gary (1995) in one of their papers "Integrating Smart Card Into Authentication Systems".

In their report, they proposed to integrate the smart card into the Kerberos system to overcome this problem. Six different schemes are proposed. The whole idea is to enhance the security of Kerberos authentication by authenticating the user directly at the beginning and before the granting of the initial ticket, so that one user cannot have the ticket of another. And, "the use of smart card requires user logging into the system not only recall a password, but also to be in possession of a token" (Mark & Gary, 1995).

The details of those six proposed schemes to integrate smart card into the Kerberos are not discussed here as it is not the concern in this paper. In conclusion, the model mentioned here demonstrated how smart card technology can secure a system procedurally.

3.3 Access Control On Operating System

Access control is one of the important usage of the smart card technology. It is also the motivation behind the development of smart card. In this section, we discuss how to control the access of an operating system in a personal computer by using the smart card. The original idea is come from Paul and Lance in their paper "BITS: A Smartcard Protected Operating System, 1994".

The single-user nature of personal computers is lack of security protection on their system, especially the system areas such as the boot sector of a hard disk or floppy. They are allowed to be modified by anyone without any protection, this causes the possibility of infection by computer virus. In the present days, a personal computer is powerful enough to take the place of mini-computers to act as a network server, but its single-user nature has not changed and this has caused the problem to become more serious.

A boot integrity token system (BITS) is introduced by Paul and Lance which make use of smart card technology to protect the operating system. The basic idea is that the host computer is booted actually from a smart card or it requires critical information from the card to complete the boot sequence. So that even if an attacker can gain physical access to the hardware, it is impossible to guarantee system integrity.

The smart card is configured to require user authentication prior to the data access. During system startup, two authentications have to be performed before the completion of boot sequence. At first, the user is authenticated to the smart card by means of a password. And then the host authenticates the card by reading the shared secret from the card. After both of them are matched, host reads boot section information from the smart card and completes the boot sequence. Then the PC operates as normal.

The smart card can also store the checksum of critical data and executable programs. It is effective against virus by validating files integrity rather than scan for known virus signatures. In general, the use of smart card here enhanced the security of the computer by utilising the inherent secure storage and processing capabilities.

4. Attacks on Smart Card

As discussed in all above, the smart card seems to be a superior tool for enhancing system security and provides a place for secure storage. One of the security features provided by most of the smart card operating systems, which is not mentioned in this paper, is the cryptographic facilities. They provide encryption and decryption of data for the card; some of them can even be used to generate cryptographic keys.

The secret of the cryptographic algorithm, the keys stored, and the access control inside the smart card become the targets of attackers. Nowadays many companies and cryptographers claime to be able to break the smart card and its microcontroller. Some of them perform logical non-invasive attacks, some of them attack the card physically while others just prove their success by mathematical theorems.

We will review the first two briefly and examine how the attacks are achieved. For the third one, since their attacks are theoretical and relate to a lot of complicated mathematical calculations and formulas which are outside the scope of this paper, it is not discussed here.

4.1 Logical Attacks

As all the key material of a smart card is stored in the electrically erasable programmable read only memory (EEPROM), and due to the fact that EEPROM write operations can be affected by unusual voltages and temperatures, information can be trapped by raising or dropping the supplied voltage to the microcontroller. In the report of "Tamper Resistance - A Cautionary Note" by Ross and Markus (1996), several examples of attacking the smart card microcontroller by adjusting the voltage are provided.

For example, a widely known attack of PIC16C84 microcontroller is that the security bit of the controller can be clear with erasing the memory by raising the voltage VCC to VPP - 0.5V. An attack on DS5000 security processor is another example. A short voltage drop can release the security lock without erasing the secret data sometimes. Low voltage can facilitate other attacks as well, such as an analogue random generator used to create cryptographic keys will produce an output of almost all 1’s when the supply voltage is lowered slightly.

For these reasons, some security processors implemented sensors which will cause an alarm when there is any environmental changes. However, these kinds of sensors always causes false alarm due to the occurrence of fluctuations when the card is powered up and the circuit is stabilising. Therefore this scheme is not commonly used.

4.2 Physical Attacks

Invasive physical attacks are typical. Before this kind of attack can be performed, the circuit chip has to be removed from the plastic card. This can be done by simply using a sharp knife to cut away the plastic behind the chip module until the epoxy resin becomes visible. And then the resin can be dissolved by adding a few drops of fuming nitric acid (>98% HNO3). The acid and resin can be washed away by shaking the card in acetone until the silicon surface is fully exposed. Ultimately the chip can be examined and attacked directly.

At Cavendish laboratory in Cambridge, a technique is developed for reverse engineering the circuit chips. The layout and function of the chip can be identified using that technique. Then another technique developed by IBM can be used to observe the operation of the chip. As a result its secret can be fully revealed.

Besides this, there are many different ways to perform physical attacks. For instance, erasing the security lock bit by focusing UV light on the EPROM, probing the operation of the circuit by using microprobing needles, or using laser cutter microscopes to explore the chip, and so on. However, these kinds of attacks are only available for well funded laboratories as the costs associated are considerably high.

5. Conclusion

The physical and logical structure of the smart card and the corresponding security access control have been discussed in this paper. It is believed that smart cards offer more security and confidentiality than the other kinds of information or transaction storage. Moreover, applications applied with smart card technologies are illustrated which demonstrate smart card is one of the best solutions to provide and enhance their system with security and integrity.

At the end of the paper, an overview of the attack techniques on the smart card is discussed as well. Having those attacks does not mean that smart card is unsecure. It is important to realise that attacks against any secure systems are nothing new or unique. Any systems or technologies claiming 100% secure are irresponsible. The main consideration of determining whether a system is secure or not depends on whether the level of security can meet the requirement of the system.

Furthermore, most of the attacks available today are classified as class 3 attacks, which means that the costs associated to break the system are far more than the cost of the system itself, or it has to spend several or hundred years of computing power to break into a single transaction. As the technology advances quickly, manufacturers update and enhance their products constantly. Therefore, as soon as the hackers find ways of hacking the system, the problems could be solved by the new generation of technology.

Finally, it is concluded that the smart card is an intrinsically secure device. It is a safe place to store valuable information such as private keys, account numbers, and valuable personal data such as biometrics information. The smart card is also a secure place to perform off-line processes such as public or private key encryption and decryption. The smart card can be an element of solution to a security problem in the modern world.







lector tarjeta inteligente
Kalysis GRUPO © 2001-2017 Licensed Materials - Program Property of Kalysis. All Rights Reserved
Licensed under one or more Spain Patents Nº 2,186,534 assigned to Kalysis Iberia, SL. MEI® is a trademark of Kalysis GRUPO
All trademarks are the property of their respective companies. Technical data subject to change without notice

NOTA LEGAL AMPLIADA

El Greco, 17. 29749 Málaga - Andalucía - España - EU
Inscrita en el Registro Mercantil nº 5 de Málaga. Tomo 3.322, Libro 2.234, Folio 45, Hoja MA-63694. Sociedad Limitada C.I.F. ES B92451996 Kalysis es un Operador Intracomunitario registrado en el V.I.E.S.
© 2001-2017 Kalysis Iberia, SL