introduction to smart cards - vmeng.comvmeng.com/mc/slides01/introduction_to_sc.pdfintroduction to...

Introduction toIntroduction to

Smart CardsSmart Cards

JEAN-LUC Giraud

MacCrypto’01

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents2

OutlineOutline

��What are Smart Cards?What are Smart Cards?

��How do we make them?How do we make them?

��How do they work?How do they work?

��What can you do with them?What can you do with them?

��How can you program them?How can you program them?


Bull Patents3

What is a Smart Card?What is a Smart Card?


Bull Patents4

A Closer Look (1)A Closer Look (1)


Bull Patents5

A Closer Look (2)A Closer Look (2)


Bull Patents6

OutlineOutline







Bull Patents7

Manufacturing: CuttingManufacturing: Cutting


Bull Patents8

Manufacturing: GluingManufacturing: Gluing


Bull Patents9

Manufacturing: BondingManufacturing: Bonding


Bull Patents10

Manufacturing: EncapsulationManufacturing: Encapsulation


Bull Patents11

Manufacturing: Finished ModulesManufacturing: Finished Modules


Bull Patents12

Manufacturing: Module on BodyManufacturing: Module on Body

Electrical InitialisationElectrical Initialisation


Bull Patents13

Manufacturing: PersonalisationManufacturing: Personalisation

Electrical and Physical PersonalisationElectrical and Physical Personalisation


Bull Patents14

OutlineOutline







Bull Patents15

Card FamiliesCard Families

MicroprocessorMicroprocessor

MemoryMemory


Bull Patents16

Memory CardsMemory Cards

� Bitmap, synchronous access� R/W

� R/Erase only

11 00 11 11 11 11 11

11 00 11 11 00 11 00 1100 00 11 11 11 00 11 11

0011 00 11 11 11 11 11

11 00 11 11 00 11 00 1100 00 11 11 11 00 11 11

1111 00 11 11 11 11 11

11 00 11 11 00 11 00 1100 00 11 11 11 00 11 11

00

00 00 00 00 11 11 11

00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00

1100 00 00 00 11 11 11

00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00

00


Bull Patents17

Enhanced Memory CardsEnhanced Memory Cards

� Onboard hardwired crypto engine

� Card Authentication

� MAC on balance


Bull Patents18

Memory Card ApplicationMemory Card Application

� Loyalty � Payphones


Bull Patents19

Smarter Smart CardsSmarter Smart Cards

� Microprocessor based

� Onboard Memory (RAM, ROM and EEPROM/Flash)

� Programmable

� Onboard processing

� Security features� Crypto coprocessor (PK, DES,…)

� Physical sensors (V, freq,…)

� Physical protections (shielding,…)


Bull Patents20

Chip Structure (0.25mmChip Structure (0.25mm22))

FLASH / EEPROM

ROM

RAM

CPU


Bull Patents21

Smart Card ModuleSmart Card Module

EEPROM /FLASH

RAMROM

Data Bus

Address Bus

MicroprocessorMicroprocessorVcc

Reset

Clock

Ground

Vpp

I/O

CPUCPU

Microcontact Microchip

Micromodule


Bull Patents22

CommunicationsCommunications

� One communication channel: serial line

� “Layered” transmission protocol� Application: Application Protocol Data Unit

� Transport: T=0, T=1, T=14


Bull Patents23

� An APDU contains:

� a command message,

� a response message.

IFDICC

command APDU

response APDU

The Application Protocol Data UnitThe Application Protocol Data Unit


Bull Patents24

ADPU SyntaxADPU Syntax

� APDU Command

� APDU Response

CLA INS P1 P2 Lc Data Le

Parameters Command Data

Data Length Response LengthInstruction

Class

SWData

Response Data Status Word


Bull Patents25

ExampleExample

P1, P2 : specify the data to be retrievedLe : length of data to retrieve

READ BINARY (P1,P2,Le)

Data, SW

CLA INS P1 P2 Lc Data Le

A0 B0 xx xx 0 Le


Bull Patents26

Required InfrastructureRequired Infrastructure

� Personalisation Center

� Issuing Center

� Reader

� Middleware (CDSA)

� Back-end System

http://www.http://www.gemplusgemplus.com/.com/usbusb


Bull Patents27

Middleware (Windows platform)Middleware (Windows platform)

PKCS #11PKCS #11

Token XToken X Token YToken Y Token ZToken Z

CAPICAPI

CSP ACSP A CSP BCSP B CSP CCSP C

RS232RS232 USBUSB PCMCIAPCMCIA

PC/SCPC/SC

PCIPCI

IBM cardIBM card GemSAFEGemSAFEReaderReader

Ha

rdw

are

So

ftw

are


Bull Patents28

OutlineOutline







Bull Patents29

Mask your Own CodeMask your Own Code

� Pros:� Small code footprint

� “Complete” control

� Cons:� Development in C and target assembly language

� Use emulators

� Mask lead time (~2 month)

� Bug fixes


Bull Patents30

Use Proprietary CardsUse Proprietary Cards

� What you (usually) get:� File System

� Fixed set of APDU Commands

✔Read/Write files

✔Cryptographic computations

� Pros:� Off the shelf products

� Cheaper

� Cons:� Not extensible

� Bug fixes


Bull Patents31

Use Open CardsUse Open Cards

� Choice� Java

� Microsoft

� Standard API� Crypto

� GSM (SMS, Pro active commands…)


Bull Patents32

Applet Life CycleApplet Life Cycle

� Write code in Java

� Compile it

� Debug it (simulator)

� Verify and Convert it (specific byte code)

� Load it� Personalisation center

� Point of sale

� Over the Internet


Bull Patents33

OutlineOutline







Bull Patents34

Why use a Smart Card?Why use a Smart Card?

CryptoCrypto

TheoreticalTheoretical PracticalPractical


Bull Patents35

Advantages of a Smart CardAdvantages of a Smart Card

� Tamper resistance

� Storage

� Portability

� Tamper resistance

� Processing

� Ease of use

� Onboard key generation

[Blah Blah]

[@ç^#~r&€]


Bull Patents36

Main applicationsMain applications

�� Cellular phone GSM Cellular phone GSM cardscards,,

�� Health cardsHealth cards..

�� Banking cardsBanking cards,,

�� Public phone Public phone cardscards ( (prepre--paidpaid),),


Bull Patents37

New applicationsNew applications

�� SecuritySecurity ofof information information systemsystem,,

�� LoyaltyLoyalty ,,

�� Physical accessPhysical access control. control.

�� IdentityIdentity,,

�� GamesGames,,

�� Transport,Transport,

�� Electronic purseElectronic purse,,


Bull Patents38

Attacking Smart CardsAttacking Smart Cards

� Timing Attacks

� Power Analysis� Simple Power Analysis

� Differential Power Analysis

� Invasive Attacks� Probe Stations

� Focused Ion Beam


Bull Patents39

Standards : ISO/IEC 7816Standards : ISO/IEC 7816Integrated circuits cards with contactsIntegrated circuits cards with contacts

� ISO/IEC 7816-1 : Physical characteristics.

� ISO/IEC 7816-2 : Dimension & location of contacts.

� ISO/IEC 7816-3 : Electronic signals & transmission protocols.

� ISO/IEC 7816-4 : Inter-industry commands.

� ISO/IEC 7816-5 : Registration system for applications in IC card.

� ISO/IEC 7816-6 : Inter-industry data elements.

� ISO/IEC 7816-7 : Inter-industry commands for

Structured Card Query Language (SCQL).

� ISO/IEC 7816-8 : Security architecture and related inter-industry commands.


Bull Patents40

ResourcesResources

� On Card development:� Java card : http://www.javacard.org

“Java Card Technology for Smart Cards”, Zhiqun Chen, Sun Java Series,ISBN: 0-201-70329-7

� Windows for SC : http://www.microsoft.com/smartcard/� Gemplus

✔ Developer web site: http://www.gemplus.fr/developers/index.htm✔ Developer conference: http://www.key3studios.com/gemplusworld/

June 20, 21, Paris.

� Middleware:� PCSC-Lite : http://www.linuxnet.com/� OCF (java) : http://ww.opencard.org/� CDSA : http://www.opengroup.org/security/l2-cdsa.htm� PKCS : http://www.rsasecurity.com/rsalabs/pkcs/index.html

� Questions:� [email protected]


Bull Patents41

ConclusionConclusion

SmartSmart

PersonalPersonal

PortablePortable

SecureSecure

==

introduction to smart cards - vmeng.comvmeng.com/mc/slides01/introduction_to_sc.pdfintroduction to...

Documents