r e s e t roadmap for european research on smartcard technologies reset seminar - 3 april 2003...

R E S E T Roadmap for European research on Smartcard

Technologies

RESET Seminar - 3 April 2003Brussels

FROM SMART CARD TO TRUSTED PERSONAL DEVICE

Working Group Outcomes


Technologies

Dr. David SimplotUniversité des Sciences et Technologies de Lille

WG1

Communication & Networking

RESET IST-2001-39046

Evaluation of Technology and Marketing Requirements

Smart cards Need of interoperability, open platform Incompatible with proprietary and exotic communication protocol

Information systems Internet everywhere, need of high speed peripheral

Telecommunications Cooperation with IT industry, use of same communication protocols

Wireless local area networks (W-LAN) Internet everywhere, need of security improvement Potential market for smart card

Conclusion: Lack of reachability/connectivity of smart cards In term of physical interface, communication protocol and

communication model


Research Orientation for improvement

Performance improvement From Kbit/s to 100 Mbits/s for data exchange speed

rate Low power consumption for enhanced portability Full-duplex for multi-protocol

Connectivity enhancement TCP/IPv6 for internet protocols Security of connection link

Support new communication models Multi-tasking OS Faster access to NVM Improved RAM capacity


Research and Technology Development Priorities

Operating system (see WG2) Multitasking operating system

Hardware requirements (see WG6) Embedded RF, Embedded battery, Faster NVM access, Larger

RAM

Security requirements (see WG5) Maintenance of privacy and security level

Networking Connectivity with IT Implementation of mobile nodes connected through wireless

links Improvement of W-LAN technologies for large and dense self-

organizing networks


Contribution to RESETShort / medium term

Physical link Enhanced standard link between terminal and smart card High speed protocol

Communication protocol Non-exotic / non proprietary communication protocols easy to use

Integration in networks Integration in wired and wireless Internet access specifications

Long term Migration path to smart objects Wireless objets protocols

Tentative time schedule IPv6 integration - short term (2 years from now) High speed protocol - short term (2 years from now) Multi-tasking - medium to long term (2 to 5 years from now) Wireless solution - medium to long term (2 to 5 years from now)


Technologies

Boutheïna Chetali Schlumberger

WG2

Systems & Software


Participants to the group

Ulrich Büker, ORGA Kartensysteme Gilles Barthe, INRIA,

Jaan Priisalu, Cybernetica Erik Poll, U Nijmegen

Boutheina Chetali, Schlumberger Gilles Grimaud, U Lille

Jean-Louis Lanet, Gemplus Xavier Leroy, INRIA

Jean-Jacques Vandewalle, Gemplus Michael Butler, U Southampton

Renaud Marlet, Trusted Logic

Amokrane Saibi, Oberthur Card

Didier Begay, France Telecom


Evaluation of Technology and Marketing Requirements

Operating Systems & High level languages Support new upcoming hardware features Support multi-applications (not only capacity but

concurrent executions) Need of high-level multi-purpose languages, and

portable and efficient low level languages (dedicated features)

Development tools Adapt the results from software engineering field

(restricted resources and security) Validation and certification


Evaluation of Technology and Marketing Requirements (cont’d)

Systems Integration and Card Application Management Smart card middleware (adaptability to the end

user terminal and to the network) Need to improve management (card , applications) Need to improve project management tools

(distributed development, interaction between development and validation)



Operating Systems : Enhance execution environment (multi tasking/multi threading,

Real time OS, etc) High speed communication protocols, File systems management/memory management Open source OS (SC as an ordinary web server)

High Level languages : Enhance the expressiveness of the programming languages

(full java), investigate alternative languages as C#, Eiffel, etc Investigate Domain Specific and Scripting languages :

characteristics of the application domain as language concepts, constructs and notations

Issues : variety of SC hardware & SC limited resources


Research and Technology Development Priorities (cont’d)

Development tools : improve security and certification process Design modelling and specification languages that

are sound and expressive but remain usable in practice

Improve methods for verification and test (automatic)

Develop adequate interface with verification tools (theorem provers and Model checkers)

Develop adequate framework for validation and certification



Systems Integration : Adapt middleware and integration tools from

software engineering to special characteristics of SCs

Improve management of SC and their content with model(s) of card management systems



Short term: Integrated set of tools for the development of application in a global

framework Enable middleware technologies (RMI, Corba, .NET remoting) Define standard mechanisms for communication between smart cards

and terminals (PDA,mobile phone, set-top boxes, etc) Enlarge the scope of Mobile Information Devices Profiles (MIDP) to

Smart Cards Long term

Design application models to take into account SC constraints, security and the on card part of the application

Design models related to management of the SCs (entity definition, functionality, multi application features)

Design technologies : XML,UML On-card and off card framework : scalability, dynamic management of

card framework services


Technologies

François BRIONGroupement des Cartes Bancaires

WG 3Smart card accepting devices,

interfaces and biometry


Contributors to the group

CNR Pisa Stefano BISTARELLIStefano FRASSI

University of Twente Pr Pieter HARTELGemplus Olivier TREBUCQNDS Security Platforms Arieh MOLLER

Avi WACHTFOGELPhilips Klaus SICKERTSIT Fraunhofer Institut Sichere TelekooperationDirk SCHEUERMANNSun Microsystems Eduard de JONGCartes Bancaires François BRION

Bruno MICHAUDWilliam VANOBBERGHEN

Group met once in Paris, Dec 6th 2002


Secure readers

Secure readers with key pad

Biometric interfaces

Form factor

Miniaturization & cost effectiveness

Technology trends


Market requirements

Move towards multi application


Market requirements (cont'd)

Security is a transversal issue and affects every component

User friendliness is an important key of success for these projects


Research orientations

Enhancing user's trust in card and CAD is necessary to develop new smard card applications

=> TRUSTED ENVIRONMENT Transaction data integrity Secured user identification


Scenarios for Network/CAD/card connection modes

Network Smart cardCADwired link link with

contacts

Network Smart cardCADwired link contactless

link

Network Smart cardCADwireless link link with

contacts

Network Smart cardCADwireless link contactless

link


Technologies

Benoit Thévenot Schlumberger

WG4 Card embedded peripherals, sub-systems

and micro-systems


Contributors to the group

GEMPLUS Henri BOCCIA

Philippe PATRICE

Olivier TREBUCQ

ORGA Thies JANCZEK

PHILIPS Christian ZENZ

SAGEM Marc MORAZZANI

SCHLUMBERGER Benoit THEVENOT


Market Requirements

Trust Permanent control User convenience

Cost

Lifetime


Technology orientations

Trust : system on & off card

HOSTCPU

Peripherals

Internal bus

Smart card

Personal slave reader

External buswire or wireless

Peripherals

Cost : standard for architecture & peripherals

Lifetime : standard for cards durability


CPU

Guidelines for Card architecture

POWER

KNOBS

DISPLAY

MASS MEMORY

BIOMETRIC SENSORS

Interface chip

INTERNAL BUS

ANTENNA

EXT

BUS


Development priorities

1. Card architecture standards2. Thin, flexible, reliable, low cost

• Displays, batteries and keyboards• Packaging and interconnection technologies

(very thin chips, flexible interconnections)

3. Manufacturing equipments

4. Extended / improved set of peripherals


Technologies

WG5: “High-end cryptography, tamper-proof and security

technologies

Dr. Albert MÖDL Giesecke & Devrient GmbH


Technology and Market Trends

Smart Cards will continue to provide authenticity, confidentiality, security and trust

in electronic transaction systems (especially in electronic payment)

to be used as a secure identification module all kind of log-on or user identification (SIM, ...) supplemented by biometrics in dedicated applications

Encreased usage of smart cards in the PC and internet environment security threats by hackers in the internet

end-to-end security necessary secure traceability


Technology and Market Trends (cont’d)

Multi-application cards need special security: integrity and strict separation of the different

applications prevention of unauthorized access to card file

systems or confidential data

High-end cryptography big key-lengths high-speed encryption and decryption



Design of secure smart card chips develop physical security protection techniques

for the smart card chips, devise tamper-resistance, tamper protection & detection mechanisms

develop means to eliminate information leakage through side channels

developed secure re-programmable smart card chips to be able to re-configure processors



Investigation and prevention of attacks further develop existing invasive and non-

invasive attacks and develop countermeasures modelling of attacks on smart card



Development and implementation of high-end cryptology enhance the security of smart cards in the PC and

internet environment develop on-the-fly encryption and decryption new public-key algorithms for smart cards without

crypto processor on-chip random number generator tests secure on-chip key generation enhance security and the speed of the contactless

interface



Development of secure smart card software and protocols develop means for secure software updates security for cards with a built-in user interfaces

e. g. cards with keyboard, display, sensors

secure compilers (producing safe code)

develop and adjust evaluation methods accordingly


Technologies

Enrique CantoJean-Paul Thomasson

RESET WG6 Leaders

WG6 Micro-Electronics


Semiconductor Technology Trends & Market Requirements

ITRS *: defines the global technology roadmap over a 15 years period for all applications. Regularly updated by the World Semiconductor Industry Association.

Smartcard IC’s designers use rules & tools, and wafers are made on fabrication lines as per ITRS roadmap.

Smart card IC market still < 1% of total semi market

Five Laws paradigm applies now to smart cards.

Mask-set & tools cost continuously increasing pushing for higher system integration, longer lifecycle.

From Secure MCU to Secure System On Chip

*International Technology Roadmap for Semiconductors


Challenges & Research Orientation

Performance optimisation: Architecture: 32b CPU – Memory management Memory technology (capacity and access time) Power consumption IP re-use Cost & die size (for card embedding)

Flexibility: Time to market Platform concept + 3rd party IP blocks + re-configuration. Security (camouflage & maintenance)

Development methodology and environment


Technology R&D Priorities

Short-medium term: High-performance Non Volatile Memory High-performance Standard Communication Power consumption (MIPS/mW) Continuous tamper resistance improvement

Medium/long term: Fault resistant IP blocks design Re-configurable architectures Cost effective camouflage technologies Single memory technology (high density & fast RAM+

NVM) .


Contribution of Micro-electronics R&D to RESET

Deployment of the Smart Card technology in an “Any time - Anywhere” world (Internet).Integration of High performance Operating Systems including new Java Card.Increase the Trust & Confidence of all stakeholders of the value chain and of citizens for Smart Card technology. Easy migration path to Trusted Smart Objects.

r e s e t roadmap for european research on smartcard technologies reset seminar - 3 april 2003...

Documents

reset ist

validation slide

certification slide

communication model

systems high level languages

management card

european research

integration tools