Smart cards - PowerPoint PPT Presentation

Loading...

PPT – Smart cards PowerPoint presentation | free to download - id: 4f87fb-MGQ5N



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Smart cards

Description:

Smart cards CSE 691 Internet Security principles Final Project Presentation Poorvi Parikh: poorviparikh_at_hotmail.com Rahul Toprani: rahul_toprani_at_hotmail.com – PowerPoint PPT presentation

Number of Views:212
Avg rating:3.0/5.0
Slides: 22
Provided by: rtop5
Learn more at: http://lcs.syr.edu
Category:
Tags: cards | fraud | internet | smart

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Smart cards


1
Smart cards
CSE 691 Internet Security principles
Final Project Presentation
Poorvi Parikh poorviparikh_at_hotmail.com Rahul
Toprani rahul_toprani_at_hotmail.com
2
Introduction
  • Smart Cards were conceived in the 1970s and most
    consumers regarded them as a redundant payment
    mechanism when checks, credit cards and ATM cards
    did an adequate job for current needs.
  • There were a lot of unanswered questions
  • What is a smart card and how does it work?
  • What is the use of smart cards?
  • Do we really need them?
  • Are smart cards secure?
  • With this project we attempt to answer these
    questions and get to know more about these things
    called SMART CARDS. Smart cards are more than
    collectible replacements of a wallet full of
    plastic cards. Unlike the read-only plastic card,
    the processing power of smart cards gives them
    the versatility needed to make payments, to
    configure your cell phones, TVs and video players
    and to connect to your computers via telephone,
    satellite or the Internet anytime, anywhere in
    the world.  

3
Introduction (contd)
  • The driving factors in the growing interest in
    smart cards is
  • The declining cost of the smart cards.
  • The growing concern that the magnetic stripe
    cards cannot provide the protection necessary to
    prevent fraud and security breaches.
  • Today smart cards are used by millions of card
    users worldwide and are at work in more than 90
    countries. Primarily in Europe and the far
    east.

4
What Are smart cards?
A smart card is a credit-card sized plastic card
embedded with an integrated circuit chip that
makes it "smart". This marriage between a
convenient plastic card and a microprocessor
allows an immense amount of information to be
stored, accessed and processed either online or
offline. The information or application stored in
the IC chip is transferred through an electronic
module that interconnects with a terminal or a
card reader. Smart Card Structure
  • The Smart Card is Generally made up of three
    elements
  • The Plastic Card
  • A Printed Circuit
  • An Integrated Chip

5
What Are smart cards?(contd..)
  • Depending on the type of the embedded chip, smart
    cards can be either memory cards or processor
    cards.
  • Memory Cards Any plastic card is made "smart"
    by including an IC chip. But the chip may simply
    be a memory storage device. Memory cards can hold
    information thousands times greater than a
    magnetic stripe card.
  • Processor Cards Smart cards with a full-fledged
    microprocessor on board can function as a
    processor device that offers multiple functions
    such as encryption, advanced security mechanism,
    local data processing, complex calculation and
    other interactive processes.

6
Characteristics
  • Some of the key features and characteristics of
    smart cards are
  • Cost
  • Reliability
  • Storage Capacity
  • Ease of use
  • Security
  • Power Source
  • Support Equipment Required
  • Susceptibility

Support Equipment Required For host based
operations, only a simple Card Acceptance Device
(CAD) is required. Which usually costs 100 -
250, the cost decreasing with higher volumes.
The costly CADs are handheld battery operated
terminals.
Cost Typical costs range from 2.00 - 10.00.
The per card cost increases with chips providing
higher capacity and more complex capabilities
The per card cost decreases as higher volume of
cards are ordered.
Ease of Use Smart cards are user-friendly for
easy interface with intended application
handled like the familiar magnetic stripe bank
card.
Reliability Cards claiming to meet International
Standards Organization (ISO) specifications must
achieve set test results covering drop, flexing,
abrasion, concentrated load, temperature,
humidity, static electricity, chemical attack,
ultra-violet, X-ray, and magnetic field tests.
Storage Capacity 8K 128K bit EEPROM. For Smart
Cards, 1000 bits will normally store 128
characters. With modern data compression
techniques the amount of data stored on a smart
card can be significantly expanded.
Security Smart Cards are highly secure.
Information stored on the card is difficult to
duplicate or disrupt, unlike the outside storage
used on magnetic stripe cards that can be easily
copied.
Susceptibility Susceptible to chip damage from
physical abuse, but more difficult to disrupt or
damage than the magnetic stripe card.
Power Source Mostly a 5V dc power source
7
Smart (Card) Attacks
  • One of the security features provided by most of
    the smart card operating systems, is the
    cryptographic facilities. They provide,
  • Encryption and decryption of data for the card.
  • Some of them can even be used to generate
    cryptographic keys.
  • The secret of the cryptographic algorithm, the
    keys stored, and the access control inside the
    smart card become the targets of attackers.
  • These attackers perform logical non-invasive
    attacks, some of them attack the card physically
    while others just prove their success by
    mathematical theorems.

8
Smart (Card) Attacks
  • Logical Attacks
  • As all the key material of a smart card is stored
    in the electrically erasable programmable read
    only memory (EEPROM), the attacks can be caused
    mainly on the EEPROM by,
  • Raising the supply voltage above its design
    limit.
  • Cutting the supply voltage below its design
    limit.
  • Resetting random memory locations using
    ultraviolet light until the read protect bit is
    found.
  • Exploiting misfeatures in the hardware,
    including the manufacturer supplied ROM code.
  • Exploiting misfeatures in the customer written
    EEPROM code.
  • Some combination of the above.
  • Thus to prevent this, some of the processors
    implement sensors which cause an alarm when there
    is any environmental changes.

9
Smart (Card) Attacks
  • Physical Attacks
  • The circuit chip is first removed.
  • The epoxy resin now visible is then dissolved
    using a few drops of fuming nitric acid.
  • The chip is then exposed and vulnerable to
    direct attacks.
  • A technique called reverse engineering of the
    circuit chips has been developed wherein the
    layout and function of the chip can be
    identified. Using this, the secrets held by the
    chip can be revealed.
  • Erasing the security lock bit by focusing UV
    light on the EPROM.
  • Using laser cutter microscopes to explore the
    chip.

10
aPPLICATIONs
  • Smart Cards has a wide spectrum of applications
  • Wireless Communications
  • Banking and Finance
  • Health Care
  • Information Technology
  • Pay TV
  • Phone card Services
  • Closed Environment
  • Smart Tracking
  • Loyalty and Retail
  • Government Id

11
aPPLICATIONs

Wireless Communications Smart cards provide
secure user authentication, secure roaming, and a
platform for value-added services in wireless
communications. Presently, smart cards are used
mainly in the Global System for Mobile
Communications (GSM) standard in the form of a
SIM card. Initially, the SIM was specified as a
part of the GSM standard to secure access to the
mobile network and store basic network
information. As the years have passed, the role
of the SIM card has become increasingly important
in the wireless service chain. Today, SIM cards
can be used to customize mobile phones regardless
of the standard (for egGSM, personal
communications service PCS, satellite, digital
cellular system DCS) SIM is the major component
of the wireless market, paving the way to
value-added services.
12
aPPLICATIONs

WIRELESS COMMUNICATIONS SIM cards have several
features that enhance security for wireless
communications networks. SIM cards provide a
secure authentication key transport container
from the carriers authentication center to the
end-users terminal. Their superior fraud
protection is enabled by hosting the
cryptographic authentication algorithm and data
on the cards microprocessor chip. SIM cards can
be personal identification number (PIN) protected
and include additional protection against logical
attacks. With added PIN code security, SIM cards
offer the same level of security used by banks
for securing off-line payments.
13
aPPLICATIONs

WIRELESS COMMUNICATIONS The SIM cards chip can
be programmed to carry multiple applications.
The activation of new applications can be
downloaded to the card over the air, in real
time, thereby reducing the time (and cost) to
market. One of the most compelling benefits of
smart cards is the potential for packaging and
bundling various complementary services around
basic mobile telephony services. These services
can greatly reduce churn and increase usage and
brand recognition.  
14
aPPLICATIONs

Banking and Finance A variety of means have been
implemented whereby people can load value onto a
card, and use it to make payments at
appropriately equipped, unattended devices. These
include multiple-use tickets for public
transport, and telephone cards. Since the
mid-1980s, a variety of chip-based stored-value
card (SVC) technologies have been developed and
trialed. SVCs are attractive to merchants because
they reduce cash-handling and change-counting
tasks, as well as cash-holdings and the attendant
risks of error, cashier theft and robbery. For
consumers, the benefits include reduced
'wallet-bulge', less cash-handling and
change-counting, and the scope for multiple
functions within a single, convenient and
familiar card. Some banks may choose to leave SVC
operation to third parties, and merely handle the
deposits received from merchants via scheme
operators.
15
aPPLICATIONs

Banking and Finance Credit-cards are appropriate
however expensive and debit cards are relatively
highly secure. Unlike 'pay-later' credit-cards
and 'pay-now' debit-cards, SVCs are a
'pay-before' mechanism. Their great advantages
are relative security, and simple, off-line
operation. Together, these translate into low
transaction costs. Many financial institutions
have already perceived the scope for chip-based
cards to support multiple functions rather than
just one. As a result, there is a strong
motivation for issuing multi-purpose payment
cards, that support whatever combination of
debit, credit and SVC functions the customer
seeks.
16
aPPLICATIONs

Health care Smart Cards act as a portable store
of information. They have a special role in
addressing some of the more difficult problems
facing the health sector. Especially important is
the support they can provide for the move towards
a focus on the client, and on the totality of
their healthcare events, preventative and
curative, in community care and in hospital care.
They can play an important role in, identifying
individuals,carrying confidential healthcare
information between care encounters,
authenticating transactions, authorizing data
access and file movements across a network,
creating a unique electronic signature,managing
personal privacy, customizing personal
workstations. Healthcare user data cards are
designed to carry personal data securely and to
provide the holder's assent (in electronic form)
to actions taken by providers (eg billing,
accessing records).
17
aPPLICATIONs

Health care Benefits for the health care user
are Definitive, quick and easy identification -
there is no possibility of confusion with anyone
else, or of being linked to the wrong set(s) of
medical records. Records that travel with the
patient (where they are most useful), thereby
assuring continuity and integrity of care,
without restricting the freedom of the patient to
choose when and where to go to healthcare
providers (including overseas) Minimum risk of
damage from, for example, drug interactions,
unnecessary intervention. Empowerment and
control, placing it within the power of the
patient to determine who can see what parts of
their personal health information.
18
aPPLICATIONs

Health care Benefits for the health professional
are Better access to up-to-date information,
enabling quicker and better standards of clinical
decision-making and care, and reducing the risk
of avoidable error. Reduced frustration
associated with trying to find past records for
the patient, and a reduction in the need to
repeat work-up and tests. Security of
communications, guaranteeing that transactions
cannot be intercepted by third parties, and
guaranteeing that messages received have not been
altered and can only have come from the person
purporting to have sent them. Less wasted time,
and more time available to care for patients.
19
Conclusion
Thus, we see that the smart card is an
intrinsically secure device. It is a safe place
to store valuable information such as private
keys, account numbers, and valuable personal data
such as biometrics information. The smart card
can be an element of solution to a security
problem in the modern world. It is estimated
that there are approximately 2.8 billion smart
cards in use around the world as of today. The
electronic persona in the digital world will be
indeed in the form of a smart card and no
enterprise solutions should ignore its potential
impacts on business.  
20
references
An Overview of Smart Card Security http//home.hk
star.com/alanchan/papers/smartCardSecurity/ Smart
Cards Online http//www.smartex.com/smartcards_g
uide.html Smart Card Security Information
Page http//www.geocities.com/ResearchTriangle/La
b/1578/smart.htm Gem Plus Applications http//www
.gemplus.com/app/index.htm Smart Card
Basics http//www.smartcardbasics.com/overview.ht
ml SCIA Applications http//www.scia.org/aboutSma
rtCards/scapps.html  
21
references
White Paper on Smart Cards http//cism.bus.utexas
.edu/works/articles/smartcardswp.html EGOV,
Government Solutions http//egov.gov/smartgov/sma
rt_card.html Smart card 2000 the future of IC
cards Edited by d. chaum and i. Schaumüller -
bichl  
About PowerShow.com