Smart Cards: Technology for Secure Management of Information : Smart Cards: Technology for Secure Management of Information Rajat Moona
Computer Science and Engineering
firstname.lastname@example.org Agenda : Agenda Machine readable plastic cards
What are smart cards
Indian Driving License application Plastic Cards : Plastic Cards Visual identity application
Plain plastic card is enough
Magnetic strip (e.g. credit cards)
Visual data also available in machine readable form
No security of data
Electronic memory cards
Machine readable data
Some security (vendor specific) Smart Cards : Smart Cards Processor cards (and therefore memory too)
Credit card size
With or without contacts.
Cards have an operating system too.
The OS provides
A standard way of interchanging information
An interpretation of the commands and data.
Cards must interface to a computer or terminal through a standard card reader. Smart Cards devices : Smart Cards devices VCC Reset Clock GND VPP I/O Reserved What’s in a Card? : What’s in a Card? Vcc RST CLK RFU Vpp I/O GND RFU Typical Configurations : Typical Configurations 256 bytes to 4KB RAM.
8KB to 32KB ROM.
1KB to 32KB EEPROM.
Crypto-coprocessors (implementing 3DES, RSA etc., in hardware) are optional.
8-bit to 16-bit CPU. 8051 based designs are common.
The price of a mid-level chip when produced in bulk is less than US$1. Smart Card Readers : Smart Card Readers Dedicated terminals
Usually with a small screen, keypad, printer, often alsohave biometric devices such as thumb print scanner. Computer based readers
Connect through USB or COM (Serial) ports Terminal/PC Card Interaction : Terminal/PC Card Interaction The terminal/PC sends commands to the card (through the serial line).
The card executes the command and sends back the reply.
The terminal/PC cannot directly access memory of the card
data in the card is protected from unauthorized access. This is what makes the card smart. Communication mechanisms : Communication mechanisms Communication between smart card and reader is standardized
ISO 7816 standard
Commands are initiated by the terminal
Interpreted by the card OS
Card state is updated
Response is given by the card.
Commands have the following structure
Response from the card include 1..Le bytes followed by Response Code Security Mechanisms : Security Mechanisms Password
Card holder’s protection
Cryptographic challenge Response
A combination of one or more Password Verification : Password Verification Terminal asks the user to provide a password.
Password is sent to Card for verification.
Scheme can be used to permit user authentication.
Not a person identification scheme Cryptographic verification : Cryptographic verification Terminal verify card (INTERNAL AUTH)
Terminal sends a random number to card to be hashed or encrypted using a key.
Card provides the hash or cyphertext.
Terminal can know that the card is authentic.
Card needs to verify (EXTERNAL AUTH)
Terminal asks for a challenge and sends the response to card to verify
Card thus know that terminal is authentic.
Primarily for the “Entity Authentication” Biometric techniques : Biometric techniques Finger print identification.
Features of finger prints can be kept on the card (even verified on the card)
Photograph/IRIS pattern etc.
Such information is to be verified by a person. The information can be stored in the card securely. Data storage : Data storage Data is stored in smart cards in E2PROM
Card OS provides a file structure mechanism File types
Binary file (unstructured)
Fixed size record file
Variable size record file File Naming and Selection : File Naming and Selection Each files has a 2 byte file ID and an optional 5-bit SFID (both unique within a DF). DFs may optionally have (globally unique) 16 byte name.
OS keeps tack of a current DF and a current EF.
Current DF or EF can be changed using SELECT FILE command. Target file specified as either:
Relative or absolute path (sequence of File IDs).
Parent DF Basic File Related Commands : Basic File Related Commands Commands for file creation, deletion etc., File size and security attributes specified at creation time.
Commands for reading, writing, appending records, updating etc.
Commands work on the current EF.
Execution only if security conditions are met.
Each file has a life cycle status indicator (LCSI), one of: created, initialized, activated, deactivated, terminated. Access control on the files : Access control on the files Applications may specify the access controls
A password (PIN) on the MF selection
For example SIM password in mobiles
Multiple passwords can be used and levels of security access may be given
Applications may also use cryptographic authentication An example scenario (institute ID card) : An example scenario (institute ID card) MF EF1 (personal data)
Name: Rajat Moona
PF/Roll: 2345 EF3 (password)
P1 (User password) EF4 (keys)
K1 (DOSA’s key)
K2 (DOFA’s key)
K3 (Registrar’s key) EF2 (Address)
#320, CSE (off)
475, IIT (Res) Security requirements:
Should be modified only by the DOSA/DOFA/Registrar
Readable to all
Card holder should be able to modify Read: Free
Write: upon verification by K1, K2 or K3 Read: Free
Write: Password Verification (P1) Read: Never
Write: Password Verification (P1) Read: Never
Write: Once What happens if the user forgets his password?
Solution1: Add supervisor password
Solution2: Allow DOSA/DOFA/Registrar to modify EF3
Solution3: Allow both to happen EF3 (password)
P1 (User password)
P2 (sys password) Select: P2 verification An example scenario (institute ID card) : An example scenario (institute ID card) MF EF1 (personal data) EF4 (keys) EF2 (Address) EF3 (password) DF1 (Lib) EF1 (Issue record) EF2 (Privilege info)
Max Duration: 20 days
Max Books: 10
Reserve Collection: Yes Modifiable: By issue staff. Read all Modifiable: By admin staff. Read: all EF3: Keys
K1: Issue staff key
K2: Admin staff key Library manages its own keys in EF3 under DF1
Institute manages its keys and data under MF
Thus library can develop applications independent of the rest. How does it all work? : How does it all work? Card is inserted in the terminal Card gets power. OS boots up. Sends ATR (Answer to reset) ATR negotiations take place to set up data transfer speeds, capability negotiations etc. Terminal sends first command to select MF Card responds with an error (because MF selection is only on password presentation) Terminal prompts the user to provide password Terminal sends password for verification Card verifies P2. Stores a status “P2 Verified”. Responds “OK” Terminal sends command to select MF again Terminal sends command to read EF1 Card supplies personal data and responds “OK” Card responds “OK” Another Application Scenario : Another Application Scenario Terminal withtwo card readersApplicationsoftware runshere User’s card Banker’s card The terminal itself does not store any keys, it’s the two cards that really authenticate each other. The terminal just facilitates the process. 1. Authenticate user to bank officer card: 1a. Get challenge from banker card. 1b. Obtain response for the challenge from passport (IAUTH). 1c. Validate response with officer card (EAUTH)
2. Authenticate officer card to passport.
3. Transfer money to the user’s card Status of smart card deployments : Status of smart card deployments Famous Gujarat Dairy card
Primarily an ID card
GSM cards (SIM cards for mobiles)
Phone book etc. + authentication.
Cards for “credit card” applications.
By 2007 end all credit cards will be smart.
Card for e-purse applications
Card technology has advanced
Contactless smart cards,
32-bit processors and bigger memories
JAVA cards SCOSTA Experience : SCOSTA Experience Part of E-governance initiative of the Government.
Government decided to
Create Smart driving licenses/registration certificate
Backend system is already in place
Various smart card vendors in the country
All with their own proprietary solutions
In a national case, proprietary solution was not acceptable.
NIC decides to ask IIT Kanpur to help. SCOSTA: Smart Card OS for Transport Applications Goals of this Project : Goals of this Project To define a standard set of commands for smart cards for use in Indian applications.
To provide a reference implementation of this standard.
Transport Applications (Driving License and Vehicle Registration Certificate) were the pilot projects.
Hence the OS standard is named SCOSTA.
SCOSTA is defined by IIT Kanpur along with a technical subcommittee of SCAFI (Smart Card Forum of India).
The OS is not really restricted to the transport applications and can be used in any ID application The SCOSTA Standard : The SCOSTA Standard Based on ISO 7816-4, -8, and -9.
Removes ambiguities in ISO 7816.
Has support for symmetric key cryptography (Triple DES algorithm) and internal and external authentication.
Encryption/decryption and crypto checksum computation and verification using 3DES are also supported. SCOSTA Implementation - Challenges : SCOSTA Implementation - Challenges Portability – should be easy to port to different processors.
Resource Constraints – very limited memory (32 KB ROM, 512 byte RAM are typical). Usually 8 bit processors are used.
Vendors and their business interests. Challenges of the application : Challenges of the application System must work nation wide
Cards are issued by the RTO
RTO officials may not be all that “clean”
Challans are done by police “on behalf of” RTO
Challans are settled by the Judiciary.
RTOs are administered by the STA
But under the Union Ministry Solution : Solution A robust key management scheme was needed.
Solution was based on
Key derivations, usage counters etc. Solution : Solution The entire system is based on few “nation wide” generator keys.
Safely housed with the government.
Say the keys are k1, k2, k3, k4.
Keys are themselves never stored any where.
Instead five out of seven card scheme is used. 5 out of 7 scheme : 5 out of 7 scheme Consider a polynomial
k1 + k2.x + k3.x2 + k4.x3 + k5.x4 = b
If b1, b2, b3, b4, b5 are known for x = 1, 2, 3.., the system of equations can be solved and all k’s can be found.
We use the SCOSTA cards to store (x1, b1), (x2, b2) etc.
At any point in time, five such pairs are needed.
For robustness, seven cards are generated and kept at 7 different locations. Operations : Operations At RTOs, two RTO officers are required to create a DL
These two work in pair.
Have a usage counter of key built in.
RTO keys are generated and given in the RTO cards
STA can revalidate the usage counter.
STA keys are also generated. Operations : Operations DL can be completely given by the RTO.
Some information is public readable on the DL.
Some information is once writable by the police (challans) and readable by the police.
The same information is updatable by the judiciary. (but can not be deleted) Operations : Operations Therefore the DLs must carry
Police key, RTO keys and judiciary keys.
A big security risk.
Instead these keys for the DL are card specific.
Police has a master key to generate DL specific police key. Ditto with RTO and Judiciary.
NIC generates the cards (and therefore master keys) for RTO, Police and Judiciary. Current State : Current State DL/RC are being issued in Calcutta, Delhi on SCOSTA cards (pilot basis)
Governments such as Jharkhand, Maharastra, Gujarat, WB have already started the process rolling.
Various other states will follow. Acknowledgements : Acknowledgements Prof. Deepak Gupta and Manindra Agrawal (CSE)
S. Ravinder and Kapileshwar Rao (MTech students of CSE who worked on this project)
National Informatics Centre (NIC) Delhi
MCIT and MoST
Smart Card Handbook