What is a Smart Card?



Similar documents
Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

How To Protect A Smart Card From Being Hacked

PUF Physical Unclonable Functions

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Smart Card Technology Capabilities

welcome to liber8:payment

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

Side Channel Analysis and Embedded Systems Impact and Countermeasures

What Merchants Need to Know About EMV

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Payments Transformation - EMV comes to the US

EMV: A to Z (Terms and Definitions)

Securing Card-Not-Present Transactions through EMV Authentication. Matthew Carter and Brienne Douglas December 18, 2015

Stronger(Security(and( Mobile'Payments'! Dramatically*Faster!and$ Cheaper'to'Implement"

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

EMV : Frequently Asked Questions for Merchants

EMV Frequently Asked Questions for Merchants May, 2014

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV in Hotels Observations and Considerations

Technical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate

Smart Card Security How Can We Be So Sure?

PCI and EMV Compliance Checkup

Smart Cards for Payment Systems

Mobile and Contactless Payment Security

Chip Card & Security ICs Mifare NRG SLE 66R35

EMV and Small Merchants:

American Express Contactless Payments

Credit Card Fraud The Contactless Generation Kristin Paget

Gemalto Mifare 1K Datasheet

Credit Card Processing Overview

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

Security & Chip Card ICs SLE 44R35S / Mifare

Mobile Near-Field Communications (NFC) Payments

CardControl. Credit Card Processing 101. Overview. Contents

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Mitigating Fraud Risk Through Card Data Verification

How Secure are Contactless Payment Systems?

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

EMV EMV TABLE OF CONTENTS

CHASE Survey on 6 Most Important Topics in Hardware Security

Implementing high-level Counterfeit Security using RFID and PKI

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

Secure Hardware PV018 Masaryk University Faculty of Informatics

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Simple Smart Card Applications for Paratransit Systems

Mobile Electronic Payments

NFC Hacking: The Easy Way

RFID SECURITY. February The Government of the Hong Kong Special Administrative Region

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Fundamentals of EMV. Guy Berg Senior Managing Consultant MasterCard Advisors

Card Technology Choices for U.S. Issuers An EMV White Paper

The EMV Readiness. Collis America. Guy Berg President, Collis America

The Impact of Emerging Payment Technologies on Retail and Hospitality Businesses. National Computer Corporation

On Security Evaluation Testing

A Guide to EMV Version 1.0 May 2011

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Smart Card Security Access Modules in VeriFone Omni 3350 Countertop and Omni 3600 Portable Terminals

Figure 1: Attacker home-made terminal can read some data from your payment card in your pocket

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

Contactless Payments with Mobile Wallets. Overview and Technology

GSM and UMTS security

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Development of a wireless home anti theft asset management system. Project Proposal. P.D. Ehlers Study leader: Mr. D.V.

The Canadian Migration to EMV. Prepared By:

White Paper. EMV Key Management Explained

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

RFID based Bill Generation and Payment through Mobile

Hardware Trojans Detection Methods Julien FRANCQ

E M V I M P L E M E N TAT I O N T O O L S F O R S U C C E S S, P C I & S E C U R I T Y. February 2014

Understand the Business Impact of EMV Chip Cards

RFID Based Real Time Password Authentication System for ATM

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

Implementation of biometrics, issues to be solved

NFC Hacking: The Easy Way

Introductions 1 min 4

Electronic Payments Part 1

Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

SETUP GUIDE. Thank you for your purchase of Hamilton products! In this handy guide, you will discover: ADDITIONAL REQUIREMENTS SETUP HOW IT WORKS

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO BASED TECHNOLOGY FOR PAYMENT 4

Smartcard IC Platform Protection Profile

Threat Modeling for offline NFC Payments

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

Significance of Tokenization in Promoting Cloud Based Secure Elements

M2M For industrial and automotive

MF1 IC S General description. Functional specification. 1.1 Contactless Energy and Data Transfer. 1.2 Anticollision. Energy

INTRODUCTION AND HISTORY

Transcription:

An Introduction to Smart Cards and RFIDs Prof. Keith E. Mayes Keith.Mayes@rhul.ac.uk Director of the ISG - Smart Card Centre www.scc.rhul.ac.uk Learning Objectives (MSc MSc) Identify the various types of smart cards, RFIDs and readers Understand the main components of the cards and chips Recognise the main strengths of the card Consider the limitations and effect on usage Understand the control of a card Contrast the main uses of smart cards and associated security mechanisms Compare a range of application development routes/cycles Be aware of security threats to smart cards Appreciate the importance of life cycle management [Full list of Learning Objectives on www.scc.rhul.ac.uk] Keith Mayes 2 The Course Book What is a Smart Card? Keith Mayes 3 Keith Mayes 4 1

What Properties to we look for? Tamper Resistant Security!! For Information Storage For Information Processing Portability Ease of Use.and it is often very useful if we can have Multiple Value Added Applications All this is achieve by a mixture of engineering and cryptographic techniques Flagstar Bank Image Magnetic Stripe Cards Keith Mayes 5 Keith Mayes 6 Cards with Contacts are not always smart Smart Cards with Contacts Chip module interface via metal contacts Card reader makes physical contact Image from LA Phone Cards [Gemplus Images] Keith Mayes 7 Keith Mayes 8 2

Contact-less Smart Cards Powering by Radio Chip module interface via antenna [Gemplus Images] Reader uses RF field From RFID Handbook A passive contact-less smart card/rfid is powered by electromagnetic induction from a field produced by the reader Keith Mayes 9 Keith Mayes 10 Smart Card/RFID Trade-offs Tags - Passive/Active There are many different contact-less tag/device formats The main classes are passive and active (powered) Keith Mayes 11 Keith Mayes 12 3

Coming Soon Near Field Communication The latest standards for mobile phones support Near Field Communications (NFC) NFC is a equivalent to a contact-less interface for the phone The phone can behave as a smart card or token The phone can behave as the reader <<Demo>> Keith Mayes 13 And in the Future?... Digestible Tags! From Kodak patent Keith Mayes 14 Smart Card Chip Examples of Smart Card Use RAM EEPROM Mobile Communication Banking Transport Processor Wirebonds Identity Cards Physical Access Control IT Access Control Source: ORGA Systems UK, ORGA - Smart Cards Basics ROM Satellite TV chip card Keith Mayes 15 Keith Mayes 16 4

Chip Card Market by Application in 2011 In 2011 over 6.5 Bn units shipped By 2014 estimated to > 8Bn units Excludes RFID (+3 Bn?) Revenue growth in all sectors Memories growth in Transport sector Micros growth in Payment and Embedded sectors Sourec Infineon Keith Mayes 17 Smart Cards and Mobile Communication Mobile Communication Every GSM phone contains a Smart Card called a SIM The SIM started life as a hardware security token for supporting authentication and encryption Earlier analog systems had been cloned The SIM became useful for storing additional information Telephone numbers, SMS messages, communication settings.. The SIM/ME interface became richer It was possible to host programs, menus and simple STK applications usually implemented in a proprietary manner SIMs today can be based on multi-application Java Cards Wide range of applications are possible and new Vendor independent development routes are possible Keith Mayes 18 A3/8 SIM Application The SIM contents include A3/8 algorithm IMSI Secret key K i 1-2kbytes memory for A3/8 implementation The card receives a random number (RAND) from the network The A3/8 algorithm computes a result (SRES) based on RAND & K i An encryption key K c is also calculated and delivered to the phone RAND SRES IMSI SIM PHONE..Searching.. Keith Mayes 19 K i A3/8 K c Smart Cards in Banking Smart Cards in Banking Swipe Cards Swipe cards are widespread, simple and low-cost, relying on information embossed onto the card and stored on its magnetic stripe Swipe Card Fraud Skimming This is when the mag-stripe information from one card is simply copied Counterfeiting A counterfeit card would look like a normal embossed credit/debit card, but the mag-stripe info may be different Chip Cards In order to combat Swipe Card fraud - Europay, Mastercard & Visa came together to create the EMV specifications Keith Mayes 20 5

EMV Off-line Authentication Static Data Certification Authority Acquirer EMV Off-line Authentication Dynamic Data Certification Authority Acquirer Distributed to Acquirer (Resides in Terminal) ICC - ICC Distributed to Acquirer (Resides in Terminal) S I P I S P S IC P IC S I P I S P P I Certified with S P IC Certified with S I P I Certified with S Card to Terminal P I certified by +Data with digital signature Terminal & Card Communication Terminal Uses P to verify s P I Uses P I to verify data signature Keith Mayes 21 Terminal & Card Communication Card to Terminal P IC certified by + P I certified by +Data with digital signature Terminal Uses P to verify s P I Uses P I to verify Card s P IC Uses P IC to verify data signature Keith Mayes 22 Attacks on Card Security Logical Repeated attempts (brute force) Overflow Look for bugs/errors Physical Probe circuit Change tracks Change voltages/ temperature etc Side Channel Monitor supply current or RF emissions Timing attacks DPA Differential power analysis DFA Differential Fault Analysis Attacks (Logical) Attacks against the design of algorithms/protocols Use or eavesdrop the normal interfaces Various tools available to help attacks RFID Sniffer cracker Keith Mayes 23 Keith Mayes 24 6

Attacks: Physical & Side-Channel Direct physical attack on chip/circuit to monitor or modify functionality and data Usually requires high skill level and specialist equipment Probe station FIB for track/circuit modification Side channel attacks normally monitor leakage via power, emissions and/or timing Requires modest skill and readily available equipment Keith Mayes 25 Physical & Side-Channel Attack Countermeasures In hardware security modules chip level physical protection include: Physical barriers Active shields Circuit scrambling Encrypted busses Encrypted memories Environment/fault sensors Side Channel protection includes Power smoothing Additive noise Randomised delays 26 Differential logic Source Gemalto Keith Mayes 26 Smart Card Data <SIM Demo> Thank you Any Questions? Keith Mayes 27 Keith Mayes 28 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information