JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.

ORG

108

A Novel Secure Smart Student Card Model Case Study: Guilan University
Sara Salehi Mahboob, Seyed Mohammad Asadinejad, and Reza Ebrahimi Atani
AbstractToday, with the development of information technology, new technologies like (Radio Frequency Identification) (RFID) are becoming popular and more useable in different tasks, using this technology has provided fastness and comfort in giring services to universities and Educational in is titues.Abilities of this stuff have resulted a card that contains Educational documents, Electronic identification card, self service cord, library card, Dormitory card. In fact we will have different required cards, of one student in one smart card. This card improves speed and reduces human resources reguirement. So it results, less errors, less price, and also comfortin giving services to university. In this paper, the efficiency of the smart card as a "case study" has been tested in Guilan University. Index Terms E-Payment, Smart Cards, RFID, RBAC, Guilan University.

1 INTRODUCTION
Today, with using knowledge and technology, im provementincompetitionanddevelopmentinservices can be made.He of these new technologies that pro vides fastness and accuracy in doing words, is Radio Freguancy Identification. RFID technology is very po werful for automatic tracking and registering and identifyingcases.TheadvantagesofusingRFIDcanbe noted as: mare durable, higher accuracy and higher speed than the other automated systems, flexibility, reduce of human resources, ability of changing infor mation labels (Tags) at anytime, reduce of prices, (re ducedhandactivitiesandincreasedspeed).Theability of reading and writing at any angle and through ob jects(Notnecessarytobeinthefrontsight.)Theability of identifying in dividual person, low error rate the abilityofprovidingdifferentreports,theabilityofin stalling sensors to the lables, (a type of active or se miactive) and sending sensors data.Centralized data center make it possible to create a secure system to protectthem.Intraditionalmethodthatisnowrunning in university, data are stored as ISLAND method, so updating data will be hard, and also creating a safe environmentfordataishardandexpensive.[1] Ontheotherhand,nowinuniversity,humanresources areusedforprovidingservices,thiscausesmanymis takes and dedicates too much time. So it results in creasing costs for university.Using smart student card inuniversitywillresultcomfortindoingtasksforper sonnel and students, and also receives better services withbetterquality,Also.Ifprovidingreportsfromdif ferentpartsisrequired,itwillbeeasilydane,andalso updating the information will be faster and easi er.Moreover,Duetoreducedhumanresources,errors are reduced, and so the costs. Will decrease.So, It is obvious, that, spending an initial cost, will provide betterfacilities,withbetterqualityandalsocheaperin futuretypesofcard.

2 TYPE OF CARDS
In the first approach,Acceptance of cards in the card reader device is divided in to two types: contact and noncontact,whichisshowninfigure1.

Figure 1: A classification for contactandnoncontact cards Contactcards: contactaredirectlyintouchwithcardreaderanddata istransferedfromcardreadersHAEDtothecards. So, relatively they have more security than non con tact cards and mostly bank and financial cards are in cluded. One negative point of these cards, is that, it must be noticed that, the card should be placedin right direc tionintothecardreader. So in conditions, that time is an important issue, con tactcardsarenotsuitableandalso,theircommunicat inginterfacewillwornoutduetousingoveritslimi tation. Magnetic cards and chipcards wein this group. That coversawiderangeoftodayscards.[2] Magneticcards: Thesecards,thataremadebyimplantingonemagnet icbandonP.V.Ccards,duetophysicallimitation,dont haveenoughmemoryspace. Thesecardsarewdividedintotwomaingraaps:HiCo and LOCo HiCO cards have betterguality than LoCo cards, andget less affected by long term usage, being neartoothercardsandmagneticfields.

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

109

Because of its weaker security than smart card, its easy reading tracks and possibility of copying its data on anothercard,theyaremostlyusedinonlinecommunica tionorasanordinaryidentificationcard. Some companies in6sert an invisible band into the card, in order to prevent any fraudcopying. Its not a popular method, because, the price ofthe card would increaseandalsospecialcardreadersarerequired. Memorycards: Memorycardsinfactarenotsmart,becausetheydont haveprocessor. Theyaremostlyusedastelephonecards. Due to, memory cards do not have processor for processingacircuitisdesignedinsideofthesecardsto dosomelimitedprogrammedprocessing. Thiscircuitcannotbeprogrammedagain,sowhenthe creditofthecardexpires,theywillbecomeuseless. Dueto,notharingacontrolprocessor,securityofthese cardsarelessthansmartcards,Butwithspecialprepa ration, they will become more secure than magnetic cards.[2] Contactsmartcards: One other kind of cards are smart cards, that usually containaprocessorforcontrolling,Readonlymemory, thatincludesitsoperatingsystem(Mask)andamem oryupto64KB. Securityratiointhesecardsareintensivelymorethan magnetic cards. This microcontrollerin smart card in fact is an alternation for magnetic band, used in ordi narycards. Microcontrollerinsmartcardisusedforsecurity. Noncontactsmartcard: The new generation of smart cards are non contact cards.These cards without physical connection and with the technology of induction (RadioFrequency identification)communicatewiththecardreader. Justplacethecardnearthecardreader. These types of cards are suitable for conditions that fast communication and even without any interfaces arerequired. AcomparisonofRFIDsystemsandcontactsmartcards isshowninthetable1: Table 1: AcomparisonofRFIDsystemsandcontact smartcards RFID Systems Smart Cards Parameters Contact Contact Type of Card Very high Very hight Informations density Inpossible Impossible Can be read by humans Very low / non Average The cost of function Low Average Price of lable / card High Average Label reader price Very fast Slow Speed of reading < 0.55 > 45 labels

Bystudyingtheadvantagesanddisadvantagesofdif ferent types of payment cards, an dcomparing them with each other.Our choice for smart student card is RFID systems.This system reduces the costs (Reduces manpower activities and increases speed), errors and alsoeachpersonwillhaveanindividualserialnumber, Human intervention in registering and reading will redace.Studying about many people in the same time will be possible and also updating data of terany changes, will be possible, which it will in crease the security. 3 RFIDanditssecurity: RFID tage have small microprocessors, Anttena, un igue serial number, that in the developed types of thesecards,thereisCryptographyability:Someofthe abilitiesforcustomizingofthesetagsare:symmetric key,PublickeyandHashing. RFID readers also read data from the tags and end themtoserver.Tagsdatastoresindatabaseserver,by this. There are abilities for receiving suddenstatistical reports or one case for studying, special calculation, and...,aboutpeopleorproductsthatareinthesystem. Generally, supplying freguency, supplying energy, transfering data, supplying clockpuls,aresome of the abilities of readers.RFID technology is flexible, that is easytoaccess,andmoreoveritissuitabletoautoma tedifferent systems.Advantages of using this technol ogy is not compareable to any other accessable auto matedidentificationsystem. Three inactive tag, semi active tag and active tag in some aspects like size, responseamplitude, resonse speed and... have some differances. Changes in this properties, with moving fram inactive tags to active tagareshowninbelow: Table 2: A comparison of TAGs
Tags life time Inacti > active > semi active Relieability Response speed gain Price Response amplitude gain Size

gain

gain

gain

RFIDSecurity: Despite, the high potential of RFID in making auto matedsystemsithasseveralinherentvulnerablespots. FRIDsystemsareexposedtoawiderangeofharmful attacks,frompassiveeavesdroppingtoactiveinterven tion. OneofthecommonattacksforRFIDasasmartcardis, physical copying from its chip, sameof these attacks areevenfromthestudents,sotoprotectRFIDagainst theseattacksPUFcanbeused. PhysicalUnclonableFunctions(PUF): Physical unclonable functions, are physical systems thatinaproperway,mapaseriesofinputs(Questions) toaseriesofoutputs(Answers).

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

110

Only the owner of this map can gets the outputs for each definedinput,and rossibility ofbeing defined by anotherpersoninanornaltime,isverylow. Forsystemswithlimitationofprocessingsourcesand storingdatasuchasRFIDlabels,evenperforminglight weightencryptingalgorithemdoesntseemtobeeasy. Nevertheless,nesearchshowsthatinRFIDlabels,se curityandcostissuesareconsidered. PUFconbeusedasaphysicalpartformakeingunigue identifierandalsotopreventfromcopying.[3] PUF, can beimplementedfromdifferent physicalsys tems. DifferenttypesofPUF Figure2:AClassificationofforPUFs Forexample,opticalPUFusesporouspatternoflaser beam.LagerPUFsuserandoncapacitancethatismade for creating a unigue identifier and also preventing fromcopying.Someofferedmedelsuseinherentprop erties of chip for unigueness and remaining unclona ble.OnespecialtypeissiliconPUFthatusestheprop erties of time and inherent delays of chip sintegrated circuits.This unigueness is caused by inveitable changes in the manufacturing of chip, that makes alarge differences in time respones and delay of logic gates. Research shows that, using in herent PUF is the most successfulmethedformakingreliableadnsafechips. Security technigues that, use silican PUFs have supe rior benefits than other technigues.Great resistance against reverse engineering, Resistance against secret channels, and fasterresponses are special be nefits for silican PUFs,So in here, our focus will be on silicon inherent PUFs and using them for designingcompo nentsofoneprotocolfordefiningidentificationofun clonableRFIDlables.[4]

Figure3:ThestructureofGuilanUniversity Asyoucanseeinthechart.Universityconsistsofedu cational adjutancy, Research adjutancy,student adju tancy,financialandofficialadjutancy,culturaladjutan cy. Andalsosecuritysection,chairmanandpublicrelation department, Technical anddevelopment planmanage ment, secretariot board, management and monitoring complaints,scientific cooperation group and in terna tionalrelation,andalsofacultiesaredifferent. Educationaladjutancy: This adjutancy leads related unitsand faculties to acheive the pre determined goals andpolicies of the university. Italsosupervisesthegualityofthework. Thisadjutancyhasthesemanagingsections. *Educationalaffairs. *Furthereducation. *Monitoringandevaluatingeducation. In educational adjutancy all the activities retated to students such as taking courses,registering and enter ingscores,transferingexpelling,graduatingissues,are doneinthissection. MoreovergraduationscommunicatingofficeandEn trepreneurshipofficeareunitsofthisagency. graduations community offices stablished with this initial gaal to get more in connection withgratuated students and the university after getting information fromthemandtheirjobstatus,becomeabletodesign itseducationalpolicyinawaythatmatchestotheso ciety reguiredneeds, entrepreneurship office is stab lished with this porpose to make the education more functionalforstudents. Withrespecttotheactivitiesthataredoneinthissec tion.Itneedsinformationsachas:individualidentifica tion, the year of entrance, transcripts, averagescore, students sent andreceived mails educatioal informa tion,finantialstatus. All these information can be stored in student duta base center related to the smart studentcard, and be

4 STUDYINGTHESTRUCTUREOFTHEUNIVERSITY
For getting adran tages of smart student card in uni versity first, its organizational structureshould be de fiend, and also it should be defined that which parts havetheablityofusingsmartstudentcardforincreas ingtimeandcastefficiency. Thefinalgoalofthisthesisistoindividuallystudythe functionofsmartstudentcardinGilanUniversity. In below, and organizational chart of a university is shown,thatdescribesthemainbranchesofauniversity.

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

111

usedbystudentwhentheyrefertoit. Researchadjutancy: Its main goal is to study, access and decide about all cutturalactivitiesinsideandoutsideofuniversityand alsorelatedfinancialandinternationalissues. Officialandfinancialadjutancy This section is incharge for checking students certifi cateofillnessanddroppingthecoursesifitsnecessary, checking for students reguest, receiviy students the sis,andconfirmingstudentsfinancialstatusand.... Withrespecttotheactivitiesheldinthissection,some information such as studentidentification, the entran ceyear, field of study. Educational status (full time / part time /international) are required to be stored in smartstudentcard. Studentadjutancy: Thisadjutancydesignsrequiredpoliciesandprograms andalsogiveservicestostudents. It also defines general policies about facility issues, extracurricular, consul tation and healthcare, for stu dents. Student adjutancy needs some information such as studentsfinancialinformation,studentssentandre ceived mail, Dormitory information, educational in formation. Studens family financial status with sing smart stu dent card and its database center all theseinformation areeasilyaccessable. Culturaladjutancy: Culturalandsocialadjutancyconsistsof3parts:Scien teficcommunities,culturalandsocialcentersandpolit icalcommunities. Inthissectionpersonalinformationofstudentsuchas: Name family name, entrance year, activities done in communities and centers are requiredthat all of them canbefoundinsmartstudentcard. Security: The security center consists of, physical security, doc ument security. It security, thatsupervises all the re latedpolitical,culturalandsocialnewsoftheuniversi ty. This section needs some ijformation such as: Personal information. Entrance year, Dormitoryin formation, centersandpoliticalcommunities. Management of chair man department and public relation: Inthissectioneducutionalinformationsuchasscores, entranceyear.Educationalstatus,tuitionapayment,the admissionstatusarereguired.Educationalinformation

suchaspersonalidentification,Dormitoryinformation, self service information, loan, cultural information li kestudentsactivitiesincentersandpoliticalcommuni ties, health and disciplinary information allare re guired that acheiveing these information by using smartstudentcardwillbeeasy. Department of scientific cooperation and interna tionalrelation: This department efforts to provide a background for disposingseminarsandcenferencesinforeignuniversi ties. This department needs information such as: Name family name Degree, type of guota,passport bumber, Nationalnumberandstudentsiclentificationnumber: Faculties: Universityconsistsofsomespeceficfacultiesthatwith respect to subjects of education, areclassified, these faculties are: Human sciences, fundemental sciences, Agriculture, Technical,physical education, Natural re sources, architeeture and art. Mathematic sciences and...Eachfacultymakesadirectconnectiontothestu dentsactivities,viaitseducationaladjutancy. Inthispartsmartstudentcardcanacceleratethispre cess. to have a secure communicatinginfras truc, all connections inside of the university use ILS protocol, thismeanseachpart,forgettingaconnectiontoanoth erpartorthedatabasecentermustusesTLS. For example, student adjutancy for reaching to infor mation of central database center mustuses TLS cov ered transmission lines or connection between library tofacultiesisaswell. But,togetaconnectionbetweenfundementalsciences section to datacenter, because thisconnection is out of universitysinteriornetworktunnelisused.Inprevious season, thefunction of Tunnel and TLS has been com pletelydescribed.
Figure 4: The Designed structure for communications in Guilan University

Inbelow,thissectionisshown,uptohere,withusing different components and protocols, Asuitable infras

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

112

tructureforusingstudentcardisprovided. Onesecuremodelfortransferingdataisoffered,which in that, different levels of accessibilitywith respect to differentrolesaredescribed. This model for student and cultural adjutancy is de scribed. secureinfrastruetureformokingconnectioninauni versityisdefined.Differentparts,needdifferentlevels of accessibility and information. So its necessary to study different levels ofaccessibility and then provide asuitablemodelforitsperformance.Accessibilitycon trolmethod, generally decides whether, people have licenseforusingrornot. It ensures that an allowed user have accessibility to datasourcesofaspecialnetwork. Sothisisoneofthemostimportantcomputersecurity mechanismsandspecialforprotectingdatasourcesys tems. FromdifferentAccessControlmodeisthatareavaila bleRBACischosen.Itsspecialbecauseitgivesauthori tiestorolesrutherthanusers,whenaroleisgiventoa user the userhave all the authorities that are available for that role. Users can have different or even several rolesandarolecanbededicatedtodifferentuseres. BRA,withstandingbehalfofroles,indirectlylimitsthe accessibilityofuser,andtheirauthoritiestothesources. RBAC,reducesemployeesworktimeandalsoreduces the complexity of managing. So itstores more budget foruniversity. Dueto,RoleBasedAccesscontrol(RBAC)snature,it givesorganizedlicensestotherolesandusersofficially get roles, so for university system, object might be educational studentsfor mation, library information, financialinformation.Rolesmightbestudentadjutan cy,DeanofstudentaffairsDormitorymanagers. These roles are permanent and group oriented. This reduces the complexity, for managmentof using stu dent smart card in university. RBAC provides name selection,andalsodescribesmulticonnectionsbetween peopleandlaws.RBACcanprovideasuitablecontrol over giving authorities to users, in universitg centrol lingprotected resources are mestly based an roles functions rather than owning data.In below, the im plementationofRBACinstudentadjutancyisshown. This model is designedwith respect to different levels ofrolesaccessibility.Instudentadjutancy,itssamefor othersections. 5 Conclusion: By implementing this medel and spending an initial cost,universityusesfromthebenefitsofasecuresmart student card, that eases the usage, management, high guality services. It reduces costs, errors. It eases to changethedatatofacuseddatastorage,incentralda tabasecenter,unitedandaccessabledata,Increasesthe data control, Reduces redundancy, in compatibili ty,datastoring and also limits security. (A channel for access, is available and security controlscan be pro vided for it.) So, by spending on initial cost and pro

vidingasuitableinfrastructure,theuniversitywillget advantagesinfuture.

Figure 5: The communication priority in the Dean of student affairs department of Guilan University
6
[1]

References
Donal OMahony Michael Peirce and Hitesh Tewari Elec tronicPaymentSystemsforECommerceSecondEditionAr techHouse,2001. Guidelines for Securing Radio Frequency Identification (RF ID)SystemsNationalInstitute ofStandardsandTechnology April2007. Bolotnyy L. Robins G., Physically Unclonable Function BasedSecurityandPrivacyinRFIDSystems.In:Proc.ofPer Com07,NewYorkUSA(2007)211220. DevadasS.SuhE.ParalS.SowellR.ZiolaT.,&Khan delwalV.,DesignandimplementationofPUFbasedunclon able RFID ICs for anticounterfeiting and security applica tions, In Proceedings of the 2008 IEEE international, confe renceonRFID1617April2008(pp.5864).

[2]

[3]

[4]