Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Smart Card

    Hochgeladen von

    Naushad Perwaiz
    44 Ansichten40 Seiten
    Sender receiver Confidentiality: unauthorized disclosure of information Integrity: unauthorized modification of information objective of cryptography Giving trust in: - authenticity of message and / or sender - integrity of message. Cryptographic services Encryption (confidentiality) Message Authentication Codes (integrity) MAC key message Encryption Encryption Electronic signatures (authentication) Challenge Key key secrecy strong algorithms difficult to guess key from message / ciphertext pairs sufficient key length (brute

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PPT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Sender receiver Confidentiality: unauthorized disclosure of information Integrity: unauthorized modification of information objective of cryptography Giving trust in: - authenticity of message and / or sender - integrity of message. Cryptographic services Encryption (confidentiality) Message Authentication Codes (integrity) MAC key message Encryption Encryption Electronic signatures (authentication) Challenge Key key secrecy strong algorithms difficult to guess key from message / ciphertext pairs sufficient key length (brute

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    44 Ansichten40 Seiten

    Smart Card

    Hochgeladen von

    Naushad Perwaiz
    Sender receiver Confidentiality: unauthorized disclosure of information Integrity: unauthorized modification of information objective of cryptography Giving trust in: - authenticity of message and / or sender - integrity of message. Cryptographic services Encryption (confidentiality) Message Authentication Codes (integrity) MAC key message Encryption Encryption Electronic signatures (authentication) Challenge Key key secrecy strong algorithms difficult to guess key from message / ciphertext pairs sufficient key length (brute

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 40

    SMART CARD

    Naushad perwaiz Mca

    Contents
    Secure communication
    threats objective of cryptography cryptographic services, principles and algorithms

    Smart cards
    concepts applications architecture

    Security
    basic security features attacks counter measures

    What are the threats ?

    sender

    receiver

    Confidentiality: unauthorized disclosure of information Integrity: unauthorized modification of information Authenticity: unauthorized use of service

    Objective of cryptography
    Giving trust in:
    authenticity of message and/or sender integrity of message (sometimes) confidentiality of message

    by using an algorithm based on a secret shared between participants in a scheme.

    Cryptographic services
    Encryption (confidentiality) Message Authentication Codes (integrity)
    Key Key

    message

    encryption
    Key

    decryption

    message MAC

    Key

    message

    encryption

    =?
    MAC message

    encryption

    Electronic signatures (authentication)

    Challenge
    Key

    Key

    encryption

    encryption
    response = ? response

    Cryptographic principles
    based on:
    key secrecy strong algorithms difficult to guess key from message/ciphertext pairs sufficient key length (brute force)

    Kerckhoffs principle:
    strength should reside in secrecy of key, not in secrecy of algorithm

    Cryptographic algorithms (1)


    Classical systems: transposition (mixing character sequence) substitution (changing characters) poly-alphabetic substitution (Viginere, Hagelin)

    easily broken, using language statistics

    Cryptographic algorithms (2)


    Today two kinds of algorithms: repetitive permutations and substitutions of bits:
    DES, 3-DES, IDEA, RC5, Blowfish secret key

    mathematical calculations
    RSA, Rabin, ElGamal, zero-knowledge, elliptic curve public key

    Smart card concepts


    A smart card: can store data (e.g. profiles, balances, personal data) provides cryptographic services (e.g. authentication, confidentiality, integrity) Anne Doe is a microcomputer is small and personal is a secure device
    1234 5678 8910

    Smart card application areas


    Communication Entertainment Retail Transportation Health care Government E-commerce E-banking Education Office

    Smart card applications (1)


    Retail
    Sale of goods using Electronic Purses, Credit / Debit Vending machines Loyalty programs Tags & smart labels

    Communication
    GSM Payphones

    Transportation
    Public Traffic Parking Road Regulation (ERP) Car Protection

    Entertainment
    Pay-TV Public event access control

    Smart card applications (2)


    Healthcare
    Insurance data Personal data Personal file

    E-commerce
    sale of information sale of products sale of tickets, reservations

    Government
    Identification Passport Driving license

    E-banking
    access to accounts to do transactions shares

    Smart card applications (3)


    Educational facilities
    Physical access Network access Personal data (results) Copiers, vending machines, restaurants, ...

    Office
    Physical access Network access Time registration Secure e-mail & Web applications

    Smart card architecture


    Physical appearance: Credit card or SIM dimensions Contacts or contactless Vcc Reset Clock Gnd

    Vpp
    I/O

    Whats inside a smart card ?


    Central Processing Unit: heart of the chip

    CPU

    Whats inside a smart card ?


    security logic:
    CPU

    security logic

    detecting abnormal conditions,

    e.g. low voltage

    Whats inside a smart card ?


    serial i/o interface:
    CPU

    security logic serial i/o interface

    contact to the outside world

    Whats inside a smart card ?


    test logic:
    self-test procedures

    CPU

    test logic

    security logic serial i/o interface

    Whats inside a smart card ?


    ROM:
    card operating system self-test procedures typically 16 kbytes future 32/64 kbytes

    CPU

    test logic ROM

    security logic serial i/o interface

    Whats inside a smart card ?


    RAM:
    scratch pad of the processor

    CPU

    test logic ROM

    security logic serial i/o interface

    RAM

    typically 512 bytes future 1 kbyte

    Whats inside a smart card ?


    EEPROM:
    cryptographic keys PIN code biometric template balance application code typically 8 kbytes future 32 kbytes

    CPU

    test logic ROM

    security logic serial i/o interface

    RAM EEPROM

    Whats inside a smart card ?


    databus:
    connection between elements of the chip 8 or 16 bits wide

    databus CPU test logic ROM security logic serial i/o interface RAM EEPROM

    Smart card chip

    Basic smart card security features


    Hardware
    closed package memory encapsulation fuses security logic (sensors) cryptographic coprocessors and random generator

    Software
    decoupling applications and operating system application separation (Java card) restricted file access life cycle control various cryptographic algorithms and protocols

    Smart card attacks


    Internal Attacks
    Side Channel Attacks

    Logical Attacks

    Internal Attacks

    etching tools Microscope Probe station laser cutters Scanning Electron Microscope Focussed Ion Beam System and more.

    Lab pictures provided by TNO

    Reverse engineering

    Staining of ion implant ROM array

    Sub micron probe station

    Probing with eight needles

    FIB: fuse repair

    Internal attack counter measures


    Alarm (sensors)
    light active grid

    Hide
    feature size (< 300 nm) multi-layer buried bus bus scrambling shield

    Confuse
    glue logic redundant logic

    Logical attacks

    Communication
    Command scan File system scan Invalid / inopportune requests Crypt-analysis and protocol abuse

    Logical attack counter measures


    Command scan
    limit command availability restrict and verify command coding

    life cycle management

    File system scan


    restrict file access test file access mechanisms (PIN. AUT, etc)

    Invalid / inopportune requests


    exclude non-valid behaviour verify conformance

    Crypt analysis and protocol abuse


    publish algorithms and initiate public discussion evaluate crypto algorithm and protocol

    Side channel

    Attacks
    Use of hidden signals
    electromagnetic emission power consumption timing

    Insertion of signals
    power glitches electromagnetic pulses

    Power analysis
    peak

    shape slope

    Iddq
    area

    time

    Power waveform

    Fault injection on smart cards

    Change a value read from memory to another value by manipulating the supply power:

    Threshold of read value

    A power dip at the moment of reading a memory cell

    Side channel attack counter measures


    Signal analysis
    reduce processor signal by balancing or equalising the power and/or shielding the emission add noise to the processor activity (both in time and amplitude) eliminate timing relation with processed key and or data variable ordering of processes blinding of intermediate values with random values retry counters limited control and visibility of crypto input and output

    Signal insertion
    use sensors for supply voltage, light and temperature double implementation path (for verification) check for runtime parameter validity

    Conclusions

    Smart card technology is emerging, applications are everywhere Smart cards enhance service and security Perfect security does not exist, even not for smart cards Risk analysis is essential
    More info? Mailto: info@riscure.com

    Das könnte Ihnen auch gefallen