Smart and Stored

Transcript Smart and Stored

Electronic Payment Systems
20-763
Lecture 8
Smart and Stored-Value Cards
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Outline
•
•
•
•
•
•
•
•
Smart card types
Operating systems
Wireless cards
Card manufacture and issuance
Security
Octopus
Mondex
Mobile systems
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
ePayment by Smart Card
• Objective: replace cash
• Cash is expensive to make and use
–
–
–
–
Printing, replacement
Anti-counterfeiting measures
Transportation
Security
• Cash is inconvenient
– not machine-readable
– humans carry limited amount
– risk of loss, theft
• Additional smart card benefits
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Cards
• Magnetic stripe
– 140 bytes, cost $0.20-0.75
• Memory cards
– 1-4 KB memory, no processor, cost $1.00-2.50
• Optical memory cards
– 4 megabytes read-only (CD-like), $7-12
• Microprocessor cards
– Imbedded microprocessor
• (OLD) 8-bit processor,
16 KB ROM, 512 bytes RAM
• Equivalent power to IBM XT PC
• 32-bit processors now available
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Costs
NEW: RW Optical 500 MB
32-bit
$15
Reader: $200
SOURCE: SUN
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Laser Optical Memory Card
Capacity: 1MB - 1GB
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Microprocessor Card Adoption
MILLIONS
OF CARDS
WORLDWIDE
2,000
1,800
1,600
1,400
1,200
1,000
800
600
400
200
0
2000
Asia Pacific
Japan
Europe
Americas
North America
2001
2002
2003
2004
1999: 500 M microprocessor cards
2004: 1750 M microprocessor cards
SOURCE: DATAQUEST (10/2000)
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Card Taxonomy
Machine Readable Cards
Magnetic
Magnetic
Stripe
Wiegand
IC Cards
Barrium
Ferrite
Radio
Frequency
Write Once
(EPROM)
Memory Only
With Micro
Processor
Smart
Optical
Memory
Bar Codes
Softstrip
OCR
Optical
Memory
Write Many
(EEPROM)
Memory Only
With Micro
Processor
SOURCE: BURGER, CAROLL & ASSOCIATES
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Multi-Application Smart Card
Private Key(s)
SSL Secure Web
S/Mime Secure Mail
Digital Certificates
Customer PKI
Application
ACE (Active Customer
Enrollment) Authentication
Biometric Data
Single Sign-On
Encryption Key
Biometric
Authentication
Employee Data
Local File Encrypt
Password Cache
Secure Screen Saver
Employee Picture
Application Login
Magnetic Stripe or
RF Door Access
SOURCE: SECURITY DYNAMICS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Structure
Contacts:
Microprocessor
Contacts
Card
(Upside-down)
Epoxy
Contacts (8)
SOURCE: SMART CARD FORUM
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Old Smart Card Architecture
EEPROM:
Electrically
Erasable
Programmable
Read-Only
Memory
SOURCE: SMART CARD FORUM
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Cyberflex™ Java Smart Card
• Complete 32-bit Java run-time environment on a card
• Utilities for compiling and loading cardlets onto the
card from a PC
CARDLETS
1
2
3
JAVA VIRTUAL MACHINE
OPERATING SYSTEM
MICROPROCESSOR
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Architecture
• File structure (ISO 7816-4)
– Cyclic files
• Database management on a card
– SCQL (Structured Card Query Language)
– Provides standardized interface
– No need to know file formatting details
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Contactless Cards
• Communicates by radio
– Power supplied by reader
– Data rate 106 Kb/sec
– Read 2.5 ms, write 9 ms
– 8 Kb EEPROM, unlimited read, 100,000 writes
– Effective range: 10 cm, signals encrypted
– Lifetime: 2 years (data retention 10 years)
– Two-way authentication, nonces, secret keys
– Anticollision mechanism for multiple cards
– Unique card serial number
SOURCE: GEMPLUS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
How RFID Works
•
•
•
•
•
•
•
•
Antenna
Tag enters RF field
RF signal powers tag
Tag transmits ID, plus data
Reader captures data
Reader sends data to computer
Computer determines action
Computer instructs reader
Reader transmits data to tag
Tag
Computer
RFID
Reader
SOURCE: PHILIPS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
RFID
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
SOURCE: SANJAY SARMA
Low-Cost RFID
IC
Design
Millions
of tags
Billions
of tags
IC
Manufacture
20¢
1-2¢
Antenna
Manufacture
5¢
1¢
Antenna/IC
Assembly
5¢
1¢
Conversion
to Package
End
users
20¢
Total
~ 40¢
1¢
Total
~ 4 - 5¢
SOURCE: SANJAY SARMA
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Java Ring
• Java-enabled iButton
• Communicates by contact at 142 Kbps
• 64 KB ROM and 134 KB RAM
• Stores 30 digital certificates with 1024-bit keys
• Uses: authentication, epayment, access
• Cost: $15-30 in unit quantity
SOURCE: IBUTTON.COM
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
OpenCard Framework (OCF)
CardService
Layer
(TALKS TO CARD)
CardTerminal
Layer
(TALKS TO READER)
SOURCE: OPENCARD.ORG
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
CARD PROTECTION TECHNOLOGIES
VISUAL
PROTECTION
Holograms
ACCESS
PROTECTION
CONTENT
VERIFICATION
Photocard
Embossed
Data
Ultraviolet
Pattern
PIN
Signature
Protection on
Modification
Protection on
Duplication
DNA
Microprint
s
PVV
CVC
Magnetic Stripe
Protection
Xsec
Smart Card
Xshield
Memory Card
Holomagnetic
Valugard
Magneprint
Sandwich Watermark
CVC = Card Verification Code
PVV = PIN Verification Value
20-763 ELECTRONIC PAYMENT SYSTEMS
P Card
SOURCE: L. M. CHENG, CUHK
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
ATM and Debit Card Cryptography
• PIN cannot be stored anywhere in plaintext
• PIN cannot be reverse-engineered from the card or
any database
• Generate a random 4-digit number (the PIN)
• Combine PIN with other data (account number) to
form a data block
• Encrypt the data block using 3DES and secret bank
keys
• Select several digits from the encrypted data to use
as the Pin Verification Value (PVV)
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Forming the Pin Verification Value
ACCOUNT 4-DIGIT
NUMBER
PIN
SECRET
BANK KEYS
3DES
ENCRYPTED
DATA BLOCK
SELECT 4-6 DIGITS
FROM ENCRYPTED DATA
BLOCK TO FORM PVV
PIN VERIFICATION
VALUE (PVV)
CARD HAS
ACCOUNT NUMBER
AND PVV
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Using the Card
CARD HAS
ACCOUNT NUMBER
AND PVV
P V Vs MATCH?
USER IS AUTHENTIC
ATM MACHINE READS ACCOUNT
NUMBER AND P V V
P V Vs DIFFERENT?
USER IS REJECTED
USER TYPES PIN
MACHINE NOW HAS:
ACCOUNT 4-DIGIT
NUMBER
PIN
PVV
COMPARE CARD P V V
WITH COMPUTED P V V
MACHINE HAS BANK
KEYS IN HARDWARE:
SECRET
BANK KEYS
3DES
DECRYPTED
DATA BLOCK
PVV
COMPUTE P V V
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Credit Card Fraud
Stealing — A legal card may be stolen and used in
ATMs or EPOSs.
 Altering
and re-embossing a genuine card,
modifying visual features.
 Skimming or altering data on the magnetic stripe,
e.g. expiration date or credit limit, stored value.
 Copying data from a genuine card to another online
— “white plastic fraud”
 Counterfeiting — “color plastic fraud” — encoding
information from one card to another card off-line

SOURCE: L. M. CHENG, CUHK
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
OP Security Assumptions
• OP card is merely a component
• Need to trust:
– back-office systems
– cryptographic key management
– card/chip operating environment (COE)
– off-card security procedures (actors and roles)
• There are vulnerabilities the OP card cannot protect
itself against
SOURCE: GAMMA
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
OP Card Security Threats
Group 5
ATTACKS ON THE RUN-TIME
ENVIRONMENT THROUGH THE
CARD ACCEPTANCE DEVICE (CAD)
Group 6
THREATS FROM CARD APPS AND
NEED TO SHARE RESOURCES
Clone
Future
Group 7
Past
Group 3
Current
ATTACKS USING CARDS
NOT YET ISSUED, OLD
CARDS, CLONES
THREATS BASED ON RTE
IMPLEMENTATION
CAD
Group 4
Group 1
DIRECT ATTACKS ON
CHIP CIRCUITRY
ATTACKS ON CARD’S
INTERFACE TO THE OUTSIDE,
E.G. PREMATURE REMOVAL
Group 2
INDIRECT ATTACKS
ON CHIP CIRCUITRY
SOURCE: GAMMA
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Security
•
•
•
•
•
Observers
Active defenses
Attacks:
Microprobing, microscopy
Differential fault analysis
– (Boneh et al. 1997)
– Induce errors, observe output differences
SOURCE: Kömmerling et al.
• Differential power analysis
SOURCE: cryptography.com
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Differential Power Analysis
• Send different inputs to the Smart Card to learn details of its
encryption key
• When a correct key value is tried, the algorithm responds
• Incorrect keys have zero average response
INITIAL
PERMUTATION
SMART CARD POWER CONSUMPTION
DURING DES ENCRYPTION
16 DES ROUNDS
FINAL PERMUTATION
EXPANDED VIEW
OF ROUNDS 2 & 3
SOURCE: cryptography.com
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Optical Vulnerabilities
PIC16F84
“DEPACKAGED”
MANUAL PROBER WITH
PHOTOFLASH LAMP
SRAM ARRAY, MAGNIFIED
(STATIC RANDOM ACCESS MEMORY)
20-763 ELECTRONIC PAYMENT SYSTEMS
SOURCE: ROSS ANDERSON
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Sales Leaders (2000)
VENDOR
# OF CARDS
Gemplus
185,000,000
29%
Schlumberger
152,000,000
24%
Oberthur Smart Cards
85,000,000
14%
Giesecke & Devrient
76,000,000
12%
Orga Card Systems
53,000,000
8%
TOTAL
SHARE
628,000,000
SOURCE: CARDWEB.COM
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Octopus
• Transaction time < 300 milliseconds
• Transaction fees: HK$0.02 + 0.75%
– $10 transaction costs $0.095 (0.95%)
• Applications
–
–
–
–
–
Transit
Telephones
Road tolls
Point-of-sale
Access control
• Anonymous / personalized
• How does money get to service providers?
– Net settlement system operated by Creative Star
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Octopus
SONY RC-S833
CONTACTLESS SMART CARD
SONY READER/WRITER
I/O SPEED: 211 Kbps
SOURCE: SONY
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Octopus System
SOURCE: WORLD BANK
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Bus Smart Card Systems
SOURCE: MITSUBISHI
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mondex
•
•
•
•
•
•
Subsidiary of MasterCard
Smart-card-based, stored-value card (SVC)
NatWest (National Westminister Bank, UK) et al.
Secret chip-to-chip transfer protocol
Value is not in strings alone; must be on Mondex card
Loaded through ATM
– ATM does not know transfer protocol; connects
with secure device at bank
• Spending at merchants having a Mondex value
transfer terminal
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mondex Overview
SOURCES: OKI, MONDEX USA
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mondex Security
• Active and dormant security software
– Security methods constantly changing
– ITSEC E6 level (military)
• VTP (Value Transfer Protocol)
–
–
–
–
Globally unique card numbers
Globally unique transaction numbers
Challenge-response user identification
Digital signatures
• MULTOS operating system
– firewalls on the chip
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Payment Cards
EMV =
EUROPAY INT’L,
MASTERCARD,
VISA
• 8-128 Kb
• Data rate 115 Kb/sec
MPCOS =
MULTI PAYMENT CHIP
OPERATING SYSTEM
• ISO 7816 compliant
• Visa-certified
• PIN management and verification
• 3DES algorithm for authentication, secure messaging
• ePurse with payment command set (debit,
credit, balance, floor limit management)
SOURCE: GEMPLUS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mobile Card Systems
MOTOROLA P7389
TRIBAND WAP PHONE
WITH SMARTCARD READER
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mobile EMV Chip Debit/Credit
Card
Issuer
s
Voice or IP Browsing &
Offer Request
Wallet simply forwards
cardholder’s address details
Merchants
Clearing &
Settlement Merchant
Acquirer
Merchant Offer
OPTION 1:
Multi-app:
SIM + EMV
(CEC)
Request
Shipment
Confirmation
Gateway
Wallet
Server
SET or
SSL/TLS
WAP or iPurchase
Mode
Acquiring
Payment
Engine
Authorisation
Request / Response
M/CHIP transaction with
ARQC and ARPC / ARC
data classed as “Card
Present” Transaction
Option 2: Dual
slot phone with
full size EMV
SOURCE: MAOSCO
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Comparison of Payment Methods
PAYMENT
TYPE
ADVANTAGES
DISADVANTAGES
Cash
Anonymous, universal,
free
Risk of theft/loss, bulky
Credit Card
Almost universal
High transaction cost,
fraud/forgery
EFTPOS
Direct access to cash
Must be online, security
only moderate
Disposable
smart card
Fast, private
Risk of loss, limited to
small amounts
Personalized
smart card
Long useful life,
security, like eCash
Not anonymous, lack of
international standards
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Major Ideas
• Potential of cards is unexplored; new uses every day
• Powerful microprocessors allow
– cryptography
– certificates, authentication
– secure purses
• Wireless (contactless) cards enable new business
models
• Huge capacity laser CD-DVD cards allow large
databases of personalized information
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Q&A
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS

Smart and Stored

Transcript Smart and Stored

Directory