Smart and Stored-Value Cards 2004

Download Report

Transcript Smart and Stored-Value Cards 2004

Electronic Payment Systems
20-763
Lecture 8:
Stored-Value Cards
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Outline
•
•
•
•
•
•
•
Smart card types
Operating systems
Wireless cards
Card manufacture and issuance
Security
Octopus
Geldkarte
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Smart Card Applications
E-Government
Mobile
Telecommunications
Access control
Banking
W-LAN
Enterprise
Security
Mass Transit
Public
Telephony
Retail
Digital Rights
Management
SOURCE: JEAN-JACQUES VANDEWALLE
ePayment by Smart Card
• Objective: replace cash
• Cash is expensive to make and use
–
–
–
–
Printing, replacement
Anti-counterfeiting measures
Transportation
Security
• Cash is inconvenient
– not machine-readable
– humans carry limited amount
– risk of loss, theft
• Additional smart card benefits
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Smart Cards
• Magnetic stripe
– 3 tracks, ~140 bytes, cost $0.20-0.75
• Memory cards
– 1-4 KB memory, no processor, cost $1.00-2.50
• Optical memory cards
– 4 megabytes read-only (CD-like), $7-12
• Microprocessor cards
– Imbedded microprocessor
• (OLD) 8-bit processor,
16 KB ROM, 512 bytes RAM
• Equivalent power to IBM XT PC
• 32-bit processors now available
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Magnetic Stripe Cards
•
•
•
•
Three tracks: 1 & 3 at 210 bits/inch; 2 at 75 bpi
Start sentinel (1 char): %
Format code (1 char): B for bank/financial
PAN, Primary Account Number (19 char)
– Major industry identifier (1 or 2 char): 4, 5 for credit cards
– Issuer (up to 5 char)
– Individual account number (up to 12 char)
•
•
•
•
•
Field separator (1 char): ^
Name
Field separator
Expiration date (4 char): YYMM
Proprietary fields, including Pin Verification Value (P V V)
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Other Smart Card Types
SIM card
Crypto card
USB token
Java card
Memory card
ELECTRONIC PAYMENT SYSTEMS 20-763
SOURCE: ANDREAS STEFFEN
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Laser Optical Memory Card
Capacity: 1MB - 1GB
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Hong Kong Smart ID
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Microprocessor Card Adoption
MILLIONS
OF CARDS
WORLDWIDE
2,000
1,800
1,600
1,400
1,200
1,000
800
600
400
200
0
2000
Asia Pacific
Japan
Europe
Americas
North America
2001
2002
2003
2004
1999: 500 M microprocessor cards
2004: 1750 M microprocessor cards
SOURCE: DATAQUEST (10/2000)
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Smart Card Structure
Contacts:
Microprocessor
Contacts
Card
(Upside-down)
Epoxy
Contacts (8)
SOURCE: SMART CARD FORUM
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Old (8-bit) Smart Card Architecture
EEPROM:
Electrically
Erasable
Programmable
Read-Only
Memory
SOURCE: SMART CARD FORUM
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Smart Card Components
Processors
• 8-bit, typical clock speed: 5 MHz (8-bit)
• Optional cryptographic processor
• 32-bit, clock speed 300 MHz
• 64-bit, 600 MHz
SOURCE: SUMIT DHAR
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Smart Card Components
ROM: Read Only Memory
• Used for storing fixed programs. Holds the operating
system
• Typically varies from 2KB to around 16 KB
• Once written, cannot be changed
• Occupies the least area
PROM: Programmable Read Only Memory
• Used for loading card serial number
• Very small, typically just 32 bytes
SOURCE: SUMIT DHAR
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Smart Card Components
EEPROM: Electrically Erasable Read Only Memory
• Stores variable data
• Holds various applications and their data.
• Can be read or written to subject to permissions.
• Typically 2 - 32 KB
RAM: Random Access Memory
• Used as temporary storage.
• Erased on power off.
• Typically 128-512 bytes
SOURCE: SUMIT DHAR
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Cyberflex™ Java Smart Card
• Complete 32-bit Java run-time environment on a card
• Utilities for compiling and loading cardlets onto the
card from a PC
CARDLETS
2
1
3
JAVA VIRTUAL MACHINE
OPERATING SYSTEM
MICROPROCESSOR
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Smart Card Architecture
• File structure (ISO 7816-4)
– Cyclic files
• Database management on a card
– SCQL (Structured Card Query Language)
– Provides standardized interface
– No need to know file formatting details
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Cyclic File
byte number
1
2
3
4
5
6
7 8
9
m
record 1
number
2
3
4
n
–
–
–
–
n+1st record
READ gives the most recently written record
Maximum number of records: 254
When maximum is reached, first record is overwritten
Record length: 1 .. 254 bytes
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
SOURCE: ANDREAS STEFFEN
COPYRIGHT © 2004 MICHAEL I. SHAMOS
ATM and Debit Card Cryptography
• PIN cannot be stored anywhere in plaintext
• PIN cannot be reverse-engineered from the card or
any database
• Generate a random 4-digit number (the PIN)
• Combine PIN with other data (account number) to
form a data block
• Encrypt the data block using 3DES and secret bank
keys
• Select several digits from the encrypted data to use
as the Pin Verification Value (P V V)
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Forming the Pin Verification Value
ACCOUNT 4-DIGIT
NUMBER
PIN
SECRET
BANK KEYS
3DES
ENCRYPTED
DATA BLOCK
SELECT 4-6 DIGITS
FROM ENCRYPTED DATA
BLOCK TO FORM P V V
PIN VERIFICATION
VALUE (P V V)
CARD HAS
ACCOUNT NUMBER
AND P V V
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Using the Card
CARD HAS
ACCOUNT NUMBER
AND PVV
P V Vs MATCH?
USER IS AUTHENTIC
ATM MACHINE READS ACCOUNT
NUMBER AND P V V
P V Vs DIFFERENT?
USER IS REJECTED
USER TYPES PIN
MACHINE NOW HAS:
ACCOUNT 4-DIGIT
NUMBER
PIN
PVV
COMPARE CARD P V V
WITH COMPUTED P V V
MACHINE HAS BANK
KEYS IN HARDWARE:
SECRET
BANK KEYS
3DES
DECRYPTED
DATA BLOCK
PVV
COMPUTE P V V
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
OpenCard Framework (OCF)
CardService
Layer
(TALKS TO CARD)
CardTerminal
Layer
(TALKS TO READER)
SOURCE: OPENCARD.ORG
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Card Security Threats
Group 5
ATTACKS ON THE RUN-TIME
ENVIRONMENT THROUGH THE
CARD ACCEPTANCE DEVICE (CAD)
Group 6
THREATS FROM CARD APPS AND
NEED TO SHARE RESOURCES
Clone
Future
Group 7
Past
Group 3
Current
ATTACKS USING CARDS
NOT YET ISSUED, OLD
CARDS, CLONES
THREATS BASED ON RTE
IMPLEMENTATION
CAD
Group 4
Group 1
DIRECT ATTACKS ON
CHIP CIRCUITRY
ATTACKS ON CARD’S
INTERFACE TO THE OUTSIDE,
E.G. PREMATURE REMOVAL
Group 2
INDIRECT ATTACKS
ON CHIP CIRCUITRY
SOURCE: GAMMA
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Power and Timing Analysis
NOP
(no operation)
MUL
(multiplication)
JMP
(jump)
power
consumption
time
Source: Rankl and Effing, "Handbuch der Chipkarten", 2002
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Differential Power Analysis
• Send different inputs to the Smart Card to learn details of its
encryption key
• When a correct key value is tried, the algorithm responds
• Incorrect keys have zero average response
INITIAL
PERMUTATION
SMART CARD POWER CONSUMPTION
DURING DES ENCRYPTION
16 DES ROUNDS
FINAL PERMUTATION
EXPANDED VIEW
OF ROUNDS 2 & 3
SOURCE: cryptography.com
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Reverse engineering
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Probing with Needles
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Contactless Card
• Communicates by radio
– Power supplied by reader
– Data rate 106 Kb/sec
– Read 2.5 ms, write 9 ms
– 8 Kb EEPROM, unlimited read, 100,000 writes
– Effective range: 10 cm, signals encrypted
– Lifetime: 2 years (data retention 10 years)
– Two-way authentication, nonces, secret keys
– Anticollision mechanism for multiple cards
– Unique card serial number
SOURCE: GEMPLUS
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
RFID Tags
IC Chip
32mm and 23mm
capsule transponder
Antenna
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
How RFID Works
•
•
•
•
•
•
•
•
Antenna
Tag enters RF field
RF signal powers tag
Tag transmits ID, plus data
Reader captures data
Reader sends data to computer
Computer determines action
Computer instructs reader
Reader transmits data to tag
Tag
Computer
RFID
Reader
SOURCE: PHILIPS
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Euro Banknotes
• European Central Bank has announced plans to
implant RFID tags in banknotes by 2005
• Uses
– Anti-counterfeiting
– Tracking money flows
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
PAYMENT ON A KEYCHAIN
SMALL AND CHEAP
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Automated Toll Collection
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Hong Kong Smart Cards
• Octopus
– 12 million cards, 15,000 readers
– 7 million transactions/day
– $48M HKD per day
•
•
•
•
Visacash
ComPass Visa (VME)
Mondex
GSM SIM, ePark
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Octopus Card Features
•
•
•
•
•
•
•
•
•
•
Hong Kong RFID payment card
Operating distance: 15 cm
Bandwidth: 211 Kb/sec
Triple DES in 70 sec
EEPROM 1536 bytes
128-byte data backup area
16-byte manufacturer ID; 16-byte issue ID
Processing time: 50 msec on card, 300 msec overall
Random access and cyclic files
Anti-collision protocol
SOURCE: MITSUBISHI
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Octopus Card Security
SOURCE: MITSUBISHI
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Octopus
SONY RC-S833
CONTACTLESS SMART CARD
SONY READER/WRITER
I/O SPEED: 211 Kbps
SOURCE: SONY
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Octopus Expansion
• Identity card
• Access control
• Hotel room key
• Credit card
• McDonalds
• Mobile phone
• Home readers
SOURCE: CREATIVE STAR
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Octopus Clearing
CENTRAL CLEARING
HOUSE SYSTEM
SERVICE
PROVIDER
CENTRAL
COMPUTER
LOCAL
DATA
PROCESSOR
SOURCE:
SOURCE: SAMMY KAM
Octopus Settlement
• CONSOLIDATE DATA
• PRINT REPORTS
• ROUTE DATA TO CCHS
• DISTRIBUTE SOFTWARE
• COLLECT TRANSACTIONS
• PRINT REPORTS
• SEND DATA TO SPCC
MTR CENTRAL
COMPUTER
SERVICE PROVIDER
CENTRAL COMPUTERS
(SPCC)
LOAD AGENT
CENTRAL
COMPUTER
STATION
COMPUTER
CCHS
CENTRAL
CLEARING
HOUSE
SYSTEM
• VALIDATE DATA
• NET ACCOUNTING
SETTLE MENT
• MUTUAL
AUTHENTICATION
• CHECK BLACKLIST
HSBC HEXAGON
• UPDATE CARD
MTR’S
BANK
• STORE TRANSACTIONS
FARE PROCESSORS
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
LOAD
AGENT’S
BANK
OCTOPUS
BANK
REGULAR ACCT
BUFFER ACCT
RESERVE ACCT
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Major Ideas
• Smart cards replace cash
• Potential of cards is unexplored; new uses every day
• Powerful microprocessors allow
– cryptography
– certificates, authentication
– secure purses
• Wireless (contactless) cards enable new business
models
• Smart card security is not perfect
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Q&A
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Mondex
•
•
•
•
•
•
Subsidiary of MasterCard
Smart-card-based, stored-value card (SVC)
NatWest (National Westminister Bank, UK) et al.
Secret chip-to-chip transfer protocol
Value is not in strings alone; must be on Mondex card
Loaded through ATM
– ATM does not know transfer protocol; connects
with secure device at bank
• Spending at merchants having a Mondex value
transfer terminal
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Mondex Overview
SOURCES: OKI, MONDEX USA
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS
Mondex Security
• Active and dormant security software
– Security methods constantly changing
– ITSEC E6 level (military)
• VTP (Value Transfer Protocol)
–
–
–
–
Globally unique card numbers
Globally unique transaction numbers
Challenge-response user identification
Digital signatures
• MULTOS operating system
– firewalls on the chip
ELECTRONIC PAYMENT SYSTEMS 20-763
SPRING 2004
COPYRIGHT © 2004 MICHAEL I. SHAMOS