Introduction to Microprocessor Cards
Download
Report
Transcript Introduction to Microprocessor Cards
Introduction to
Microprocessor
Cards
하남수
2000.5.30
[email protected]
Summary
1.
2.
3.
4.
What is a smart cards ?
Standards in the smart card industry
Card life cycle
Security feature
2000-05-31
순천향대학교 하남수
2
1 - What is a smart card ?
2000-05-31
순천향대학교 하남수
3
Characteristics of
Microprocessor Cards
Memory and processor on the same chip
Unique and permanent serial number
Secret code protection in the card
Cryptographic capability
2000-05-31
순천향대학교 하남수
4
What Information needs to be
in the card?
Everything that relates to the intrinsic operation of
the application
Identification of the card holder
Rights of the card holder
Everything that relates to the security of the card
and the application
Card Serial Number
Secret code
Keys for cryptographic algorithms
2000-05-31
순천향대학교 하남수
5
Inside the Chip of a
Microprocessor Card
ROM
CPU
R
E
A
E
M
P
R
Security
M
COS
2000-05-31
순천향대학교 하남수
6
Role of the Operating System
The Operating system transforms a physical
device into a logical tool by providing these
feature:
Memory Management
Security Management
Cryptographic Functions
Customization
2000-05-31
순천향대학교 하남수
7
Types of Objects Managed by
the Operating System
Data는 files형태로 조직화
data, code, key,…
Security는 OS에의해 운영
Secret code는 파일 억세스를 컨트롤
Keys들은 암호학적 함수를 위해 사용
All data and security features are managed by the OS
2000-05-31
순천향대학교 하남수
8
Types of Commands Performed
by the Operating System
Administrative commands
File and Directory management: creat, read, write,
update, …
Security related commands
Operations on secret codes and keys
Loyalty commands
Award, Redeem, …
Payment commands
Credit, Debit, Read Balance, …
2000-05-31
순천향대학교 하남수
9
2 – Standards in the Smart
Card Industry
2000-05-31
순천향대학교 하남수
10
ISO 7816 -Identificatin CardsICC With Contacts
IS
IS
IS
IS
IS
IS
IS
7816-1:
7816-2:
7816-3:
7816-4:
7816-5:
7816-6:
7816-7:
Physical charactristics
Dimension & location of contacts
Electronic signal & transmission protocol
Interindustry commands
Resistration system for application in IC card
Interindustry data elements
Interindustry commands for Structured
Card Query Language(SCQL)
IS 7816-8: Security architecture and related commands
2000-05-31
순천향대학교 하남수
11
ISO 7816-1
85 mm
Thickness
0.76 mm
54 mm
Phycal characteristic
2000-05-31
순천향대학교 하남수
12
ISO 7816-2
1-VCC Gnd-5
2-Rst
Vpp-6
3-CLK
I/O-7
4-RFU
RFU-8
Dimension & Location
2000-05-31
순천향대학교 하남수
13
ISO 7816-3
Electrical Characteristics
Clock frequency: [1 MHz, 5 MHz]
Communication speed
Transmission Protocols
T=0 and T=1 defined
T=14는 소유자를 위해 예약
Protocol Type Selection
If several protocols supported
Electronic signals &
transmission protocols
Answer-to-Reset
2000-05-31
순천향대학교 하남수
14
Communication Protocols
T=0: asynchronous half duplex character
transmission protocol
One way communication-any command expecting a response
must send a second command to receive the response
T=1: asynchronous half duplex block transmission
protocol
Two way communication-a single command may send and/or
receive data
T=2 to T=13: Reserved for future use
T=14: reserved for protocols not standardized by ISO
Almost all currently available cards follow T=0
2000-05-31
순천향대학교 하남수
15
Scope of ISO 7816-4
Contents of messages
commands
responses
Structure of files and data
Access methods to files and data
Security architecture defining access rights to files
and data
Methods for secure messaging Ensures Interoperability
2000-05-31
순천향대학교 하남수
16
The Application Protocol Data
Unit(APDU)
An APDU contains
A command message
A response message
Command APDU
Response APDU
2000-05-31
순천향대학교 하남수
17
APDU Command
Command Format(ex:Read) without Body
Header
CLA INS P1 P2 Le
Header
CLA: indicates
ISO or Gemplus proprietary command
Secure messanging or not
INS: Instruction code(what type of command ex.Read)
P1, P2: parameters(ex.Read, where in the memory)
Le: Expected length of data to be returend
2000-05-31
순천향대학교 하남수
18
APDU Command
Command Format(ex: Write) with Body
Header
CLA INS P1 P2 Lc
Body(if data for card)
Data
Header
CLA: indicates ISO or Gemplus propritary commands
INS: Instruction code(what type of command. Ex.Write
data to the card)
P1, P2: Parameters, ex: Write where in the memory
Lc: Length of data sent to the card
Body
Data for card
2000-05-31
순천향대학교 하남수
19
APDU Response
Response Format
Body(if data for terminal)
Trailer
Data
SW1,SW2
Body
Optional
Holds the data returned by the card(ex: after Read)
Trailer
Status returned by the card
2000-05-31
순천향대학교 하남수
20
File Organization
Card organized into files
MF-Master File
Root of the file structure
Contains other files
MF
DF-Dedicated File
Contains other files
Can be seen as a directory
DF
EF-Elementary File
Contains data
EF
2000-05-31
EF
순천향대학교 하남수
DF
EF
DF
EF
EF
EF
EF
21
Implementation for Files
Organization
Each file is made of
File descriptor containing information for
File management
Security management
File body
DF
o Optional
o Contains the DF name
EF
o Mandatory
o Contains data stored in the EF
2000-05-31
순천향대학교 하남수
22
ISO 7816-5
Specifies
Numbering system for application identifiers
To identify if a given card contains an application
Resistration procedure for application provider identifiers
AID is used to address an application in the card
Do you contain the
XYZ application?
Yes! Here it is
2000-05-31
순천향대학교 하남수
23
Global Scheme
ISO 7816-1
ISO 7816-2
ISO 7816-5
T=0
Application ID
T=1
ISO 7816-3
Protocol Layer
APDU
ISO 7816-4
ISO 7816-4
Command
2000-05-31
APDU Layer
순천향대학교 하남수
24
3 - Card Life Cycle
2000-05-31
순천향대학교 하남수
25
Card Life Cycle
Initialization
Card associated with issuer
Security features loaded
Initalization
Personalization
Application profile loaded(card
belong to one given application)
Cardholder profile loaded
Personalization
2000-05-31
순천향대학교 하남수
26
Card Personalization
Electronic personalization:
Downloading of data(application & cardholder)
Graphical personalization:
Printing text or artwork on the card body
My name
My name
Making each card unique !
2000-05-31
순천향대학교 하남수
27
End-User Stage
The memory can be accessed according to
rules defined at personalization stage
2000-05-31
순천향대학교 하남수
28
4 - Security
Features
2000-05-31
순천향대학교 하남수
29
Security Scheme
The Smart card is not the only element involved in
the security of an application
Security must be managed for the entire
application
HOST
2000-05-31
READERS
순천향대학교 하남수
CARDS
30
Secret Code
Secret codes are used to protect
Access to files(read, erite, update, …)
Financial functions(read balance, debit, …)
Administrative commands(creat file, …)
A secret code is presented to the card and then
checked by the card
SC #1
SC #1
SC #1 = SC #1
2000-05-31
순천향대학교 하남수
31
Keys
Keys are used by cryptographic algorithms
Cryptosystems use two types of algorithms:
Secret key(e.g.,DES, 3DES)
Public key(e.g.,RSA, DSA)
Keys are used for:
Secure messaging
Computing and verifying certificates/signature
2000-05-31
순천향대학교 하남수
32
DES:Data Encryption Standard
A
DES
B=DES(A,K)
K
B
DES-1
A
2000-05-31
K
Same key Symmetric algorithm
Key must be secret!
Key is 8 bytes long
Originally developed at IBM
Widely used algorithm in the world
A=DES-1(B,K)
순천향대학교 하남수
33
Switching to 3DES
Improvement in computational performance and
crytanalysis techniques
De facto standards is now Triple DES
Triple DES is now endosed by NIST, replacing
DES
DES dose not offer sufficient long-term security
2000-05-31
순천향대학교 하남수
34
Triple DES
A (8bytes)
A
K
DES
(16bytes) B
K
DES-1
A
2000-05-31
DES
Kl
DES
Kr
DES
Kl
3DES=DES
If Kl = Kr
B=3DES(A,K)
K=KlKr
B
(8bytes)
A=3DES-1(B,K)
K=KlKr
순천향대학교 하남수
35
Triple DES implementation
(16-byte result)
Input data(8bytes)
Input data(8bytes)
A(8bytes)
K
(16
3DES_16
Bytes)
B(16bytes)
DES
Kl
DES
Kl
DES
Kr
DES
Kr
DES
Kl
DES
Kl
Left data(8bytes)
Right data(8bytes)
Br
Bl
Used when a result on 16 bytes is required
B=3DES_16(A, K)
=Bl Br
2000-05-31
순천향대학교 하남수
36
Diversfication Process
Card serial Number
Daughter Key
(8 bytes)
(16 bytes)
Diversfication
Using 3DES_16
In the Card
Mother Key
(16 bytes)
In the Terminal
2000-05-31
순천향대학교 하남수
37
참고
www.gemplus.com
www.mondexinternational.com
2000-05-31
순천향대학교 하남수
38