SmartCard by niusheng11

VIEWS: 194 PAGES: 53

									Smartcard Architecture &
  Its Security Functions

          December 9, 2002

            Ting-Ying Wei
            Yaw-Jang Tung

Depart ment of Computer Science and Information,
             Polytechnic University

1. Introduction ……………………………………………… 1
2. Major Applications ……………………………………… 3
3. Developer and Standard ……………………………… 6
4. Physical Structure .………………………………..… 12
5. Security Function ……………………………………… 19
6. Cryptographic Mechanisms ………………..……… 24
7. Attack …………………………………………..………… 27
8. Case Study: Yang-Shieh Schemes …………….…. 30
9. Conclusion ……………………………………………… 38
10. Reference ……………………………………………… 39

Appendix A …………………………………..……………… 41
   Major smartcard manufacturers
   Software Publishers
   PCSC Drivers

Appendix B …………………………………..……………… 43
   Detail attacks methods and theories
   Transformative, or Impersonation, Attacks
1. Introduction

The smartcard is a credit card sized plastic card embedded with an
integrated circuit (IC) chip. It provides not only memory capacity, but
computational     capability    as    well.    The    self-containment      of
smartcardmakes it resistant to attack as it does not need to depend upon
potentially vulnerable external resources. Because of this characteristic,
smartcards are often used in different applications which require strong
security protection and authentication.

For examples, smartcard can act as an identification card which is used
to prove the identity of the card holder. It also can be a medical card
which stores the medical history of a person. Furthermore, the
smartcardcan be used as a credit/debit bank card which allows off-line
transactions. All of these applications require sensitive data to be stored
in the card, such as biometrics information of the card owner, personal
medical history, and cryptographic keys for authentication, etc.

In the near future, the traditional magnetic strip card will be replaced
and integrated together into a single card by using the multi-application
smartcard, which is known as an electronic purse or wallet in the
smartcardindustry.    The smartcard       is   becoming   more    and   more
significant and will play an important role in our daily life. It will be used
to carry a lot of sensitive and critical data about the consumers ever
more than before when compared with the magnetic strip card.
Therefore, there are many arguments and issues about whether or not
the smartcardis secure and safe enough to store that information. This
has always been a source of controversy.

This paper discusses the smartcard’s architecture and it’s security.     First
of all, we will have a look of the physical structure and applications of the
smartcard. Secondly, we will examine how the data is protected through
logical controls over the files in the card. Thirdly, we will discuss how the
smartcardcan provide a secure and authenticated environment for
applications through procedural operation and mechanism. At last,

before we conclude whether the smartcardis secure or not, some of the
available techniques of attacking the smartcardwill be reviewed.

2. Major Applications

A smartcard is a piece of mobile computing device. It can carry digital
money, personal information, and access key on it. Following are some
example for the using of the smartcard in the world.

2.1. Financal

    Digital Stored Value Card - These are payment cards intended to
    be substitutes for cash. Both Mondex and VisaCash are examples of
    this type of system. The card owner is the customer. The terminal
    owner is the merchant. The data owner and the card issuer are both
    the financial institution that supports the system.

    Digital Check Card - This is similar to the card above, except that
    the card owner is the data owner.

    Prepaid Phone Card - These are simply a special-use stored value
    card. The card owner is the customer. The terminal owner, data
    owner, and card issuer are all the phone company.

    Account-based Phone Card - In this system, the smartcarddoes
    not store an account balance, but simply an account number which
    is a pointer into a back-end database. The card owner and data
    owner is the customer, while the terminal owner and card issuer is
    the phone company.

Fig. 2.1. Major credit card company issues smartcard

2.2. Personal Identification

   Personal ID – The smartcard storages detail personal bio
   information. Which can use as personal identification in the
   national or international area. Using as drive license, passport,
   student card, membership card, employee card, etc.

   Biometric    identification.-.A      smartcard       can     save   personal
   biometric information and encrypt the information without been spy.
   Saving medical record and history in the card will help hospital or
   doctor provide better medical treatment.

2.3. Access token:

   Access Token - In this application, the smartcardstores a key
   which is used in a login or authentication protocol. In the corporate
   case, the cardholder is the employee, and the data owner, terminal
   owner, and issuer are likely the company. In the case of a multi-use
   access token, the cardholder and data owner might be the same
   person, while the terminal owner may be a merchant and the data
   owner a financial institution.

   Web Browsing Card - In this application, a customer can use his
   card in his own PC to buy things on the Internet. This is another
   example of a cash card. The difference is that the cardholder and
   terminal owner are both the customer (i.e., the owner of the PC).
   The data owner and card issuer are both the financial institution.

   Digital   Credential     Device      -      In    this     application,   the
   smartcardstores    digital   certificates    or   other     credentials   for
   presentation to another party. Here, the cardholder and the data
   owner are both the same. The terminal owner is either the other
   party (in an in-store application, for example) or the cardholder
   (browsing on the Internet). The card issuer is the CA that issued the
   credentials, or some other party that collects the credentials.

   Key Storage Card - In this application, the user stores various

(possibly verified) public keys in a smartcardto protect them having
to be stored on his less secure PC. Here, the cardholder, the data
owner, and the terminal owner are the same.

Multi-Function Card - This card is the most complicated. The card
manufacturer and card issuer are separate, as are the software
manufacturers. The data owner may be the cardholder for some
applications, and a separate entity for others. There are multiple
terminal owners, depending on which applications are on the card.

3. Physical Structure

3.1. Contactable smartcard

The physical structure of a smartcardis specified by the International
Standards Organisation (ISO) 7810, 7816/1 and 7816/2. Generally it is
made up of three elements. The plastic card is the most basic one and
has the dimensions of 85.60mm x 53.98mm x 0.80mm. A printed circuit
and an integrated circuit chip are embedded on the card. Figure 1 shows
an overview of the physical structure of a smart card.

Fig. 3.1. Contactable smartcard

The printed circuit conforms to ISO standard 7816/3 which provides five
connection points for power and data. It is hermetically fixed in the
recess provided on the card and is burned onto the circuit chip, filled with
a conductive material, and sealed with contacts protruding. The printed
circuit protects the circuit chip from mechanical stress and static
electricity. Communication with the chip is accomplished through
contacts that overlay the printed circuit.

The capability of a smartcardis defined by its integrated circuit chip.
Typically, an integrated circuit chip consists of a microprocessor, read
only memory (ROM), nonstatic random access memory (RAM) and
electrically erasable programmable read only memory (EEPROM) which
will retain its state when the power is removed. The current circuit chip is
made from silicon which is not flexible and particularly easy to break.

Therefore, in order to avoid breakage when the card is bent, the chip is
restricted to only a few millimetres in size.

Table 3.2. Specification of contactable smardcard
Processor                      8/16 bit Microprocessor
Memory                         RAM: 256bytes – 16KB
                               EEPROM: 8KB - 64KB
Certification                  Common Criteria / ITSEC E4 Certified CPU
API and Standards              - PKCS#11 V2.10
                               - Microsoft CAPI
                               - X.509v3 Certificates
                               - SSLv3
                               - ISO 7816 –1,2,3,4 and 5 compliant
Security                       - On-board RSA key generation, Sign /
                               - Automatically detect clock tampering
                               - Support RSA Wrapping/Unwrapping key
Cryptographic Mechanisms       RSA, DES, 3DES, MD5, MD2, SHA-1
EEPROM Duration                100,000+ Rewrite

Fig. 3.2. The IC chip on a contactable smartcard

Furthermore, the physical interface which allows data exchange between
the integrated circuit chip and the card acceptor device (CAD) is limited
to 9600 bits per second. The communication line is a bi-directional serial
transmission line which conforms to ISO standard 7816/3. All the data

exchanges are under the control of the central processing unit in the
integrated circuit chip. Card commands and input data are sent to the
chip which responses with status words and output data upon the receipt
of these commands and data. Information is sent in half duplex mode,
which means transmission of data is in one direction at a time. This
protocol together with the restriction of the bit rate prevent massive data
attack on the card.

In general, the size, the thickness and bend requirements for the
smartcardare designed to protect the card from being spoiled physically.
However, this also limits the memory and processing resources that may
be placed on the card. As a result, the smartcardalways has to
incorporate with other external peripherals to operate. For example, it
may require a device to provide and supply user input and output, time
and date information, power and so on. These limitations may degrade
the security of the smartcardin some circumstances as the external
elements are untrusted and precarious.

3.2. Contactless smartcard

The Contactless Smartcardis a thin, compact card conforming to
ISO/IEC7810ID-1 dimensions. The card surface is made of a PET
material that has little environmental impact when incinerated. An IC
chip and antenna are built into the card. The card itself contains no
battery but operates from low-power electromagnetic signals received
from the reader/writer. The card thus conserves energy and is
exceptionally durable. The card chip contains an 8-bit RISC CPU specially
developed by SONY combining built-in EEPROM, RAM, ROM, encryption
processing and RF function in a single chip.

Table 3.2. Specification of contactless smardcard
Dimensions            85.6 X 54.0 X 0.76mm
Operating frequency   13.56MHz
Communication speed 211Kbps
Memory size           EPROM 1,536 bytes (16bytes X 96 blocks)
                      (of which user memory occupies 1,168 bytes :
                      16 bytes X 73 blocks)

Fig. 3.3. Contactless smartcard

Fig. 3.4. Contactless smartcard

Fig. 3.5. Contactless smartcard’s card reader

Fig. 3.6. A using of the contactless smartcard in an access gate,
such as train, bus, or building

3.3. SIM (GSM) smartcard

The SIM card is using in the Global System for Mobile communication
(GSM). It is a IC chip which similar to the contactable smartcard. The
card saves mobile phone user’s personal account information, such as
phone number and phone book. Also, it storages the mobile phone
service carrier’s security communication information. Without the SIM
card in an GSM cell phone, the phone cannot be activated to receive/dial
any signal phone call.

Fig. 3.7. SIM card, the actual size is 25mm x 15mm.

Fig. 3.8. contactable smartcard’s physical connect point/access

4. Developer & Standard

4.1. Smartcard Operating Systems

There are several operating systems for smartcards in the marketplace
today. Some of the Smartcard have proprietary operating systems, but
there exist a few operating systems with a broader support. Below you
will find a short description, and links to more information, for some of
the most important smartcardoperating systems:

Multos (

      Multos is an open multiapplication operating system made by
      Mondex. Mondex has developed a programming language
      optimized for smartcards, MEL (MULTOS Enabling Language).
      Multos is now being administered by a consortia called MAOSCO.
      The initial members of MAOSCO include American Express, Dai
      Nippon Printing,    Fujitsu, Hitachi, Keycorp,  MasterCard
      International, Mondex International, Motorola and Siemens.

Microsoft Smartcards (

      Microsoft Smartcardoperating system is an operating system
      which is tailored to Microsoft operating systems. Using Microsoft
      SC, the application developer can use Visual Basic to develop
      applications. The smartcardcommunications with a PC (with
      Microsoft operating system) using a specification developed by the
      Personal Computer Smartcard(PC/SC) Workgroup, an industry
      group of PC and smartcardcompanies. The weakness of Microsoft
      SC is that it is designed to be used only together with Microsoft
      operating systems.

4.2. SmartcardApplication Development

JavaCard (

Java Card is a standard for using Java on a smart card. With
Javacard you get much the same benefits of using Java for other

Key benefits using Java Cards are: 1) Platform independent, run
on all cards implementing a Java Virtual Machine independent of
smartcardvendor 2) Multiple applications on one card 3)
Applications can be downloaded when needed, when the card is in
use 4) Flexible programming, using object oriented programming
5) Compatibility with existing standards for smartcards.

A good reference for Java Card is Understanding Java Card 2.0. A
new version, Java Card 2.1 is current on public review. A very
important aspect of Javacard is the        number of available
programmers. The previous proprietary solutions limit the number
of programmers, and potential for future growth.

But while the Java smartcards give flexibility and ease of use, it
has some weaknesses. First of all, this generic approach gives
more overhead, implementing the Javacard Virtual Machine. An
important aspect of Java, is a broad base of libraries. Because of
the limited memory on a smart card, a very small library is
implemented for Javacard, thus reducing the benefit of using Java.
These are serious issues today, but the power of Javacard will

     improve when the capacity of smartcards grows.

PC/SC (SmartCard) Workgroup (

     PC/SC Workgroup is a Windows-PC centric organization
     standardizing the interface between the Microsoft 32 bit operating
     system and the Smartcardvia an attached Smartcardreader. This
     standard is an important basis for the Microsoft Smartcard
     standard. The Javacard can also be used with the PC/SC
     specification, but in contrast with Microsoft SC, the Javacard
     implementation is made independent of operating systems, and
     can be used for other operating systems than 32 bit Windows.

Smart Cards and GSM

     GSM, the European standard for digital cellular communication,
     use Smartcardfor user identity (SIM; Subscriber Identity Module).
     All GSM phones includes a Smart Card, implementing the SIM

     The GSM world has standardized a toolkit for application
     development on the SIM card, SIM Tool Kit (STK). SIM Toolkit
     defines how SIM applications can communicate with the keyboard
     and display of the GSM phone, giving new opportunities. An
     example of what the STK can be used for is shown by the
     Barclaycard phone, where the GSM phone can be used as a bank
     terminal. GEM plus has implemented the technology on the smart

Smart Cards and WAP (Wireless Application Protocol)

     WAP specification version 1.0 was launched in April 1998. One of
     the work items outlined for next phase of WAP was Smart Cards.
     Integrating smartcards into WAP opens for WAP browsers
     communicating with the smartcardfor payment, security handling
     and more. Hopefully this will be integrated into the next version of
     the standard scheduled for spring 1999.

4.3. Organization and Standard

Smartcard is being mass produced and used in the world. Many both
non-profit and profit affair organizations working hard to improve the
usage and security field for the smartcard.   Following tables and lists are
the famous organizations and international standards for the smartcard.

Table 4.1. Organizations
Europay (
JavaCard Forum (
Maosco (
Mondex UK (
Mondex (
OpenCard (
PC/SC Workgroup (
Proton (
SmartCard Club ( Forums for
companies and individuals in the smartcardindustry
SmartCard Forum (
SmartCard Industry Association (
Smartcards in Linux (
Visa CEPS (
Visa Open Platform (

Table 4.2. Resources
Card Technology Page                     Lots of tech smartcard links
CardWeb                                  Payment card information
(                network
Introduction to smartcards               By Steve Petri: How it all works
RSA PKCS                                 Public-Key Cryptography
(       Standards specifications
                                         produced by RSA Laboratories
SmartCard Basics                         Sponsored site of some
(        companies in the industry.
SmartCard Central                        Industry news
SmartCard Development                    Some technical links
SmartCard Search                         Powerful search engine you will
(        see and get
SmartCard Show                      News with a French accent
SmartCard Resource Centre                Amerkore - news and
(             commercial links                A Frequently Asked Questions
(        list (FAQ) for smartcards

List 4.1. International Organization for Standardization (ISO)
documents relates to contactable smartcard standards

  ISO/IEC 7816-1:1998 Identification cards -- Integrated circuit(s)
  cards with contacts -- Part 1: Physical characteristics
  ISO/IEC 7816-2:1999 Information technology -- Identification
  cards -- Integrated circuit(s) cards with contacts -- Part 2:

Dimensions and location of the contacts
ISO/IEC 7816-3:1997 Information technology -- Identification
cards -- Integrated circuit(s) cards with contacts -- Part 3: Electronic
signals and transmission protocols
ISO/IEC 7816-3:1997/Amd 1:2002 Electrical characteristics
and class indication for integrated circuit(s) cards operating
at 5 V, 3 V and 1,8 V
ISO/IEC 7816-4:1995 Information technology -- Identification
cards -- Integrated circuit(s) cards with contacts -- Part 4:
Interindustry commands for interchange
ISO/IEC 7816-4:1995/Amd 1:1997 secure messaging on the
structures of APDU messages
ISO/IEC 7816-5:1994 Identification cards -- Integrated circuit(s)
cards with contacts -- Part 5: Numbering system and registration
procedure for application identifiers
ISO/IEC 7816-5:1994/Amd 1:1996
ISO/IEC 7816-6:1996 Identification cards -- Integrated circuit(s)
cards with contacts -- Part 6: Interindustry data elements
ISO/IEC 7816-6:1996/Cor 1:1998
ISO/IEC      7816-6:1996/Amd          1:2000      IC    manufacturer
ISO/IEC 7816-7:1999 Identification cards -- Integrated circuit(s)
cards with contacts -- Part 7: Interindustry commands for Structured
Card Query Language (SCQL)
ISO/IEC 7816-8:1999 Identification cards -- Integrated circuit(s)
cards with contacts -- Part 8: Security related interindustry
ISO/IEC 7816-9:2000 Identification cards -- Integrated circuit(s)
cards with contacts -- Part 9: Additional interindustry commands and
security attributes
ISO/IEC 7816-10:1999 Identification cards               -- Integrated
circuit(s) cards with contacts -- Part 10: Electronic signals and answer
to reset for synchronous cards

List 4.2. International Organization for Standardization (ISO)
documents relates to contactless smartcard standards

  ISO/IEC 14443-1:2000 Identification cards -- Contactless
  integrated circuit(s) cards -- Proximity cards -- Part 1: Physical
  ISO/IEC 14443-2:2001 Identification cards -- Contactless
  integrated circuit(s) cards -- Proximity cards -- Part 2: Radio
  frequency power and signal interface
  ISO/IEC 14443-3:2001 Identification cards -- Contactless
  integrated circuit(s) cards -- Proximity cards -- Part 3: Initialization
  and anticollision
  ISO/IEC 14443-4:2001 Identification cards -- Contactless
  integrated circuit(s) cards -- Proximity cards -- Part 4: Transmission

5. Security Function

After a smartcardis issued to the consumer by the application provider,
the protection of the card will be controlled by the application operating
system mainly. Physical addressing mode of accessing data is no longer
available. Access of data has to be done through the logical file structure
on the card. This section will discuss how the operating system
accomplishes the security protection of the data stored on the card by
examining the logical file structure and the corresponding access
controls of a smart card.

5.1. Logical File Structure

In general, in terms of data storage, a smartcardcan be viewed as a disk
drive where files are organised in a hierarchical form through directories.
Similar to MS-DOS, there is one master file (MF) which is like the root
directory. Under the root, we can have different files which are called
elementary files (EFs). We can also have various subdirectories called
dedicated files (DFs). Under each subdirectory will be elementary files
again. The main difference of a smartcardfile structure and a MS-DOS file
structure is that dedicated files can also contain data. Figure 2 shows
logical view of a smartcardfile structure.

Fig 5.1. Logical file structure of smartcard

In smartcardterminology, the root or master file (MF), besides the
header part which consists of itself, the body part contains the headers of
all of the dedicated files and elementary files which contain the MF in
their parental hierarchy. The dedicated file (DF) is a functional grouping
of files consisting of itself and all the files which are immediate childs of
the DF. The elementary file (EF) simply consists of its header and the
body which stores the data.

The ways that the data is managed within a file differ and are dependent
on different operating systems. Some of them may manage the data
simply by offset and length, while the others may organise data in fixed
or variable lengths of records such as Global System for Mobile
Communication (GSM) system. In any cases, the file must be selected
before performing any operations. This is equivalent to opening a file.

The logical access and selection mechanisms are activated after the
power is supplied to the card while the master file is selected
automatically. The selection operation allows movement around the tree.
It can be descending by selecting an EF or a DF, or it can be ascending by
selecting a MF or DF. Horizontal movement can be done by selecting an
EF from another EF as well.

After the success of selection, the header of the file can be retrieved,
which stores the information about the file such as identification number,
description, types, size, and so on. Particularly, it stores the attribute of
the file which states the access conditions and current status. Access of
the data in the file depends on whether those conditions can be fulfilled
or not. This will be described in the following section.

In short, the file structure of the smartcardoperating system is similar to
other common operating systems such as MS-DOS and UNIX. However,
in order to provide greater security control, the attribute of each file is
enhanced by adding accessing conditions and file status fields in the file
header. Moreover, file lock is also provided to prevent the file being

accessed. These security mechanisms and algorithms provide a logical
protection of the smart card.

5.2. Access Control

The smartcardaccess control system covers file access mainly. Each file
is attached by a header which indicates the access conditions or
requirements of the file and the current status as well. The fundamental
principle of the access control is based on the correct presentation of PIN
numbers and their management.

5.2.1. Levels of Access Conditions

Primarily, the access conditions of a file can be defined into the following
five levels. Some of the operating systems may offer more than these
depending on the application they provide.

   Always (ALW): Access of the file can be performed without any

   Card holder verification 1 (CHV1): Access can only be possible
   when valid CHV1 value is presented.

   Card holder verification 2 (CHV2): Access can only be possible
   when valid CHV2 value is presented.

   Administrative (ADM): Allocation of these levels and the respective
   requirements for their fulfilment are the responsibility of the
   appropriate administrative authority.

   Never (NEV): Access of the file is forbidden.

Those condition levels are not hierarchical. For instance, correct
presentation of CHV2 does not mean that access of file is allowed, which
requires presentation of CHV1. During the operation, corresponding
requirements have to be fulfilled before the selection of the file. For
example, correct CHV1 value has to be presented if it is the access
condition of a file.

5.2.2. PIN Presentations
The PINs are normally stored in separate elementary files, EFCHV1 and
EFC HV2 for example. Use of the access conditions on those files can
prevent the PINs from being changed. The PIN can be changed by issuing
the change PIN instruction together with the new and old PIN. However,
for most of the smartcardoperating systems, the corresponding PIN will
be invalidated or blocked when a fixed number of invalid PINs are
presented consecutively. The number of times will vary with different

At this moment, all the files require that PIN will be blocked and
unaccessible. Unblocking has to be carried out with the knowledge of the
correct PIN and a specific unblocking PIN stored in the card. Still, if an
invalid unblocking PIN is presented consecutively and up to a particular
number of times, the unblocking PIN will be blocked as well. Then both of
the PIN and the unblocking PIN will be invalidated and are no longer to
be restored. This is called an irreversible blockage. Some of the systems
may even invalidate the whole card in order to prevent further attacks.

5.2.3. PIN Management

To achieve the protection and blockage of the PINs mentioned above,
two counters have to be implemented for each of the card holder
verification numbers (CHVs). The counters are composed in such a way
that any possible errors in writing or erasing will be avoided, which could
adversely affect the access control on the card. There are three states in
the management of the PIN which are described below.

   1. PIN has been presented:

      Files or functions which have PIN presentation as a pre-requisite or
      condition can be carried out. Every time the PIN is presented
      correctly, the PIN counter will be reset to the maximum number of
      tries, three for example.

   2. PIN has not been presented or was presented incorrectly:

      The PIN counter will be decremented by one after each incorrect
      PIN was presented. All the operations or instructions which require
      PIN presentation will be invalidated. If the PIN counter reaches
      zero, then the PIN will be blocked.

   3. PIN is blocked:

      In this state, all the operations require PIN presentation and even
      the PIN presentation instruction itself is blocked. Unblock PIN
      instruction has to be carried out. If correct unblocking PIN is
      presented, the PIN counter will be reset to the maximum number
      of tries and backed to the first state. However, if invalid unblocking
      PIN is presented, the unblock PIN counter will be decremented by
      one and when this counter reaches zero, the PIN can never be
      unblocked again.

Summing up the file structure and access control the smartcardprovided,
data stored on the card can be protected either individually by setting
access conditions in the header of each file or hierarchically by grouping
files together under a single dedicated file (DF) with access conditions
set on it. Furthermore, the irreversible blockage gives maximum
protection to the card so that enormous intrusions are impossible

6. Cryptographic Mechanisms

6.1. Encryption algorithms

There are a large number of encryption algorithms which can be use in
the smartcard’s security encryption. The most widely methods include:

    DES - Data Encryption Standard was developed more than 15 years
    ago, and is one of the most respected algorithms. It has withstood
    most attempts to crack it, and currently exists in a number of

    CRYPT(3) - A version of DES for UNIX systems.

    RC2/RC4 - This algorithm has a variable key size. It was developed
    by Ron Rivest for RSA Data Security, Inc. RC is short for “Ron’s Code”.
    The algorithm itself has never been made public.

    IDEA - This encryption algorithm works on 64 bit blocks containing
    data previously divided into four sub-blocks. Encryption then takes
    place, and the blocks are combined in different ways.

    RSA - Ron Rivest, Adi Shamir and Leonard Adleman introduced this
    algorithm in 1978, and it remains one of the strongest encryption
    algorithms in use. RSA uses shared and private keys for
    encryption/decryption. However, RSA is a slow algorithm - at it
    fastest it is 100 times slower than DES in software.

    SNEFRU - This is a one-way hash algorithm designed by Ralp
    Merkle. Thehash function converts incoming data to 128 or 256 bit

    MD2 - A one-way hash function designed by Ron Rivest. The
    function produces a 128 bit hash value from incoming data.

    MD4 - A one-way hash function designed by Ron Rivest. MD means

    Message Digest, and creates a 128 bit hash value from incoming

    MD5 - MD5 is a further development of MD4, and also creates a 128

    SHA - Secure Hash Algorithm, developed by the National Institute
    of Standards and Technology with the National Security Agency.
    SHA is very similar to MD4.

    RIPE-MD - A version of MD4. It was developed by the EU's RAC

    HAVAL - A one-way has function with variable length.

    SKIPJACK - A top secret algorithm for Clipper and Capstone
    (encryption chips). The code and algorithms are known only by
    highly cleared US Government and contractor personnel.

    DFFIE-HELLMAN - The first public key algorithm created. The
    algorithm can be used for distributing keys.

    XOR - There are a large number of XOR encryption algorithms. They
    areamong the simplest, and a very fast.

    BLOWFISH - A type of XOR encryption, but much stronger.

6.2. Encryption method

All of the information/data which in the smartcard is encrypted by above
encryption algorithms. More over, the card issuer/manufacturers use
kind of scrambled method.    It is to mix-up more than one encryption
algorithms to encryption the same data block.

The following table shows the encryption way that a company using in its
smartcard product:


Sign & Verify

Key Generation

Symmetric Key Encryption and Decryption

Generic Public Key Operation

7. Attack

As discussed in all above, the smartcardseems to be a superior tool for
enhancing system security and provides a place for secure storage. One
of the security features provided by most of the smartcardoperating
systems, which is not mentioned in this paper, is the cryptographic
facilities. They provide encryption and decryption of data for the card;
some of them can even be used to generate cryptographic keys.

The secret of the cryptographic algorithm, the keys stored, and the
access control inside the smartcardbecome the targets of attackers.
Nowadays many companies and cryptographers claime to be able to
break the smartcardand its microcontroller. Some of them perform
logical non-invasive attacks, some of them attack the card physically
while others just prove their success by mathematical theorems.

We will review the first two briefly and examine how the attacks are
achieved. For the third one, since their attacks are theoretical and relate
to a lot of complicated mathematical calculations and formulas which are
outside the scope of this paper, it is not discussed here.

7.1. Logical Attacks

As all the key material of a smartcardis stored in the electrically erasable
programmable read only memory (EEPROM), and due to the fact that
EEPROM write operations can be affected by unusual voltages and
temperatures, information can be trapped by raising or dropping the
supplied voltage to the microcontroller. In the report of "Tamper
Resistance - A Cautionary Note" by Ross and Markus (1996), several
examples of attacking the smartcardmicrocontroller by adjusting the
voltage are provided.

For example, a widely known attack of PIC16C84 microcontroller is that
the security bit of the controller can be clear with erasing the memory by
raising the voltage VCC to VPP - 0.5V. An attack on DS5000 security
processor is another example. A short voltage drop can release the
security lock without erasing the secret data sometimes. Low voltage

can facilitate other attacks as well, such as an analogue random
generator used to create cryptographic keys will produce an output of
almost all 1’s when the supply voltage is lowered slightly.

For these reasons, some security processors implemented sensors which
will cause an alarm when there is any environmental changes. However,
these kinds of sensors always causes false alarm due to the occurrence
of fluctuations when the card is powered up and the circuit is stabilising.
Therefore this scheme is not commonly used.

7.2. Physical Attacks

Invasive physical attacks are typical. Before this kind of attack can be
performed, the circuit chip has to be removed from the plastic card. This
can be done by simply using a sharp knife to cut away the plastic behind
the chip module until the epoxy resin becomes visible. And then the resin
can be dissolved by adding a few drops of fuming nitric acid (>98%
HNO 3). The acid and resin can be washed away by shaking the card in
acetone until the silicon surface is fully exposed. Ultimately the chip can
be examined and attacked directly.

Fig. 7.1. Physical damage a smartcard and took the IC chip from
the card’s plastic carrier

At Cavendish laboratory in Cambridge, a technique is developed for
reverse engineering the circuit chips. The layout and function of the chip
can be identified using that technique. Then another technique
developed by IBM can be used to observe the operation of the chip. As a
result its secret can be fully revealed.

Fig. 7.2. A diagram shows the method to connect a smartcard’s
IC chip and seek data from the chip

Besides this, there are many different ways to perform physical attacks.
For instance, erasing the security lock bit by focusing UV light on the
EPROM, probing the operation of the circuit by using microprobing
needles, or using laser cutter microscopes to explore the chip, and so on.
However, these kinds of attacks are only available for well funded
laboratories as the costs associated are considerably high.

8. Case Study: Yang-Shieh Schemes

8.1. Introduction

The recent, rapid progress of network is causing more and more
computers to connect to share information and system resources. The
network has brought convenience to the people as well as the potential
threat of security problems, which is the reason that the topic of security
and authentication are almost the center of focus for the study of
computer network today.

The basic requirement for securing a network system is to keep the
information secret and to authenticate the communication entries. In
order to achieve this goal, many authentication mechanisms have been
developed, such as the finger printer reader, face image device, and
voice-recognition device and so on. However, none of these mechanisms
are cost effective or suitable for open network system. Thus, a simple
and efficient authentication mechanism is required for securing the
network   system    in the    real   environment.   For    this   reason,    a
password-based authentication mechanism, which has been the most
common technique to provide the authentication for a long time, is
developed   for   securing   the     network   system.    In   general,     the
password-based authentication mechanism provide the basic capability
to protect users' privacy and to prevent unauthorized access. The cost
for implementing such mechanism is also considerably lower. Based on
all the reasons presented above, password authentication mechanism is
more acceptable and suitable for users in the open network system.

In the conventional password authentication schemes, each user has an
identity (ID) and password (PW). If a user requests to login the
network system, he has to enter his ID and PW in the network system.
Upon receiving the login request, the network system searches t he
verification table to verify if the submitted ID and PW is legal or not. In
this stage, user's PW is transmitted in plaintext form. Thus, the intruder
can easily acquire the PW from the network line. Due to this reason, this
vulnerability threatens to reveal the PW or the modifying the verification

table by the malicious intruder. Then the intruder may masquerade as
legal user to login the network system without registration. Thus it's
dangerous for both legal users and network system.

In order to solve this problem of password transmitted or stored with
plaintext form, it's necessary to encrypt the password or verification
table by using some cryptographic techniques. Hence, the schemes have
already been proposed to solve this problem. These schemes often apply
a one-way function to password and stored the encrypted password in
the verification table. Although it solves the problem of the password
stored in verification table with plaintext form, the contents of
verification table maybe vulnerable to the modifying attacks and the
interpolating attacks if the protective mechanism for verification table is
not complete. If a legal encrypted password is modified, it will reject a
legal user from logging into the system and forces the legal user to have
to register for the system again. So it still cause serious problem for the
security of user and network system. Thus, several authentication
protocols have been proposed. These authentication protocols use a
trust third party to store the verification table and ensure the
authentication and secrecy in the network system. However, the
modifying attack to verification table still exists in theses protocol.

In order to eliminate the drawback of using the verification table, some
enhancement have been proposed. These schemes adopt the concept of
ID-based signature scheme in conjunction with smart cards. The concept
of ID-based signature scheme is to use the well-known public key
encryption algorithm RSA as the kernel of authentication scheme.
Moreover, the advantages of ID-based signature scheme are described
as follows:

1. No secret keys or public keys are needed to exchange.
2. The public key directory table is not required.
3. The third trusted party is not needed in the authentication scheme.

Moreover, the use of smart card provides a fine authentication solution
because smart card is regarded as a temper-resistant hardware device.

In addition, it has great function to perform the complex computation
required for cryptography. For the above reasons, the combination of
password authentication scheme with smart card provides an elegant
solution for the open network and also gives a developed direction for
password authentication scheme in the future. However, the scheme
based on ID-based signature generally has the weakness of a fixed,
assigned ID for users' secret key or password, which is nonflexible after
registration. If a user's password or secret key is compromised
accidentally, he must re-register for a new ID to obtain a new password
or secret key.

From the users' vision, it's inconvenient and impractical. At the same
time, the concept of timestamp must be employed to protect the
authentication scheme against replaying attack. Hence, some of these
schemes can't perform the authentication for users completely.
Moreover, the approach of no changing password is against users' habit.
From the users' vision, it's neither suitable nor convenient for the real
network system environment.

Recently, there are several password authentication scheme with smart
card proposed. The concept of timestamp has been used to prevent
replaying attacks in these schemes. Some of these schemes permit
users to freely choose and change their own passwords. Although these
schemes succeeded to eliminate the weakness of unchangeable
passwords,   the   schemes    can't    withstand the   replaying   attacks
completely. Through the above, we found out that the increasing amount
of security problems that are surfacing with advance of science and
technology. Hence, how to design a perfect password authentication
scheme is an intricate issue bounded by obstacles. Later, I'll introduce a
basic password authentication schemes with smart cards.

8.2. Basic Background

The following example will give us a basic understanding about the
password authentication.

Bob want to be a legal user of network system. Firstly, he can obtain a
legal IDb and PWb after registering for the system. Latter Bob can apply
some cryptographic technique E(.) to his PW b and then submit encrypted
message with his IDb to system if he wants to login. Upon the receipt of
login request, system decrypts the message via D(.) and check if the
submitted IDb and PW b is valid or not by searching the verification table.
If it is valid then Bob is allowed to login. Otherwise, the login will be


 C={ IDb, E(PWb)}                                    Verification Table
                                                         ID        PW
                             System                     ID1       PW1
                                                        ID2       PW2
                    C’={ IDb, D(E(PWb))}
                                                         .          .
                                                         .          .
                                                         .          .

8.3. Yang-Shieh Scheme

Yang-Shien scheme include two kinds of schemes: one is the
timestamp-based password authentication, the other is the nonce-based
password authentication scheme.

The timestamp-based password authentication scheme is adaptable to
network environment with synchronized system clocks, such as the local
area network. There are three phases to perform the secure network
access: the registration phase, login phase and verification phase.
Furthermore, a changing password is included.

8.3.1. Registration phase

In the registration phase, the key information center(KIC) is responsible
for generating necessary parameters and issuing smart cards for the
request registration users. We denote the ith users as U i with IDi and Pwi.
To be a legal user, he will send IDi and PW i to KIC in a secure manner.
Firstly, the KIC will perform the following steps:

1. Two prime numbers p and q are needed to generate a number n=p*q
2. e is chosen and d is computed to satisfy the following relation.

           e*d            (mod(p-1)(q-1) )          =1

3. A generator g is chosen.

           Si =    IDid   mod(n)          ;    hi=g   pwi d
                                                         *    mod(n)

Si is the secret information and n, e, g,IDi,CIDi, Si, hi, are parameters of
the system. The KIC will issues users U i a smart card with the
parameters listed above.

8.3.2. Changing Password Protocol

In changing password protocol, users can change and choose their
password freely though the assistance of the KIC after registration. If the
user want to change his password, the following steps will be performed.

1. Ui choose a new password PW i" and sends PW i" along with his smart
card to the KIC in a secure manner.

2. Upon the reception of U i's smart card and new password PW i", the KIC
will calculate a new hi' as:

                                          PWi* *d
                               hi’ = g

here the value of is kept by KIC

3. KIC writes new hi' into smart card to replace the original one.

Because only KIC knows, users must call for the assist of the KIC to
change password.

8.3.3. Login Phase

In login phase, the user U i request to login a remote host by inserting his
smart card and entering his IDi’ and PW i’ . If the IDi’ matches IDi which is
held in the smart card, the smart card will perform the following steps:

1. Choose a random number ri to generate Xi and Y i:

 Xi= g ri*PWi                mod(n)
 Y i= Si*hi ri*f(CIDi,T)   mod(n)

Here T is used as the timestamp and f(x,y) is a one way function.

2. Send message M that contains, IDi, CIDi, n, e, Xi, Y i, g and T to the
remote host.

8.3.4. Verification Phase

In the verification phase, the remote host verifies the validity of the user
by checking if U i can pass the following process.

1. Verify if the IDi and CIDi are valid or not. If not, reject the login.

2. Verify if the difference between T and T' is over the legal period or not,
where T' is the time when the message M arrives at the remote host.

3. Verify if the following equation holds:

                 Y ie=IDi*Xi   f(CIDi,T)

If the equation holds, the user is verified.

8.3.5. Discussion

After get the basic understanding from Yang-shieh scheme, I found that
the scheme still has an drawback that is the risk of revealing the secret
information sent to KIC. On the other hand, it means that the scheme
also need extra communication cost to change the password remotely.
So I went to read some papers and finally I found the g d is not
necessary for KIC to protect. And actually, the gd can be gotten by any
user easily. If the users can get the gd easily and the gd is not necessary
for KIC to protect, it means that users can change their password directly
without any assist from KIC. So we can say that anyone can't forge a
valid smart card with the knowledge of g d because           Si (= IDidmod(n)) in
the smart card must be calculate by KIC on account of d which is secret
for users. In addition, the risk of revealing secret information between
the transmission link of users and KIC is eliminated while changing
password locally. By focusing on efficiency, the communication cost is
reduced between users and KIC while changing password locally. The
proof of unnecessary of protecting gd. I list the proof in the following:

By Euclid's theorem, we can obtain two integer a and b such that

                         aPW 1 +bPW 2 =1

from a and b, gd(mod(n)) can be obtained as follows

                   h1a * h2b = g    a*PW1*d
                                              *g   b*PW2*d

                              =gd     mod n

8.3.6. Improvement

According to our observation, we can define a new changing password
protocol. If U i wants to change his password and choose a new one, he
must insert his smart card into a terminal and key in his IDi’ and original

password PWi’ . If the IDi’ matches the IDi which is kept in the smart
card, these steps should be done as following:

1. The smart card must use g d and PW i’ to compute hi’. If hi’ matches hi
stored in the smart card, then keep on the procedure. Otherwise, reject
the request of changing password.

2. User   U i submits a new password PW i*, and then the smart card
calculates a new hi* as :

               hi*=gd* PW*   mod(n).

3. The original hi would be replaced by the new one then can use the new
password to login the network system.

According to the new password changing protocol, we must store both gd
and hi in the smart card. Although we have proven that it's not necessary
to keep gd as a secret, but it still have to be protected from being
modified. The gd must be protected and unmodifiable in the smart card
to a successful authentication. It follows that users don't need the KIC
assistance while changing their passwords.

9. Conclusion

Smartcard is a power carrier for digital information. It not only provide
strong security to protect digital data; but it also simple and easy enough
for common person to carry and use in the world. Digital cash card ( to
replace old credit card), prepaid card, and personal ID are the card’s
opportunity in the market.

By the way, up to today, there is no one really break smartcard’s security
and take any piece information from it.    Therefore, the smartcard is an
ideal piece to replace the common drive license and credit card. In the
future the IC chip in the smartcard will be enhanced – larger memory
size and more powerful processor.    Soon, the smartcard can carry more
job without any extra help.

10. Reference

1. Bruce Schneier and Adam Shostack, “Breaking Up Is Hard To Do:
   Modeling Security Threats for Smart Cards”, Oct. 19, 1999
2. Bo Lavare's Smartcard security page,
3. IC Card Technology Co.,
4. Yu-Chan Wu, “A Study of Password Authentication Scheme with
   Smart Cards and Its Application”, January 2002
6. “American Express Licenses SmartcardMultiple Application
  Framework to Leading Industry players”,
7. Chan, Siu-cheung Charles, “An Overview of SmartcardSecurity”,
  x.html, August 17, 1997
8. DigiCrypto Co.,
9. Chan, Siu-cheung Charles, “Electronic Smart Passport/Visa”,
  ml, August 17, 1997
10. Chan, Siu-cheung Charles, “Infrastructure of Multi-Application
   Smart Card”,
   ard/index.html, August 17, 1997
11. “Your key to 21st Century ---Smartcard”,
12. “Inside Smart Cards”,
13. Sony Contactless Smartcard System
14. Ross Anderson and Markus Kuhn, “Tamper Resistance – a Cautionary
15. Ross J. Anderson, “Tamperproofing of Chip Card”,

  PUBLICATION, January 11, 1994
17. "French banking smartcard cracked : the story!”,
18. “Why Smartcard?”,;jsessionid=
19. "A Frequently Asked Questions list (FAQ) for",

                               Appendix A

Major smartcard manufacturers
2-Tel (
Advanced card Systems Ltd (ACS) (
American Microdevice Manufacturing, Inc (AMMI)
Activcard (
Alcor Micro Inc (
Athena Smartcard Solutions (
BasicCard (
Bull CP8 (
C3PO (
CardLogix (
Cherry GmbH (
Darfon (
General Information Systems (GIS) (
Gemplus (
Giesecke & Devrient (
Hagiwara (
Hitachi (
Incard (
Infineer (
Ingenico (
Ingenico (
Innolab (
Innovonics (
JS Digitech (
Jaeik Information & Communication Co. Ltd. (
Kobil (
LabCal (
Litronic (
Microsoft Windows for Smartcards
( (

Network Security Technology Co. (NST) (
Oberthur (
Omnikey (
Orga (
Rainbow (
SCM Microsystems (
Schlumberger Cyberflex (
Schlumberger (
Smart Silicon Systems (
SmartDisk (
Spyrus (
Tai Hao (
Todos (
Towitoko (
Utimaco (
VeriFone (
Zeitcontrol (

Software Publishers
Aspects Software (
Fischer International (
Pipistrel Software (

PCSC Drivers
CardMan drivers (
GemPlus Drivers
Intertex drivers (

                               Appendix B

Here is the resource regarding to the attack to the smartcards which I
collected recently.

Resource: Bruce Schneier and Adam Shostack, “Breaking Up Is Hard To
Do: Modeling Security Threats for Smart Cards”, Oct. 19, 1999

7.3. Detail attacks methods and theories

7.3.1. Attacks by the Terminal Against the Cardholder or Data

These are the easiest attacks to understand. When a cardholder puts his
card into a terminal, he is trusting the terminal to relay any input and
output from the card accurately. For example, if a user puts a stored
value card into a vending machine and makes a $1 purchase, he is
relying on the terminal to send a \deduct $1" message to the card, and
not a \deduct $10." Similarly, when the card sends a message to the
cardholder that says \balance = $1," the cardholder is relying on the
terminal's screen to relay that message accurately. The ability for a
rogue terminal to do damage in this environment is significant, and it is
impossible for the cardholder to detect this kind of fraud in the context of
a single terminal. This kind of fraud has been attempted using fake ATM

Prevention mechanisms in most smartcardsystems center around the
fact that the terminal only has access to a card for a short period of time.
Software on the card could limit the amount of damage a rogue terminal
could do. A stored-value card could, for example, only allow the terminal
to deduct $1 maximum per transaction, and to perform no more than
one   transaction   every   minute.        However,   there   are   prevention
mechanisms that involve having the user own the smartcardterminal,
such as one attached to a personal computer. The real prevention
mechanisms, though, have nothing to do with the smart card/terminal
exchange; they are the back-end processing systems that monitor the

cards and terminals, and suspicious behavior.

7.3.2. Attacks by the Cardholder Against the Terminal

More subtle are attacks by the cardholder against the terminal. These
involve fake or modified cards running rogue software, with the intent of
subverting the protocol between the card and the terminal.

Good protocol design mitigates the risk of these kinds of attacks, which
can be made more difficult by hard-to-forge physical aspects of the card
(e.g., the hologram on Visa and MasterCard cards), which can be
checked by the terminal owner manually. Note that digital signatures on
the software are not effective here since a rogue card can always lie
about its signature, and there is no way for the terminal to peer inside
the card. Defending against this kind of attack requires another function
split: the cardholder must not be able to manipulate the data inside the

7.3.3. Attacks by the Cardholder Against the Data Owner

In many smart card{based commerce systems, data stored on that card
must be protected from the cardholder. In some cases, the cardholder is
not allowed to know that data. A building access card, for example, could
have a secret value inside the card; knowledge of this value could allow
the cardholder to make additional access cards. Or knowledge of a secret
key in an electronic commerce card could allow the cardholder to make
fraudulent transactions. In other cases, the cardholder is allowed to
know the value, but not allowed to change it. If the card is a stored-value
card, and the user can change the value, he can effectively mint money.

There are two essential characteristics of these attacks. One, the card
must act as a secure perimeter, preventing the cardholder from
accessing the data inside the card. In this context, the card may need to
be fairly confident that it will detect and respond to attacks with a
minimum of control over its environment. And two, the attacker has
access to the card on his own terms. He is allowed to take the card into

his laboratory and perform whatever experiments he wants to. He is
allowed to take cards and destroy them in order to learn how they work.
There have been many successful attacks against the data inside a card.
These    attacks  include    reverse-engineering     and     defeating
tamper-resistance, fault analysis, and sidechannel attacks such as
power and timing analysis. These attacks have been particularly
effective against pay-TV access cards, and have been used against
digital cellular telephone access cards. They are starting to be used
against stored-value cards for electronic commerce.

7.3.4. Attacks by the Cardholder Against the Issuer

There are many financial attacks that appear to be targeting the issuer,
but this may be illusory. In fact, the attacks are targeting the integrity
and authenticity of data or programs stored on the card. These attacks
are made possible by the issuer's decision to use a smartcardsystem
where the cardholder holds data for the issuer or other party. Using the
pay telephone application as an example, if the phone were to use an
account-based system, where a simple card holds a very long account
number that is used by the phone company to dereference an account
stored on a back-end system, then there are account guessing and theft
attacks based on the numbers. This sort of system can be enhanced by
adding a challenge/response or inverted hash chain mechanism for
sending replay resistant passwords. This makes strong use of a simple
smartcardin conjunction with a back office{managed authorization
scheme to resist fraud. If the card issuer chooses to put bits that
authorize use of the system in the card, they should not be surprised
when those bits are attacked. These bits could be \authenticated"
account numbers, or it could be a system with a key buried within the
card, on the assumption that this key cannot be extracted, and proper
completion of the protocol indicates that the card has not been tampered
with. These systems all rest on the questionable assumption that the
security perimeter of a smartcardis sufficient for their purposes.

7.3.5.   Attacks   by   the    Cardholder     Against    the   Software

Generally, in systems where the card is issued to an assumed hostile
user, the assumption exists that the card will not have new software
loaded onto it. This is enforced by the use of pre-issuance stages with
various   one-way    transformations     being   employed   by   the   card
manufacturer to ensure that the software is not tampered with. The
underlying assumption may be that the split between card owner and
software owner is unassailable, and relies on the separation being strong.
However, attackers have shown a remarkable ability to get the
appropriate hardware sent to them, often gratis, to aid in launching an

7.3.6. Attacks by the Terminal Owner Against the Issuer

In a system closed to outsiders, such as some prepaid telephone cards,
the terminal owner is also the card issuer (the phone company has both
roles). In some more open systems, like Mondex, the terminal owner is
the merchant and the card issuer is Mondex. The latter split introduces
several new attacks.

The terminal controls all communication between the card and the card
issuer (generally the back-end of the system). In this system, the
terminal can always falsify records that have nothing to do with the
smart card, refuse to record transactions, etc. The terminal can also fail
to complete one or more steps of a transaction to facilitate fraud or
create customer service difficulties for the issuer. By failing to complete
the action of debiting a card, a terminal can cheat the issuer, or by
completing a transaction and not offering service (i.e., a pay phone) can
create a service nightmare.

These attacks are not related to the smartcardnature of the system, and
are simply attacks against the relationship between the terminal owner
and the card issuer. Some systems try to mitigate this threat by having
the card and back-end computer make a secure connection through the
terminal. Many systems use monitoring on the back end to reduce the
effectiveness of these attacks.

7.3.7. Attacks by the Issuer Against the Cardholder

In general, most systems presuppose that the card issuer holds the best
interests of the cardholder at heart. This is not necessarily the case, and
a malicious issuer can launch several attacks against cardholders.

These attacks are typically privacy invasions of one kind or another.
Smartcardsystems that serve as a substitute for cash must be designed
very carefully to maintain the anonymity and unlinkability that are a
property of cash money. Attacks or design failures can substantially
reduce the privacy of the system. Alternately, a system may be sold as
having more privacy than it in fact offers, allowing the issuer to gather
data surreptitiously about the cardholders.

Features introduced into the card as the system matures may alter initial
characteristics of the system with substantial impact on the privacy of
the system. This can count as an attack by the issuer because the
cardholder is rarely asked or able to discern the security impact of a
change to the system made by the issuer. These changes are often not
optional from the customer's viewpoint; the only choices are to accept
the upgrade or leave the system. Lastly, this type of attack may be
carried out by the issuer, or by the hardware or software designer, in
collaboration with terminals, without the knowledge or consent of the

7.3.8. Attacks by the Manufacturer Against the Data Owner

Certain designs by manufacturers may have substantial and detrimental
effects on the data owners in a system. The design of secure multi-user
computers is a challenging one, and the security model to use to
establish a secure kernel that offers processes protection from each
other is not a solved problem. By providing an operating system that
allows or even encourages multiple users to run programs on the same
card, a number of new security issues are opened up.

The first, and most obvious, is subversion of the operating system and
subsequently other programs. This is an area where mainstream
operating system manufacturers have failed to provide adequate
protection for the last thirty years. The vendors who have announced
smartcardoperating systems recently do not have enviable records.
However, even if the smartcardoperating system can be made secure,
issues of user interface security remain and are exacerbated by the
smart card's handicaps. How is the user (or the designer) to know what
program is running when the card is inserted into a terminal? How to
ensure that your program is talking to the terminal, and not through
another program? How can a program that believes itself compromised
terminate safely, and signal outward the cause for its demise? Or should
it even try; what interesting attacks might become possible if a card
announces its own imminent suicide? Can the card ensure that once such
a message is sent the action of destroying its memory is completed, in
the presence of a possibly hostile power supply?

Less obvious would be intentionally poor random number generators, or
other aspects of cryptographic implementation that are difficult and
arcane areas to test. The manufacturer is in an admirable position to
engage in kleptographic attacks. Of the major smartcardvendors, none
has an admirable record of creating operating systems that were free of
exploitable vulnerabilities. In addition, by providing implementations of
various supporting protocols, the vendor may be in a position to leak an
application's keys using any of several subliminal channels. And finally, it
is possible for one application on a smartcardto subvert another
application running on the same smart card. It has been shown how to
take a secure protocol and to create another protocol, also secure, such
that the second protocol breaks the first protocol if both are running on
the same device using the same keys.

7.4. Transformative, or Impersonation, Attacks

There is a class of attacks based on separating or changing the roles
played by various parties; for example, changing the cardholder by
stealing the card may allow access to data that the cardholder has stored,

or using ActiveX controls that allow an attacker to become (in essence)
the terminal owner, engaging in the set of attacks available to terminal

The essential character of a transformative attack is that a party is
transformed, leading to an unexpected set of motivations for that party.
When a card is stolen, the new cardholder (i.e., the thief) has lost all
interest in maintaining the security of the account, and possibly in the
physical integrity of the card. When a terminal is subverted, its desire
to participate in a fair manner is replaced by a desire to subvert the
protocol (why else subvert the terminal?). Thus, when a system assumes
that the data stored on a card is secure because the interests of the
cardholder and issuer are aligned, a vulnerability is opened by the theft
of the card.

Alternately, we examine a system with a smartcardreader attached to a
PC, where that PC is acting as part of the terminal. The terminal is
presumed to be friendly to its owner; perhaps it is being used to carry
Web certi_cates from home to work. Unfortunately, the terminal can be
transformed by the introduction of an ActiveX control that changes the
reader software. This attack, by changing the expected behavior of a
component, can recast the security of the protocol. The behavioral
change here can be active, in the case of changing a request and its
associated display, or passive, in the case of monitoring attacks.
Monitoring attacks can attack the privacy of the transactions made by
the card or the secrecy of PIN or other data. The latter is probably a
precursor to an active attack, not necessarily in the domain of the
smartcardprotocol. That is, recall that PINs are often used in more than
one system, and that the active attack does not need to attack the

7.4.1. Attacks by Third Parties Using Stolen Cards

There are two differences between this attack and an attack by the
cardholder. One, the thief does not have access to any secret
information required to activate the card. And two, the thief has only a

limited amount of time to carry out his attack before the cardholder will
notice that his card has been stolen.

Hence, all the attacks by the cardholder are possible with the following
addition: the thief is not concerned with any long-term repercussions
against the legitimate cardholder. For example, a low-value stored-value
card might deal with the potential of cardholder fraud by simply keeping
records of cardholder transactions, and billing (or prosecuting) any
discrepancies. A thief who steals a card would not be deterred by this
defensive measure.

It is possible to build defenses into the system either at the card's or at
the issuer's level. At the card level, there are perimeter and anomaly
defenses available. The perimeter defense is that the card can consider
several bad PIN attempts to be indicative of attack. (Note that this opens
the card to a denial of service driven by a malicious terminal.) The
anomaly detection defense would be for the card to store history
information and detect a pattern change in its use. This is an aggressive
requirement, but in those cases where a card can be used offine, it may
make sense to raise of some type, possibly requiring contact with its
issuer before additional use to allow the back end system a chance to
make a more elaborate or sophisticated decision, or perhaps simply to
defend the system against card duplication.

7.4.2. Eve and Mallet

If we assume that the use of a smartcardis to allow protocol interactions
between mutually distrusting parties, or at least parties whose interests
diverge, then the protocols must resist the same set of attacks that they
would if the systems were implemented with general purpose computers.
Thus, most attacks based on eavesdropping or malicious protocol
manipulation may be modeled as the case of one party attacking another.
Assuming that the protocol is well designed, it will resist these attacks
equally well if the attacker is internal or external.

7.4.3. Collaborative Attacks

Systems that rely on the split between various components being
maintained as a hostile boundary without cooperation may nd
themselves surprised when roles they had thought split are brought

The smartcardand set top box, supposedly representing different
interests, may collaborate in obtaining unauthorized service for the
owner of the television. Similarly, the terminal's owner may be surprised
to discover that both the card and the terminal, made and programmed
by the same shop, have certain undocumented features. The number of
possible collaborations and interesting models for attack grows with the
number of parties to the system. Those who forget that most attacks are
perpetrated by insiders will likely be reminded (assuming their fraud
detection models are good enough.)


To top