20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment...
44
20-763 ELECTRONIC PAYMENT SYSTEMS FALL 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 8 Smart and Stored-Value Cards
-
Upload
osbaldo-brasier -
Category
Documents
-
view
222 -
download
5
Transcript of 20-763 ELECTRONIC PAYMENT SYSTEMSFALL 2002COPYRIGHT © 2002 MICHAEL I. SHAMOS Electronic Payment...
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Electronic Payment Systems20-763
Lecture 8
Smart and Stored-Value Cards
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Outline
• Smart card types• Operating systems• Wireless cards• Card manufacture and issuance• Security• Octopus• Mondex• Mobile systems
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
ePayment by Smart Card
• Objective: replace cash• Cash is expensive to make and use
– Printing, replacement– Anti-counterfeiting measures– Transportation– Security
• Cash is inconvenient– not machine-readable– humans carry limited amount– risk of loss, theft
• Additional smart card benefits
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Cards
• Magnetic stripe– 140 bytes, cost $0.20-0.75
• Memory cards– 1-4 KB memory, no processor, cost $1.00-2.50
• Optical memory cards– 4 megabytes read-only (CD-like), $7-12
• Microprocessor cards– Imbedded microprocessor
• (OLD) 8-bit processor,16 KB ROM, 512 bytes RAM
• Equivalent power to IBM XT PC• 32-bit processors now available
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Costs
NEW: RW Optical 500 MB 32-bit $15 Reader: $200
SOURCE: SUN
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Laser Optical Memory Card
Capacity: 1MB - 1GB
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Microprocessor Card Adoption
SOURCE: DATAQUEST (10/2000)
0200400600800
1,0001,2001,4001,6001,8002,000
2000 2001 2002 2003 2004
Asia Pacific
Japan
Europe
Americas
North America
1999: 500 M microprocessor cards2004: 1750 M microprocessor cards
MILLIONSOF CARDS
WORLDWIDE
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Card Taxonomy
M ag ne ticS tripe
W ie ga nd B ar riumF e rr i te
M ag ne tic
R ad ioF req u en cy
M em ory O n ly W ith M ic roP roce ssor
W r ite O n ce(E P R O M )
M em ory O n ly W ith M ic roP roce ssor
W r ite M a ny(E E P R O M )
S m a rt M em o ry
IC C a rds
B a r C od esS o fts tr ip
O C R O p tica lM em o ry
O p tica l
M ach ine R e ad ab le C ards
SOURCE: BURGER, CAROLL & ASSOCIATES
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Multi-Application Smart Card
Digital CertificatesDigital Certificates
Private Key(s)Private Key(s)
ACE (Active CustomerACE (Active CustomerEnrollment) AuthenticationEnrollment) Authentication
Biometric DataBiometric Data
Employee DataEmployee Data
Magnetic Stripe orMagnetic Stripe orRF Door AccessRF Door Access
Employee PictureEmployee Picture
Encryption KeyEncryption Key
Password CachePassword Cache
S/Mime Secure MailS/Mime Secure Mail
SSL Secure WebSSL Secure Web
Customer PKICustomer PKIApplicationApplication
Single Sign-OnSingle Sign-On
Local File EncryptLocal File Encrypt
Secure Screen SaverSecure Screen Saver
BiometricBiometricAuthenticationAuthentication
Application LoginApplication Login
SOURCE: SECURITY DYNAMICS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Structure
Contacts (8)SOURCE: SMART CARD FORUM
Epoxy
Microprocessor
Contacts
Card(Upside-down)
Contacts:
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Old Smart Card Architecture
SOURCE: SMART CARD FORUM
EEPROM:ElectricallyErasableProgrammableRead-OnlyMemory
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Cyberflex™ Java Smart Card
• Complete 32-bit Java run-time environment on a card• Utilities for compiling and loading cardlets onto the
card from a PC
OPERATING SYSTEM
MICROPROCESSOR
JAVA VIRTUAL MACHINE
1 2 3
CARDLETS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Architecture
• File structure (ISO 7816-4)– Cyclic files
• Database management on a card– SCQL (Structured Card Query Language)– Provides standardized interface– No need to know file formatting details
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Contactless Cards
• Communicates by radio– Power supplied by reader
– Data rate 106 Kb/sec
– Read 2.5 ms, write 9 ms
– 8 Kb EEPROM, unlimited read, 100,000 writes
– Effective range: 10 cm, signals encrypted
– Lifetime: 2 years (data retention 10 years)
– Two-way authentication, nonces, secret keys
– Anticollision mechanism for multiple cards
– Unique card serial numberSOURCE: GEMPLUS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
How RFID Works• Tag enters RF field• RF signal powers tag• Tag transmits ID, plus data• Reader captures data• Reader sends data to computer• Computer determines action• Computer instructs reader• Reader transmits data to tag
RFIDReader
Antenna
Computer
Tag
SOURCE: PHILIPS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
SOURCE: SANJAY SARMA
RFID
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Low-Cost RFID
Antenna Manufacture
Antenna/IC Assembly
Conversion to Package
End users
IC Manufacture
20¢ 5¢ 5¢ 20¢
IC Design
Millionsof tags
Total~ 40¢
1-2¢ 1¢ 1¢ 1¢ Billionsof tags
Total~ 4 - 5¢
SOURCE: SANJAY SARMA
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Java Ring
• Java-enabled iButton
• Communicates by contact at 142 Kbps
• 64 KB ROM and 134 KB RAM
• Stores 30 digital certificates with 1024-bit keys
• Uses: authentication, epayment, access
• Cost: $15-30 in unit quantity
SOURCE: IBUTTON.COM
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
OpenCard Framework (OCF)
SOURCE: OPENCARD.ORG
CardServiceLayer
CardTerminalLayer
(TALKS TO CARD)
(TALKS TO READER)
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Magnetic Stripe Protection
CARD PROTECTION TECHNOLOGIES
VISUAL PROTECTION
ACCESS PROTECTION
CONTENT VERIFICATION
Protection on Modification
Protection on Duplication
Holograms
Microprints
Ultraviolet Pattern
Photocard
Signature
DNA
PIN
PVV
Embossed Data
CVC
Smart Card
Memory Card P Card
Watermark Sandwich Magneprint Valugard
Xsec
Holomagnetic
Xshield
SOURCE: L. M. CHENG, CUHK
CVC = Card Verification CodePVV = PIN Verification Value
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
ATM and Debit Card Cryptography
• PIN cannot be stored anywhere in plaintext• PIN cannot be reverse-engineered from the card or
any database• Generate a random 4-digit number (the PIN)• Combine PIN with other data (account number) to
form a data block• Encrypt the data block using 3DES and secret bank
keys• Select several digits from the encrypted data to use
as the Pin Verification Value (PVV)
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Forming the Pin Verification Value
4-DIGITPIN
ACCOUNTNUMBER
SECRETBANK KEYS 3DES ENCRYPTED
DATA BLOCK
CARD HASACCOUNT NUMBER
AND PVV
PIN VERIFICATIONVALUE (PVV)
SELECT 4-6 DIGITSFROM ENCRYPTED DATA
BLOCK TO FORM PVV
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Using the Card
CARD HASACCOUNT NUMBER
AND PVV
ATM MACHINE READS ACCOUNT NUMBER AND P V V
4-DIGITPIN
ACCOUNTNUMBER P V V
USER TYPES PIN
MACHINE NOW HAS:
SECRETBANK KEYS
3DES DECRYPTEDDATA BLOCK
MACHINE HAS BANKKEYS IN HARDWARE:
P V V
COMPUTE P V V
COMPARE CARD P V VWITH COMPUTED P V V
P V Vs MATCH? USER IS AUTHENTIC
P V Vs DIFFERENT? USER IS REJECTED
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Credit Card Fraud
Stealing — A legal card may be stolen and used in ATMs or EPOSs.
Altering and re-embossing a genuine card, modifying visual features.
Skimming or altering data on the magnetic stripe, e.g. expiration date or credit limit, stored value.
Copying data from a genuine card to another online — “white plastic fraud”
Counterfeiting — “color plastic fraud” — encoding information from one card to another card off-line
SOURCE: L. M. CHENG, CUHK
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
OP Security Assumptions
• OP card is merely a component • Need to trust:
– back-office systems– cryptographic key management– card/chip operating environment (COE) – off-card security procedures (actors and roles)
• There are vulnerabilities the OP card cannot protect itself against
SOURCE: GAMMA
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
OP Card Security Threats
Group 1 Group 2
Group 4
Group 5Group 6
Group 7
CAD
Clone
Future
Past
CurrentGroup 3
DIRECT ATTACKS ONCHIP CIRCUITRY
INDIRECT ATTACKSON CHIP CIRCUITRY
ATTACKS USING CARDSNOT YET ISSUED, OLD
CARDS, CLONES
ATTACKS ON CARD’SINTERFACE TO THE OUTSIDE,E.G. PREMATURE REMOVAL
ATTACKS ON THE RUN-TIMEENVIRONMENT THROUGH THE
CARD ACCEPTANCE DEVICE (CAD)
THREATS FROM CARD APPS ANDNEED TO SHARE RESOURCES
THREATS BASED ON RTEIMPLEMENTATION
SOURCE: GAMMA
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Security
• Observers• Active defenses• Attacks:• Microprobing, microscopy• Differential fault analysis
– (Boneh et al. 1997)– Induce errors, observe output differences
• Differential power analysis
SOURCE: cryptography.com
SOURCE: Kömmerling et al.
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Differential Power Analysis
• Send different inputs to the Smart Card to learn details of its encryption key
• When a correct key value is tried, the algorithm responds• Incorrect keys have zero average response
SMART CARD POWER CONSUMPTIONDURING DES ENCRYPTION
SOURCE: cryptography.com
16 DES ROUNDSINITIAL
PERMUTATIONFINAL PERMUTATION
EXPANDED VIEWOF ROUNDS 2 & 3
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Optical Vulnerabilities
SOURCE: ROSS ANDERSON
PIC16F84 “DEPACKAGED”
SRAM ARRAY, MAGNIFIED(STATIC RANDOM ACCESS MEMORY)
MANUAL PROBER WITHPHOTOFLASH LAMP
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Smart Card Sales Leaders (2000)
VENDOR # OF CARDS SHARE
Gemplus 185,000,000 29%
Schlumberger 152,000,000 24%
Oberthur Smart Cards 85,000,000 14%
Giesecke & Devrient 76,000,000 12%
Orga Card Systems 53,000,000 8%
TOTAL 628,000,000SOURCE: CARDWEB.COM
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Octopus• Transaction time < 300 milliseconds• Transaction fees: HK$0.02 + 0.75%
– $10 transaction costs $0.095 (0.95%)
• Applications– Transit– Telephones– Road tolls– Point-of-sale– Access control
• Anonymous / personalized• How does money get to service providers?
– Net settlement system operated by Creative Star
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Octopus
SOURCE: SONY
SONY RC-S833CONTACTLESS SMART CARD
I/O SPEED: 211 Kbps
SONY READER/WRITER
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Octopus System
SOURCE: WORLD BANK
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Bus Smart Card Systems
SOURCE: MITSUBISHI
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mondex
• Subsidiary of MasterCard• Smart-card-based, stored-value card (SVC)• NatWest (National Westminister Bank, UK) et al.• Secret chip-to-chip transfer protocol• Value is not in strings alone; must be on Mondex card• Loaded through ATM
– ATM does not know transfer protocol; connects with secure device at bank
• Spending at merchants having a Mondex value transfer terminal
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mondex Overview
SOURCES: OKI, MONDEX USA
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mondex Security
• Active and dormant security software– Security methods constantly changing– ITSEC E6 level (military)
• VTP (Value Transfer Protocol)– Globally unique card numbers– Globally unique transaction numbers– Challenge-response user identification– Digital signatures
• MULTOS operating system– firewalls on the chip
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Payment Cards
• 8-128 Kb• Data rate 115 Kb/sec
• ISO 7816 compliant • Visa-certified• PIN management and verification
• 3DES algorithm for authentication, secure messaging
• ePurse with payment command set (debit,credit, balance, floor limit management)
SOURCE: GEMPLUS
EMV =EUROPAY INT’L,MASTERCARD,VISA
MPCOS =MULTI PAYMENT CHIPOPERATING SYSTEM
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Mobile Card Systems
MOTOROLA P7389TRIBAND WAP PHONE
WITH SMARTCARD READER
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
WAP or i-Mode
SE
T o
r S
SL
/TL
S
Mobile EMV Chip Debit/Credit
MerchantAcquirer
Clearing & Settlement
CardIssuer
s
Acquiring Payment Engine
Merchants
Gateway Wallet Server
Voice or IP Browsing & Offer Request
OPTION 1: Multi-app: SIM + EMV (CEC)
Option 2: Dual slot phone with full size EMV
Merchant Offer
Purchase Request
Authorisation Request / Response
Shipment Confirmation
M/CHIP transaction with ARQC and ARPC / ARC
data classed as “Card Present” Transaction
Wallet simply forwards cardholder’s address details
SOURCE: MAOSCO
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Comparison of Payment Methods
PAYMENT TYPE
ADVANTAGES DISADVANTAGES
Cash Anonymous, universal, free
Risk of theft/loss, bulky
Credit Card Almost universal High transaction cost, fraud/forgery
EFTPOS Direct access to cash Must be online, security only moderate
Disposable smart card
Fast, private Risk of loss, limited to small amounts
Personalized smart card
Long useful life, security, like eCash
Not anonymous, lack of international standards
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
Major Ideas
• Potential of cards is unexplored; new uses every day• Powerful microprocessors allow
– cryptography– certificates, authentication– secure purses
• Wireless (contactless) cards enable new business models
• Huge capacity laser CD-DVD cards allow large databases of personalized information
20-763 ELECTRONIC PAYMENT SYSTEMS
FALL 2002
COPYRIGHT © 2002 MICHAEL I. SHAMOS
QA&
