Security and Reliability of Security and Reliability of Smart CardSmart Card Smart HKID Card ForumSmart HKID Card Forum JJan 6, 2001 an 6, 2001 Science MuseumScience Museum

Dr LM ChengDirectorSmart Card Design CenterDept. of Electronic EngineeringCity University of Hong Kong

ContentContent

Background General Security Features Simple Cryptographic Engine Encryption Techniques Security Standards & Assessment Physical & Electrical Reliability Electro-static Discharge

BackgroundBackgroundType of Smart CardsWorldwide MarketNew Technologies requirement

Types of Smart CardTypes of Smart Card

Memory CardMPU IC cardCrypto- processor cardContactless card

Worldwide Smart Cards Market Worldwide Smart Cards Market ForecastForecast

(Millions of Dollars and Millions of Units)(Millions of Dollars and Millions of Units) Data From Frost & SullivanData From Frost & Sullivan

New Technologies RequiredNew Technologies Required Data Storage Management - information

protection authentication process -

biometric: fingerprint, facial features, iris identification, dynamic signature recognition, speech recognition

Advanced encryption methods - Elliptic Curve Cryptography, chaotic

techniques, AES

Basic Internal Structure of Basic Internal Structure of CPU Smart CardCPU Smart Card

Possible Attacks on Smart Possible Attacks on Smart CardCard

EM analysis: use electron microscope to inspect the internal structure of the mask

UV or X-ray inspection: use high efficiency UV or X-ray to inspect the memory areas to extract important information like PIN, secret key and public key

duplication: illegal copying of card content from one to another

confusion: disturb the power supply/frequency during PIN verification to confuse the accurate enter of PIN and allow access to the protected memory

tracking: based on the protocol exchange between the terminal and the card to track the sequence of commands

Other possible attracts: attract on DES like differentiate methodsattract on RSA using cyclic properties

General Smart Card General Smart Card Security FeaturesSecurity Features

Against UV or X-ray inspection:– Using implementation to avoid visible of

ROM Code

EM analysis:– Address Scrambling of memories

Against confusion:– Low/High voltage sensors– Low/High Frequencies sensors– High Frequency Protection

Against duplication:– Security PROM Hardware Protected– Unique Chip Identification Number – Move Code Blocking

Against Tracking:– Secure authentication and data/key encryption

Against DPA: – Random Wait State (Advance)– Current Scrambling Generator (Advance)

Against Cyclic properties:– No simple solutions

Protection Against TrackingProtection Against Tracking

Random Number Generator for dynamic key generation

Cipher Engine for data protection:– Block– Stream

Random Number GeneratorRandom Number Generator

For generation of session keysDigital approach can only generate pseudo

random number based on Xi =(a Xi-1 + b) mod c

Other use analogue approaches like VCO, white noise generator etc.

Block CipherBlock Cipher

K1: Master Key of length 16-bit

K2: Card ID of length 16-bit

Process in block and errors propagate within the block

Block Cipher8-bit

K1 : 16-bit

K2 : 16-bit

DataIn DataOut8-bit

Block Cipher8-bit

K1 : 16-bit

K2 : 16-bit

DataOut DataIn8-bit

Block Cipher Method – Write to Memory

Block Cipher Method – Read from Memory

Stream CipherStream Cipher• Similar to a state

machine with K1K2 as the initial state

• A pseudorandom number sequences generated are XOR with the Input Data to form the Output Data

• The data must be in sequence in order to encode and decode correctly

Stream Cipher

K1 : 16-bit

DataOut8-bit8-bit

DataIn

K2 : 16-bit

Encryption TechniquesEncryption Techniques Encryption

– Encryption will modify data into irregular form for security storage and transmission. The reconstruction is achieved by using a set of relevant Keys.

Two cryptosystems are currently being used, i.e. symmetric (DES/FEAL) and asymmetric (RSA, ECC). Symmetric cryptosystem requires only one common key for encryption and decryption whereas asymmetric system requires two keys, i.e. private/user key and public/system key.

Common Encryption Common Encryption Techniques in Smart CardTechniques in Smart Card

Private:- Data Exchange– DES (Data Encryption Standard)

Public:- Key Exchange– RSA (Rivet, Shamir, Adleman)– ECC (Elliptic Curve Cryptography)

Also for Authentication

Is Smart Card Secure?Is Smart Card Secure? There are no perfect (100%

secured) systems available Systems design and built for

minimal attack risk can be treated as secure sytems

Secure systems are evaluated/classified in different levels using international standards such as TCSEC/DoD (Orange -USA), ITSEC (Europe) and CCITSE (ISO15408)

Trusted Computer Security Trusted Computer Security Evaluation Criteria – USA(DoD)Evaluation Criteria – USA(DoD)

D: Minimal protection – No protection

C1: Discretionary Security Protection–Use control access

C2: Controlled Access Protection–Use accountability/auditing

B1: Labeled Security Protection– Use sensitivity (classification) labels

B2: Structured Protection– Use formal security policy more resistant to penetrate

B3: Security domain– Highly resistant to penetration. Use security

administrator, auditing events and system recovery process

A1: Verified protection – Highly assure of penetration. Use formal specification

and verification approaches.

Information Technology Security Information Technology Security Evaluation Criteria (ITSEC) and Common Evaluation Criteria (ITSEC) and Common

Criteria (CC) – Europe&CanadaCriteria (CC) – Europe&Canada

EAL1 - functional testedEAL2 - structurally testedEAL3 - methodologically tested and

checked

EAL4 - methodologically designed, tested and reviewed

EAL5 - semi formally designed and tested EAL6 - semi formally verified designed

and tested EAL7 - formally verified designed and

tested

Federal Information Processing Federal Information Processing Standards (FIPS) - evaluationStandards (FIPS) - evaluation

FIPS 46-2 and 81 for DESFIPS 186 for Digital SignatureFIPS 140-2 for Cryptographic Modules

Security evaluation Security evaluation requirementsrequirements

Cryptographic modulesmodule interfacerole and servicesfinite state machine modelphysical securityEnvironmental Failure Protection/Testing

(EFT/EFP)

Software securityOperation securitycryptographic key managementcryptographic algorithmEMI/EMCself tests

Physical & Electrical ReliabilityPhysical & Electrical ReliabilityTest Standard

ReferenceTest Methodology Test Frequency

1 Salt Atmosphere

CECC 90 000

48 h, 35°C, 45%HR, 5% NaCl

Manufacturing product audit

2 Insertion Test

Bull 10 000 insertion Manufacturing product audit

3 Data Retention

Semi-conductor Std.

10 years Manufacturing product audit

4 ESD Protection

MIL STD-883C Mtd. 8

Class 3: 4Kv Chip Characterization

Electro-static Discharge – Electro-static Discharge – Dry/Wet weather comparisonDry/Wet weather comparison

ESD – failure in various stagesESD – failure in various stages

Reliability of Contact Type Reliability of Contact Type Smart Card Reader Smart Card Reader

Mechanical Insertion Life time – around 1-3x105 insertion

For a typical flow of 105 crossing per dayEach reader will only last for 3 daysAssuming 30 readers installed at border, all

readers have to be replaced in 90 days.Whereas, contactless type has MTBF over

115,000 hrs = over 13 years

ConclusionConclusion

Smart Card is an evolutionary productTrend of use is irreversibleHKID project can built a framework to

make it smartMore technology breakthrough is needed to

make them really multi-applicationsTechnology is fact but not miracle