Vol. 10, No. 12, Page 21

known to exist in Trojan Horse form, but I have

no details about its consequent actions.

Finally, ‘LIST’, a useful utility that allows a

user to scroll backwards and forwards through files, is known to circulate in many versions

that are not the same as those produced by the original author. None of the altered versions have proved malicious. Yet?

EDITOR’S NOTE

Jerry FitzGerald accepts that Trojan Horses have been found in some of these programs but stresses that all the software supplied with his book is clean. He tested them for six months before releasing them. Moreover, the disk which carries them does not have a notch, which means no-one can write further software to the disk.

In the November issue of 053, we shall be publishing a second review of Jerry FitzGeraldIs book and software by David Frost of the London office of accountants Price Waterhouse.

TANDATA SMART CARD SYSTEM

First a definition, a smart card is simply a credit card-sized piece of plastic containing a microprocessor which can interact with equipment outside the smart card itself. A smart card should make fraud more difficult to perpetrate as it is more difficult to copy a smart card than the familiar magnetic stripe-based credit card, and the processor inside the card can verify queries by external equipment.

I recently looked into a smart card system offered by Tandata, a UK company which is probably best known for its Prestel terminals, but has now expanded into communications equipment in general. The smart card system was explained and demonstrated in Tandata’s excellent demonstration room at its headquarters in Malvern.

The system demonstrated is currently being used by Midland Bank at Loughborough University. A smart card can be used to buy

books, food, drink, in fact anything normally available on the University campus. The owner of a smart card uses a terminal to put money (in the form of electronic credit) into his

smart card. Whenever a transaction is made, this total is debited. Losing the smart card is exactly the same as losing money with the exception that finding a lost smart card is of no use unless you know the accompanying PIN number (see below).

Tandata does not itself manufacture smart cards. Instead it uses a smart card known as an ic Card Type CT C20 manufactured by GEC which contains an 8-bit CMOS micro- processor and 8 Kbytes of memory, of which approximately 5K is available for data storage.

Memory is non-volatile (EEPROM), and claims to retain data for typically seven years, whether or not the card is used. There is no

battery on the card, and there are no external electrical contacts. Current versions of the smart card have the same width and height as a credit card but they are slightly thicker. New cards now undergoing development are the same thickness as a standard credit card.

All communications with the smart card, including transferring power for the internal circuitry, is done via a radio-frequency link. This link operates at 300KHz. The user simply places his smart card on the reader unit (a flat surface), the presence of his card is detected, the reader unit supplies power to the internal microprocessor on the smart card, communicates with it, and checks that it is conversing with a valid card. All this happens almost instantaneously, even though the orientation of the card on the reader unit is immaterial.

The communications link works with a card/reader gap of up to half an inch. Therefore the reader unit can be hidden under an intermediate surface, though this surface must be non-metallic. Versions that can cope

CJ 1988 Elsevier Science Publishers Ltd., England. /88/$0.00 + 2.20

COMPUTER FRAUD & No part of this publication may he reproduced. stored in a retrieval system, or transmitted by any form or by any

SECURITY BULLETIN means, electronic, mechanical, photocopying, recording or otherwise. without the prior permission of the publishers (Readers in the U.S.A. -please see special regulations listed on back cover.)

Vol. 10, No. 12, Page 22

with a gap of one and a half inches are currently under development.

Communications across the radio- frequency link are encrypted using the DES algorithm. This is essential as the underlying physics of using a radio-frequency link dictates that anyone with a properly tuned sensitive receiver in close proximity can monitor the

data being transferred in both directions.

After placing the smart card on the reader, what does the user then do to use the card? Communication with the user is carried out through a Tandata PA terminal and a visual display. Assuming that the smart card validates correctly, the user then has to enter his PIN number on the keyboard of the terminal. This is then checked by conversing with the smart card. If none of the checks fail,

and the user has enough money in the card, the service being offered is allowed to go ahead.

At first sight, this is no different from entering a PIN number in the usual manner to withdraw cash from a machine situated in the wall of your local bank. However, the PIN is verified by the microprocessor on the smart card itself. This processor residues within a secure environment (the smart card), which prevents anyone falsifying the PIN check.

Security management is itself carried out using smart cards. The terminal verifies the identity of the individual allowed to communicate with the terminal to alter the parameters of the service being offered (e.g.

the price per minute charged for access to a remote viewdata system), by requiring him to place his smart card on the reader, and then enter the correct PIN number. Given that this

special user is accepted, the screen looks identical to that seen by a normal user, but there are invisible menu options available that permit the current status to be re-configured.

How secure is a smart card versus a conventional magnetic stripe card? With a

magnetic stripe card it is inherently possible to

purchase a unit that will both read and write cards, and make copies of the card. This is

protected against in two ways, the distribution of hardware capable of writing to the relevant tracks on a magnetic stripe card is controlled, plus the user has a PIN number which he is

not supposed to write down or disclose to anybody.

To compromise the physical security of a smart card, you have to be able to break into a piece of plastic, find the exact part of a microchip where relevant information is stored, read the information, and write it out to a new card. This is far more difficult than copying a magnetic stripe. The manufacturers claim that it is impossible to cut a smart card and leave the memory contents intact.

The security of the PIN number against

customers forgetting it, or writing it down, is the same for both types of card. The future possibility that the smart card offers of being able to store verifiable information on the card,

and of conducting a secure dialogue with a user, points strongly in its favour.

I know that the above discussion does not cover the total security system used by either of the card technologies, but it does give an idea of the relative technical merits of the

security offered by either system.

The complete story is even more in favour

of the smart card as the internal micro-

processor contains checks that its memory and data have not been altered, it uses authentication and encryption to protect

communication with the terminal, and last but

by no means least, the cost of making fake

smart cards is prohibitive, as a microprocessor

manufacturing facility is needed, coupled with

a facility to embed such processors within a

smart card.

In the long term, my own personal belief is

that a technology known as the super smart card will eventually be in routine use. This is similar to a smart card, with the addition of a

small keypad and display on the card. The

0 1988 Elsevier Science Publishers Ltd., England. /SS/$O.OO + 2.20

COMPUTER FRAUD & No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any

SECURITY BULLETIN means, electronic, mechanical, photocopying, recording or otherwise. without the prior permission of the publishers. (Readers in the U.S.A. -please see special regulations listed on back cover.)

Vol. 10, No. 12, Page 23

user communicates with this keypad and display directly, thus cutting out the possibility of the terminal interfering with user authentication. The Tandata system described above can accept super smart cards simply by using different software.

Keith Jackson

and Fortran but not ADA and Modula 2), it seems to offer a wide enough range of definitions to satisfy most people and to justify a place on the book shelf.

The bias of subject matter is distinctly American but in all fairness, many of the security standards and definitions are derived from the ANSI X.9 standards.

BOOK REVIEW

Title: Data and Computer Security, a Diction-

ary of Standards, Concepts and Terms

Authors: Dennis Longley and Michael Shane

Publisher: Macmillan Publishers Ltd, 4 Little Essex Street, London WC2, UK. 1987.

Price: f50.00. ISBN O-333-42935-4.

Data and Computer Security is aimed at the non-specialist who is involved with computing and communications, especially in

the areas of banking, finance, trade and industry, and government.

I was pleasantly surprised when I first examined the book to find it not only interesting but also to discover a wide scope of material. The key point to note is that it is aimed at the non-specialist not the layman. With the need for people working with computers to have a general knowledge of modern data security techniques, this book fulfils a useful role.

The depth of coverage of individual topics varies with the relative importance of the subject as viewed by the authors. In general, their choice is well founded, and brief overviews of many newer topics such as RSA and digital signatures are well covered. In fact, in an area which has seen significant advancements in recent years, the subject matter is fairly well up to date.

This is the first dictionary of its kind which I have seen and although one can always nit-pick the inclusions and exceptions (Cobol

As a test subject I traced the DOD Orange Book and felt that an average non-specialist would pick up the key material sufficiently to further research the subject. In this matter, the cross reference index in the rear of the book is particularly useful.

If one attempts to classify the contents of the dictionary, it clearly tries to cover data security, communications and computing. The former is well covered as are some aspects of communications, but please don’t buy this book as a dictionary of computing. However, with that qualification, you may find you could spend an evening just reading for fun.

P.S. Did you know that CLODO, in computer security, is a French underground organization -the committee to liquidate or neutralize computers.

Dr David B. Everett

Brighton

UK

MR LARS KVAM

The article entitled “Norwegian bank computer ‘hack fails” in the August 1988 issue of CFSB contained several comments attributed to Mr Lars Kvam of lnformatikk A/S, Norway. Mr Kvam has asked us to point out that he was never interviewed by the author of the article, which was in fact based on an article in the Norwegian publication Dagens Naeringsliv.

@ 1988 Elsevier Science Publishers Ltd., England. /6&l/$0.00 + 2.20

COMPUTER FRAUD & No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any

SECURITY BULLETIN means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publishers. (Readers in the U.S.A. - please see special regulations listed on back cover.)