Introduction to Smart Cards - vmeng.comvmeng.com/mc/slides01/Introduction_to_SC.pdfIntroduction to...

Introduction toIntroduction to

Smart CardsSmart Cards

JEAN-LUC Giraud

MacCrypto’01

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents2

OutlineOutline

��What are Smart Cards?What are Smart Cards?

��How do we make them?How do we make them?

��How do they work?How do they work?

��What can you do with them?What can you do with them?

��How can you program them?How can you program them?

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents3

What is a Smart Card?What is a Smart Card?

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents4

A Closer Look (1)A Closer Look (1)

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents5

A Closer Look (2)A Closer Look (2)

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents6

OutlineOutline

��What are Smart Cards?What are Smart Cards?

��How do we make them?How do we make them?

��How do they work?How do they work?

��What can you do with them?What can you do with them?

��How can you program them?How can you program them?

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents7

Manufacturing: CuttingManufacturing: Cutting

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents8

Manufacturing: GluingManufacturing: Gluing

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents9

Manufacturing: BondingManufacturing: Bonding

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents10

Manufacturing: EncapsulationManufacturing: Encapsulation

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents11

Manufacturing: Finished ModulesManufacturing: Finished Modules

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents12

Manufacturing: Module on BodyManufacturing: Module on Body

Electrical InitialisationElectrical Initialisation

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents13

Manufacturing: PersonalisationManufacturing: Personalisation

Electrical and Physical PersonalisationElectrical and Physical Personalisation

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents14

OutlineOutline

��What are Smart Cards?What are Smart Cards?

��How do we make them?How do we make them?

��How do they work?How do they work?

��What can you do with them?What can you do with them?

��How can you program them?How can you program them?

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents15

Card FamiliesCard Families

MicroprocessorMicroprocessor

MemoryMemory

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents16

Memory CardsMemory Cards

� Bitmap, synchronous access� R/W

� R/Erase only

11 00 11 11 11 11 11

11 00 11 11 00 11 00 1100 00 11 11 11 00 11 11

0011 00 11 11 11 11 11

11 00 11 11 00 11 00 1100 00 11 11 11 00 11 11

1111 00 11 11 11 11 11

11 00 11 11 00 11 00 1100 00 11 11 11 00 11 11

00

00 00 00 00 11 11 11

00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00

1100 00 00 00 11 11 11

00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00

00

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents17

Enhanced Memory CardsEnhanced Memory Cards

� Onboard hardwired crypto engine

� Card Authentication

� MAC on balance

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents18

Memory Card ApplicationMemory Card Application

� Loyalty � Payphones

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents19

Smarter Smart CardsSmarter Smart Cards

� Microprocessor based

� Onboard Memory (RAM, ROM and EEPROM/Flash)

� Programmable

� Onboard processing

� Security features� Crypto coprocessor (PK, DES,…)

� Physical sensors (V, freq,…)

� Physical protections (shielding,…)

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents20

Chip Structure (0.25mmChip Structure (0.25mm22))

FLASH / EEPROM

ROM

RAM

CPU

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents21

Smart Card ModuleSmart Card Module

EEPROM /FLASH

RAMROM

Data Bus

Address Bus

MicroprocessorMicroprocessorVcc

Reset

Clock

Ground

Vpp

I/O

CPUCPU

Microcontact Microchip

Micromodule

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents22

CommunicationsCommunications

� One communication channel: serial line

� “Layered” transmission protocol� Application: Application Protocol Data Unit

� Transport: T=0, T=1, T=14

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents23

� An APDU contains:

� a command message,

� a response message.

IFDICC

command APDU

response APDU

The Application Protocol Data UnitThe Application Protocol Data Unit

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents24

ADPU SyntaxADPU Syntax

� APDU Command

� APDU Response

CLA INS P1 P2 Lc Data Le

Parameters Command Data

Data Length Response LengthInstruction

Class

SWData

Response Data Status Word

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents25

ExampleExample

P1, P2 : specify the data to be retrievedLe : length of data to retrieve

READ BINARY (P1,P2,Le)

Data, SW

CLA INS P1 P2 Lc Data Le

A0 B0 xx xx 0 Le

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents26

Required InfrastructureRequired Infrastructure

� Personalisation Center

� Issuing Center

� Reader

� Middleware (CDSA)

� Back-end System

http://www.http://www.gemplusgemplus.com/.com/usbusb

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents27

Middleware (Windows platform)Middleware (Windows platform)

PKCS #11PKCS #11

Token XToken X Token YToken Y Token ZToken Z

CAPICAPI

CSP ACSP A CSP BCSP B CSP CCSP C

RS232RS232 USBUSB PCMCIAPCMCIA

PC/SCPC/SC

PCIPCI

IBM cardIBM card GemSAFEGemSAFEReaderReader

Ha

rdw

are

So

ftw

are

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents28

OutlineOutline

��What are Smart Cards?What are Smart Cards?

��How do we make them?How do we make them?

��How do they work?How do they work?

��What can you do with them?What can you do with them?

��How can you program them?How can you program them?

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents29

Mask your Own CodeMask your Own Code

� Pros:� Small code footprint

� “Complete” control

� Cons:� Development in C and target assembly language

� Use emulators

� Mask lead time (~2 month)

� Bug fixes

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents30

Use Proprietary CardsUse Proprietary Cards

� What you (usually) get:� File System

� Fixed set of APDU Commands

✔Read/Write files

✔Cryptographic computations

� Pros:� Off the shelf products

� Cheaper

� Cons:� Not extensible

� Bug fixes

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents31

Use Open CardsUse Open Cards

� Choice� Java

� Microsoft

� Standard API� Crypto

� GSM (SMS, Pro active commands…)

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents32

Applet Life CycleApplet Life Cycle

� Write code in Java

� Compile it

� Debug it (simulator)

� Verify and Convert it (specific byte code)

� Load it� Personalisation center

� Point of sale

� Over the Internet

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents33

OutlineOutline

��What are Smart Cards?What are Smart Cards?

��How do we make them?How do we make them?

��How do they work?How do they work?

��What can you do with them?What can you do with them?

��How can you program them?How can you program them?

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents34

Why use a Smart Card?Why use a Smart Card?

CryptoCrypto

TheoreticalTheoretical PracticalPractical

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents35

Advantages of a Smart CardAdvantages of a Smart Card

� Tamper resistance

� Storage

� Portability

� Tamper resistance

� Processing

� Ease of use

� Onboard key generation

[Blah Blah]

[@ç^#~r&€]

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents36

Main applicationsMain applications

�� Cellular phone GSM Cellular phone GSM cardscards,,

�� Health cardsHealth cards..

�� Banking cardsBanking cards,,

�� Public phone Public phone cardscards ( (prepre--paidpaid),),

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents37

New applicationsNew applications

�� SecuritySecurity ofof information information systemsystem,,

�� LoyaltyLoyalty ,,

�� Physical accessPhysical access control. control.

�� IdentityIdentity,,

�� GamesGames,,

�� Transport,Transport,

�� Electronic purseElectronic purse,,

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents38

Attacking Smart CardsAttacking Smart Cards

� Timing Attacks

� Power Analysis� Simple Power Analysis

� Differential Power Analysis

� Invasive Attacks� Probe Stations

� Focused Ion Beam

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents39

Standards : ISO/IEC 7816Standards : ISO/IEC 7816Integrated circuits cards with contactsIntegrated circuits cards with contacts

� ISO/IEC 7816-1 : Physical characteristics.

� ISO/IEC 7816-2 : Dimension & location of contacts.

� ISO/IEC 7816-3 : Electronic signals & transmission protocols.

� ISO/IEC 7816-4 : Inter-industry commands.

� ISO/IEC 7816-5 : Registration system for applications in IC card.

� ISO/IEC 7816-6 : Inter-industry data elements.

� ISO/IEC 7816-7 : Inter-industry commands for

Structured Card Query Language (SCQL).

� ISO/IEC 7816-8 : Security architecture and related inter-industry commands.

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents40

ResourcesResources

� On Card development:� Java card : http://www.javacard.org

“Java Card Technology for Smart Cards”, Zhiqun Chen, Sun Java Series,ISBN: 0-201-70329-7

� Windows for SC : http://www.microsoft.com/smartcard/� Gemplus

✔ Developer web site: http://www.gemplus.fr/developers/index.htm✔ Developer conference: http://www.key3studios.com/gemplusworld/

June 20, 21, Paris.

� Middleware:� PCSC-Lite : http://www.linuxnet.com/� OCF (java) : http://ww.opencard.org/� CDSA : http://www.opengroup.org/security/l2-cdsa.htm� PKCS : http://www.rsasecurity.com/rsalabs/pkcs/index.html

� Questions:� Jean-Luc.Giraud@gemplus.com

Introduction to Smart Cards - Jean-Luc Giraud - MacCrypto29/01/2001

Bull Patents41

ConclusionConclusion

SmartSmart

PersonalPersonal

PortablePortable

SecureSecure

==