Академический Документы
Профессиональный Документы
Культура Документы
1 SmartCards
Prof. Dr. Andreas Steffen
Institute for Internet Technologies and Applications (ITA)
1 SmartCards 1.1 Overview SmardCard types Physical form factors Electrical contacts 1.2 Physical Security Chip layout Passivation layer removal detection Charge detection Random cell placement Scrambled addressing Power and timing analysis 1.3 SmartCard File System Master, directory and elementary files File names Internal file structure File types 1.4 SmartCard Messages Application protocol data units (APDUs)
Privacy
Authentication
Encryption
MACs MICs
Challenge Response
Smart Cards
Digital Signatures
Message Digests
IVs
Nonces
Secret Keys
Block Ciphers
Stream Ciphers
Hash Functions
Pseudo Random
Random Sources
Elliptic Curves
DH RSA
Glossary: DH RSA IV MAC MIC Diffie-Hellman public key cryptosystem Rivest-Shamir-Adleman public key cryptosystem Initialization Vector, required to initialize symmetric encryption algorithms Message Authentication Code, cryptographically secured checksum Message Integrity Code synonym for MAC
Literature
1.1 Overview
USB token
Crypto card
54 x 85.6 mm (ISO 7810 credit card format) (Visa/MC credit cards) (mini card, rarely used) (GSM SIM card) (new SIM card) 33 x 66 mm 15 x 25 mm
Visa Mini 40 x 66 mm
Mini-UICC 12 x 15 mm
Proximity Cards (ISO 14443): distance < 10 cm Vicinity Cards (ISO 15693): distance = 10 cm 1 m Operating Frequency: f = 13.56 MHz Products: MIFARE (Philips, et al.), LEGIC (Kaba)
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 8
C1 C2 C3 C4
C5 C6 C7 C8
Electrical Contacts Vcc (C1): Supply voltage ISO 7816-3 Class A 5V 10%, 1..5 MHz, 60mA @ 5 MHz Class B 3V 10% ,1..5 MHz, 50mA @ 5 MHz Class C 1.8V 10%, 1..5 MHz, 30mA @ 4 MHz EMV (payment cards) 5 V 10%, 1..5 MHz, 50mA TS 102 221 (GSM/UMTS [U]SIM cards) Class A 5V 10%, 1..5 MHz, 10mA @ 5 MHz (operating state) Class B 3V 10% ,1..5 MHz, 7.5mA @ 5 MHz (operating state) Class C 1.8V 10%, 1..5 MHz, 5mA @ 5 MHz (operating state) RST (C2): CLK (C3): Reset input used to switch the smart card microcontroller on and off. Clock input delivers an external clock signal (1..10 MHz) that is used as a system clock for the smart card microcontroller and as a reference for the serial communication channel. Ground. EEPROM programming voltage. Not used any more since modern cards generate the programming voltage on-chip using a charge pump fed by Vcc. Now used in [U]SIM cards for Near Field Communication (NFC) via the Single Wire Protocol (SWP) . Input/Output for serial communication running either the T=0 or T=1 protocol.
I/O (C7):
AUX1 (C4): Auxiliary contact; USB devices: D+ AUX2 (C8): Auxiliary contact; USB devices: D-
10
Typical Smart Card Chip Components CPU: 8051 (Infineon, Philips, Atmel), 6805 (Motorola, ST Microelectronics), H8 (Hitachi), 80251 (Infineon AE-4 (Renesas) CALM (Samsung) ARM 7 or ARM Cortex AE-5 (Renesas) 8 bit architecture 8 bit architecture 16 bit architecture 16 bit architecture 16 bit architecture 16 bit architecture 32 bit architecture 32 bit architecture
256 8192 Bytes ( 1 RAM cell = 4 EEPROM cells) ( 1 EEPROM cell = 4 ROM cells) (replacement for EEPROM) 8 240 kBytes 1 8 MBytes
EEPROM: 1 80 kBytes
11
RAM CPU
EEPROM
ROM
12
13
RAM CPU
EEPROM
ROM
14
RAM
EEPROM
ROM
15
RAM
EEPROM
ROM
16
Charge detection in RAM cells When cooled to -60 C, RAM cells can keep their charge up to several weeks after the power supply has been switched off. The content of a RAM cell can be read out using a state-of-the-art electron-beam microscope. In order to be able to do this measurement on a secure smart card chip, the passivation and metallization layers covering the the RAM structure must first be physically removed, usually leading to the destruction of the RAM cells.
17
RAM
EEPROM
ROM
18
(no operation)
(multiplication)
(jump)
power consumption
time
Source: Rankl and Effing, "Handbuch der Chipkarten", 2008
19
20
21
DF
DF
EF
EF
DF
EF
EF
EF
EF
MF Master File
DF Dedicated File (directory file, can contain directory and data files) EF Elementary File (data file)
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 22
22
EF
FID forming rules EFs in the same directory cannot have the same FID Stacked DFs cannot have the same FID EFs in a directory (MF oder DF) cannot have the same FID as the parent directory Application Identifiers (AIDs) An AID consists of a 5 byte Registered Identifier (RID) containing a country code, an application category and a provider identifier plus an optional Proprietary Application Identifier (PIX) with a variable length of 0..11 bytes. AIDs must be registered with an appointed national registration authority and are usually kept confidential.
23
EF
Body
Header: file structure info, access control rights, pointer to data body Body:
content changes never or seldom, protected from erasure data, content might change often, many write operations
24
EF structures EF structures
transparent transparent
transparent transparent execute execute
record-oriented record-oriented
linear fixed linear fixed linear variable linear variable cyclic cyclic
individual individual
data bases data bases data objects data objects script files script files
SCQL Queries GET DATA PUT DATA
25
length 1 2 3 4 5 6 7 8 9 m
Example: read 5 bytes of data starting from an offset of 3 bytes Maximum read/write block: 255 bytes (short) / 65'536 bytes (extended) Maximum offset: 32'767 bytes Minimum file size: 1 byte Maximum file size: 98'303 bytes (with offset)
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 26
26
Example: read fixed-length record #3 Maximum number of records: 254 Record length: 1 .. 254 Bytes
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 27
27
Example: read variable-length record #3 Maximum number of records: 254 Variable record length: 1 .. 254 bytes
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 28
28
Example: read the most-recently written record (#1) Maximum number of records: 254 Record length: 1 .. 254 bytes
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 29
29
30
Header
Command APDU CLA: Class Byte (e.g. 0X for ISO 7816-4/-7/-8, A0 for GSM) INS: Instruction byte P1: P2: Lc: Le: Parameter 1 byte Parameter 2 byte Length command byte (length of data field in command APDU) Length expected byte (length of data field in response APDU, maximum: 0x00 )
Response APDU SW1: Status Word 1 byte SW2: Status Word 2 byte Common Return Codes Normal processing: 61XX, 9000 Warning processing: 62XX, 6300 Execution error: Checking error: APDU cases Case 1: | CLA | INS | P1 | P2 | Case 2: | CLA | INS | P1 | P2 | Le | Case 3: | CLA | INS | P1 | P2 | Lc | Data | --> | SW1 | SW2 | --> | Data | SW1 | SW2 | --> | SW1 | SW2 | 64XX, 6500 617XX ... 6FXX
31