1. INTRODUCTION Smart card is one of the greatest achievements in the world of information technology. Similar in size to today’s plastic payment card, the smart card has a microprocessor or memory chip embedded in it that, when coupled with a reader, has the processing power to serve many different applications. As an access-control device, smart cards can be used to access server remotely over the Internet and they can make personal and business data available only to the appropriate users. Smart cards provide data portability, security, convenience and the like. According to Gemplus (ref. 19]), smart cards can be categorized into the following . Memory and microprocessor- Memory cards simply store data and can be viewed as a small floppy disk with optional security. A microprocessor card, on the other hand, can add, delete and manipulate information in its memory on the card. Contact and contactless – Contact smart cards are inserted into a smart card reader, making physical contact with the reader. However, contactless smart cards have an antenna embedded inside the card that enables communication with the reader without physical contact. A combi card combines the two features with a very high level of security.
Smart cards help businesses evolve and expand their products and services in a changing global marketplace. The scope of uses for a smart card has expanded each year to include applications in a variety of markets and disciplines. In recent years, the information age has introduced an array of security and privacy issues that have called for advanced smart card security applications. “Key to the global village”, that is how the Smart Card has been described. Smart Cards will bring big changes to the way people provide and receive information and the way they spend money. They will have a profound impact on retailing and service delivery.
A Smart Card is like an “electronic wallet”. It is a standard credit card-sized plastic intelligent token within which a microchip has been embedded within its body and which makes it ‘smart’. It provides not only memory capacity, but computational capability as well and thus the chip is capable of processing data. It has gold contacts that allow other devices to communicate with it. This chip holds a variety of information, from stored (monetary) value used for retail and vending machines to secure information and applications for higher-end operations such as medical/healthcare records.
Therefore, unlike the read-only plastic card, the processing power of Smart Cards gives them the versatility needed to make payments, to configure your cell phones, TVs and video players and to connect to your computers via telephone, satellite or the Internet anytime, anywhere in the world. 2. HISORICAL PERSPECTIVE Smart card was invented at the end of the seventies by Michel Ugon (Guillou, 1992). The French group of bankcards CB (Carte Bancaire) was created in 1985 and has allowed the diffusion of 24 million devices (Fancher, 1997). For the physical characteristics the first draft proposal was registered in 1983.
A long discussion resulted in the standardization of the contact location. Next was the standardization of signals and protocols which resulted in standards ISO/IEC 7816/1-4. Logical security came next, as it was clear from the beginning that there was a need for cryptographic capabilities, though this was a bit difficult due to the limited computing power and the few bytes of RAM available at that time (Quisquater, 1997). Nowadays, smart cards are used in several applications. The technology has its historical origin in the seventies when inventors in Germany, Japan, and France filed the original patents. While inventors in the U.
S. , Japan and Austria, were issued patents, it was the French who put up big money to push the technology. They did this in the 1970’s, during a period of major national investment in modernizing the nation’s technology infrastructure. Due to several factors most work on Smart Cards was at the research and development level until the mid-eighties. Since then, the industry has been growing at tremendous rate is shipping more than one billion (1,000,000,000) cards per year (since 1998). The current world population of Smart Cards of some 1. 7 billion is set to increase to 4 billion or more cards within the next 3-4 years.
A survey completed by Card Technology Magazine (http://www. cardtechnology. com) indicated that the industry had shipped more than 1. 5 billion smart cards worldwide in 1999. Over the next five years, the industry will experience steady growth, particularly in cards and devices to conduct electronic commerce and to enable secure access to computer networks. A study by Dataquest in March, 2000, predicts almost 28 million smart card shipments (microprocessor and memory) in the U. S. According to this study, an annual growth rate of 60% is expected for U. S. smart card shipments between 1998 and 2003.
Smart Card Forum Consumer Research, published in early 1999, provides additional insights into consumer attitudes towards application and use of smart cards. The market of smart card is growing rapidly due to its wide range of applications. The worldwide smart cards market forecast in millions of dollars and billions of units as shown in figure 1: 3. CONSTRUCTION OF THE SMART CARD The main storage area in such cards is normally EEPROM (Electrically Erasable Programmable Read-Only Memory), which can have its content updated, and which retains current contents when external power is removed.
Newer Smart Card chips, sometimes, also have math co-processors integrated into the microprocessor chip, which is able to perform quite complex encryption routines relatively quickly. The chip connection is either via direct physical contact or remotely via a contact less electromagnetic interface. Its chip therefore characterizes a Smart Card uniquely; with its ability to store much more data (currently up to about 32,000 bytes) than is held on a magnetic stripe, all within an extremely secure environment.
Data residing in the chip can be protected against external inspection or alteration, so effectively that the vital secret keys of the cryptographic systems used to protect the integrity and privacy of card-related communications can be held safely against all but the most sophisticated forms of attack. The functional architecture of a GSM (Global system of mobile communication) system can be broadly divided into the Mobile Station, the Base Station Subsystem, and the Network Subsystem. Each subsystem is comprised of functional entities that communicate through the various interfaces using specified protocols.
The subscriber carries the mobile station; the base station subsystem controls the radio link with the Mobile Station. The network subsystem, the main part of which is the Mobile services Switching Center, performs the switching of calls between the mobile and other fixed or mobile network users, as well as management of mobile services, such as authentication. Fig 3. 1. 1: Smart Card Construction. Fig 3. 1. 2: Smart Card Construction. Mostly all chip cards are built from layers of differing materials, or substrates, that when brought together properly gives the card a specific life and functionality.
The typical card today is made from PVC, Polyester or Poly carbonate. The card layers are printed first and then laminated in a large press. The next step in construction is the blanking or die cutting. This is followed by embedding a chip and then adding data to the card. In all, there may be up to 30steps in constructing a card. The total components, including software and plastics, may be as many as 12 separate items; all this in a unified package that appears to the user as a simple device. 3. 1 Types of smart cards:
Today, there are basically three categories of Smart Cards – A microprocessor chip can add, delete and otherwise manipulate information in its memory. It can be viewed as a miniature computer with an input/output port, operating system and hard disk. Microprocessor chips are available 8, 16, and 32 bit architectures. Their data storage capacity ranges from 300 bytes to 32,000 bytes with larger sizes expected with semiconductor technology advances. 3. 1. 2 Integrated Circuit (IC) Microprocessor Cards – Fig 3. 1. 1: An Integrated Circuit used in Smart Cards.
Microprocessor cards (generally referred to as “chip cards”) offer greater memory storage and security of data than a traditional magnetic stripe card. Their chips may also be called as microprocessors with internal memory which, in addition to memory, embody a processor controlled by a card operating system, with the ability to process data onboard, as well as carrying small programs capable of local execution. The microprocessor card can add, delete, and otherwise manipulate information on the card, while a memory-chip card (for example, pre-paid phone cards) can only undertake a pre-defined operation.
The current generation of chip cards has an eight-bit processor, 32KB read-only memory, and 512 bytes of random-access memory. This gives them the equivalent processing power of the original IBM-XT computer, albeit with slightly less memory capacity. 3. 1. 2. 1. Uses: These cards are used for a variety of applications, especially those that have cryptography built in, which requires manipulation of large numbers. Very often the data processing power is used to encrypt/decrypt data, which makes this type of card very unique person identification token.
Data processing permits also the dynamic storage management, which enables realization of flexible multifunctional card. Thus, chip cards have been the main platform for cards that hold a secure digital identity. Hence they are capable of offering advanced security mechanism, local data processing, complex calculation and other interactive processes. Most stored-value cards integrated with identification, security and information purposes are processor cards. Some examples of these cards are – * Cards that hold money (“stored value cards”) Card that hold money equivalents (for example, “affinity cards”) * Cards that provide secure access to a network * Cards that secure cellular phones from fraud * Cards that allow set-top boxes on televisions to remain secure from piracy 3. 1. 3 Integrated Circuit (IC) Memory Cards – Memory cards can just store data and have no data processing capabilities. These have a memory chip with non-programmable logic, with storage space for data, and with a reasonable level of built-in security. IC memory cards can hold up to 1 – 4 KB of data, but have no processor on the card with which to manipulate that data.
They are less expensive than microprocessor cards but with a corresponding decrease in data management security. They depend on the security of the card reader for processing and are ideal when security requirements permit use of cards with low to medium security and for uses where the card performs a fixed operation. There is also a special type memory cards called the Wired Logic (or Intelligent Memory) cards, which contain also some built-in logic, usually used to control the access to the memory of the card. 3. 1. 3. 1 Uses:
Memory cards represent the bulk of the Smart Cards sold primarily for pre-paid, disposable-card applications like pre-paid phone cards. These are popular as high-security alternatives to magnetic stripe cards. 3. 1. 4 Optical Memory Cards – Optical memory cards look like a card with a piece of a CD glued on top – which is basically what they are. Optical memory cards can store up to 4 MB of data. But once written, the data cannot be changed or removed. 3. 1. 4. 1 Uses: Thus, this type of card is ideal for record keeping – for example medical files, driving records, or travel histories. 3. 1. Fundamentals of Card Operation: Today’s Smart Cards need electrical power from outside, plus a way for data to be read from, and sometimes to be transmitted to, the chip. They interact with an “accepting device”, usually known as a card reader, which exchanges data with the card and usually involves the electronic transfer of money or personal information. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader. There are two general categories of Smart Cards: Contact and Contactless Smart Cards. Fig 3. 1. 5. 1: Contact Smart Card. The contact Smart Card has a set of gold- plated electrical contacts embedded in the surface of the plastic on one side. It is operated by inserting the card (in the correct orientation) into a slot in a card reader, which has electrical contacts that connect to the contacts on the card face thus establishing a direct connection to a conductive micro module on the surface of the card. This card has a contact plate on the face, which is a small gold chip about 1/2” in diameter on the front, instead of a magnetic stripe on the back like a “credit card”.
When the card is inserted into a Smart Card reader, it makes contact with an electrical connector for reads and writes to and from the chip it is via these physical contact points, that transmission of commands, data, and card status takes place. Such a card is traditionally used at the retail point of sale or in the banking environment or as the GSM SIM card in the mobile ‘phone. Fig 3. 1. 5. 2: Contactless Smart Card (This diagram shows the top and bottom card layers which sandwich the antenna/chip module. ) A contactless Smart Card looks just like a plastic “credit card” with a computer chip and an antenna coil embedded within the card.
This antenna allows it to communicate with an external antenna at the transaction point to transfer information. The antenna is typically 3 – 5 turns of very thin wire (or conductive ink), connected to the contactless chip. This aerial coil of the antenna is laminated into the card and allows communication even whilst the card is retained within a wallet or handbag. The same activation method applies to watches, pendants, baggage tags and buttons. Thus no electrical contacts are needed and it is therefore called as “contactless”.
Such Smart Cards are used when transactions must be processed quickly, as in mass-transit toll collection or wherever the cardholder is in motion at the moment of the transaction. Close proximity, typically two to three inches for non-battery powered cards (i. e. an air-gap of up to 10cms) is required for such transactions, which can decrease transaction time while increasing convenience as both the reader and the card have antenna and it is via this contactless link that the two communicate. Most contactless cards also derive the internal chip power source from this electromagnetic signal.
Radio frequency technology is used to transmit power from the reader to the card. Two new categories, derived from the contact and contactless cards are combi cards and hybrid cards. A hybrid Smart Card has two chips, each with its respective contact and contactless interface. The two chips are not connected, but for many applications, this Hybrid serves the needs of consumers and card issuers. Fig 3. 1. 5. 3: Combi Card (This shows both the contact and contactless elements of the card. ) The combi card (also known as the dual-interface card) is a card with both contact and contactless interfaces.
With such a card, it becomes possible to access the same chip via a contact or contactless interface, with a very high level of security. It may incorporate two non-communicating chips – one for each interface – but preferably has a single, dual-interface chip providing the many advantages of a single e-purse, single operating architecture, etc. The mass transportation and banking industries are expected to be the first to take advantage of this technology. 4. SMART CARD APPLICATION The self-containment of Smart Card makes it resistant to attack, as it does not need to depend upon potentially vulnerable external resources.
Because of the security and data storage features, Smart Cards are rapidly being embraced as the consumer token of choice in many areas of the public sector and commercial worlds and are often used in different applications, which require strong security protection and authentication. Many of the applications of Smart Cards require sensitive data to be stored in the card, such as biometrics information of the card owner, personal medical history, and cryptographic keys for authentication, etc. Smart Cards are being deployed in most sectors of the public and private marketplaces.
Here are some popular application areas where Smart Cards are being used in today’s world: * Loyalty * Financial * Information Technology * Government * Healthcare * Telephony * Mass Transit * Identification on Internet 4. 1 Some of the major applications of the Smart Cards, as seen around the world, are: * There are over 300,000,000 GSM mobile telephones with Smart Cards, which contain the mobile phone security and subscription information. The handset is personalized to the individual by inserting the card, which contains its phone number on the network, billing information, and frequently call numbers. Various countries with national health care programs have deployed Smart Card systems. The largest is the German solution which deployed over 80,000,000 cards to every person in Germany and Austria. * There are over 100 countries worldwide who have reduced or eliminated coins from the pay phone system by issuing Smart Cards. Germany, France, UK, Brazil, Mexico, and China have major programs. * Almost every small dish TV satellite receiver uses a Smart Card as its removable security element and subscription information. They are used as a credit/debit bankcard, which allows them for off-line transactions and store the credit and debit functions of financial institutions. * They can be used in retail loyalty schemes and corporate staff systems. Other applications for Smart Cards include computer/internet user authentication and non-repudiation, retailer loyalty programs, physical access, resort cards, mass transit; mass transit ticketing schemes, electronic toll, product tracking, national ID, driver’s license, pass ports, and the list goes on. . 2 Automating Transportation Services: With billions of transport transactions occurring each day, Smart Cards have easily found a place in this rapidly growing market. A few of the numerous examples of Smart Cards in transportation are: * Mass Transit Ticketing – Using contactless Smart Cards allows a passenger to ride several buses and trains during his daily commute to work while not having to worry about complex fare structures or carrying change. * Urban Parking – You don’t need to carry the correct change anymore… ust a prepaid contact Smart Card. * Electronic Toll Collection – As you drive through the toll gate of a bridge, a Smart Card, inserted into an RF transponder within your car, electronically pays the toll; without you ever stopping! * Airline Application – Your frequent flyer miles are added onto your airline Smart Card as your ticket is removed from it at the gate, eliminating paperwork! 4. 3 Internet: The role of the Internet has developed to include the support of electronic commerce. It was designed for the free exchange of information, and as such, t is a rich supply of academic, product and service information. But how does an Internet shopper go from looking at the product to actually buying it? The Smart Card is the ideal support for payment over the Internet, whether in cash or as credit. However, the Internet shopper needs to connect his smart payment card to his computer and through the computer to the Internet. Smart Card readers are inexpensive, low-power devices which can be easily added to existing computers. The additional cost of building them into future computers or peripherals is extremely low.
The Internet is focusing the need for online identification and authentication between parties who cannot otherwise know or trust each other, and Smart Cards are believed to be the most efficient way of enabling the new world of e-trade. Smart Cards can act as an identification card, which is used to prove the identity of the cardholder. Besides using Smart Cards for payment over the Internet, the possibilities are endless like carrying your favorite addresses from your own personal computer to your friend’s Network Computer and downloading your airline ticket and boarding passes, telepayments of the goods purchased online and such others. . SMART CARD TERMS AND CONCEPTS 5. 1 Memory Management Smart card is a device with major hardware constraints: low-power CPU, low data rate serial I/O, little memory etc. Today, card technology utilizes 8 bit processors (mainly of the 6805 or 8051 family) whose memory sizes are about a few tens of kilobytes (Urien, 2000), typically 1-4 kb RAM (Random Access Memory), 32-128 kb ROM (Read Only memory) and 32-64 kb EEPROM (Electrically Erasable Programmable Read Only Memory) at least, with options on FLASH and FRAM (Ferroelectric Random Access Memory) as well.
As the demand for smart cards matures the standard memory of 32 or 64 Kbytes can prove a serious limitation. A solution to this is to look at some of the design issues and techniques to incorporate multiple memory chips in a single smart card. Gemplus had already produced a twin card, incorporating two unconnected chips in a single card. Other approaches include the use of PC in conjunction with smartcard. For instance, Blaze (1996) proposes the use of a powerful PC with a smart card for symmetric key encryption because the PC provides higher encryption bandwidth.
Table 1 below shows storage capacity needed for various communication rates. | Communication rate| Storage capacity| P C (Pentium IV)| 120 Mbps | 10 K Bytes| Standard smart card| 9600 bps | 64 K Bytes | Multiple chip card| 20 Mbps | 224 M Bytes | Table 5. 1. 1: Communication rate and storage capacity According to Junko (2002), the EEPROM used in current smart cards is reaching its scalability limits, particularly for smart card devices built in 0. 13-micron technology and beyond. For this reason, companies like Philips agree on the need for alternative non-volatile memory for future smart cards.
Currently Philips is leaning toward magnetic RAM as an alternative to EEPROM. Another important application that requires memory management is the application of biometrics. The use of biometrics within the card itself will mean that biometric features (fingerprint, retina, voice etc) can reliably identify a person. With enhancement in memory system, it will soon be possible to authorize the use of electronic information in smart card using a spoken word. The use of some of these features has already been implemented in many applications. Malaysia’s national ID, for instance, is a multipurpose smart card with a fingerprint biometric.
The card is first of its kind in the world as it combines many applications such as driving license, passport, healthcare, and non-government applications such as an e-purse. (See http://www. jpn. gov. my/ or www. iris. com. my for details). Table 2 below gives the required bytes for various biometrics. Additional information about biometric technology and standards can be found from the following organizations: The Biometric Consortium (www. biometrics. org), International Biometric Industry Association (www. ibia. rg), or Bio API Consortium (www. iapi com) Biometric| Bytes Required|
Finger scan| 300-1200| Finger geometry| 14| Hand geometry| 9| Iris recognition| 512| Voice verification| 1500| Face recognition| 500-1000| Signature verification| 500-1000| Retina recognition| 96| Table 5. 1. 2 Required Bytes for Biometrics 5. 2 Security Issues Security is always a big concern for smart cards applications. This naturally gives rise to the need for reliable, efficient cryptographic algorithms. We need to be able to provide authentication and identification in online-systems such as bank machine and computer networks, access control and the like.
Currently such facilities allow access using a token; however, it is vital that the holder of the token be the legitimate owner or user of the token. As smart card is handicapped or highly restricted in their input/output (unable to interact with the world without outside peripherals), this leads to the involvement of many parties in its applications. Some of the parties involve: Cardholder, Data Owner, Card Issuer, Card Manufacturer, Software Manufacturer, and Terminal Owner as mentioned in (Schneier, 1999).
It is there for essential to ensure that none of the above mentioned parties is threat to one another. To achieve this, there is need for further investigation in the design and analysis of smart card authentication and identification protocols. For this reason, Gobioff (1996) proposes that smart cards be equipped with “additional I/O channels” such as buttons to alleviate these shortcomings. Further, there are numerous intrusion techniques able to tamper with smart cards and other similar temper-resistant devices as presented in (Anderson, 1997).
This also indicates the need for effective intrusion detection/prevention techniques. 5. 3 Open Architecture Existing smart card standards leave vendors too much room for interpretation. To achieve wider implementation, there is need for an open standard that provides for inter-operable smart cards solutions across many hardware and software platforms. Open Platform, as defined by Global Platform (www. GlobalPlatform. org) is a comprehensive system architecture that enables the fast and easy development of globally interoperable smart card systems.
It comprises three elements; card, terminal and systems, each of which may include specifications, software and/or chip card technology. Together these components define a secure, flexible, easy to use smart card environment. Development environment in use today include; Java, Visual C, Visual Basic, C++, and the like. The development of standards like GSM, EMV, CEPS, PC/SC, OCF, ITSO and IATA 791 represents an opportunity for manufacturers to produce products on an economic scale and give stability to systems designers. According to a report by Data card Group (White paper version1. ), True ‘open’ smart cards will have the following characteristics: * They will run a non-proprietary operating system widely implemented and supported. * No single vendor will specify the standards for the operating system and the card’s use. * The cards will support a high-level application programming language (e. g. , Java, C++) so issuers can supply and support their own applications as well as applications from many other vendors. * Applications can be written and will operate on different vendor’s multi-application smart cards with the same API (Application Programming Interface).
To overcome the problem of lack of standardization, U. S. organizations have developed an add-on piece of smart card software meant to overcome communication problems between chip cards and readers from different vendors. They would like to see this technology, which they call a “card capabilities container,” used worldwide, making it an industry standard that would allow U. S. agencies to buy cards and readers from many vendors, sure that they would work together (Cathy, 2002).
Another move is the development of a new organization called Smart Card Alliance, formed by Smart Card Industry Association (SCIA) and Smart Card Forum (SCF) to act as a single voice for the US smart card industries. Even in biometrics, each vendor has its own methods for enrolling individuals and later checking someone’s identity against the stored image. However, there are efforts underway to create biometric standards, largely driven by the U. S. government. In a major step, the American National Standards Institute approved Bio API as a standard way for biometric devices to exchange data with ID applications.
ANSI now is preparing to propose Bio API to ISO for adoption as an international standard (Donald, 2002). 5. 3. 1 Operating Systems Today’s smart card operating systems and application frameworks are intrinsically local and mono application. Moreover, smartcard communicates with the outside world through a serial link. As the chip has a single bi-directional I/O pin, this link can only support haft-duplex protocol. The majority of chips work at the speed of 9600 baud, although the ISO standard 7816 has defined a maximum data rate of 230400 baud.
A new type of SPOM (Self-Programmable One-Chip Microcomputer), named ISO/USB has been introduced in 1999; it provides a direct connection between a SPOM and the terminal via an USB port (Urien, 2000). According to USB specification, a data throughput from 1. 2 to 12 Mbits/s may be obtained between the chip and the terminal. The vision of smart card as an application platform rather than a simple security token is a paradigm shift for smartcard operating systems.
According to Jurgensen (2002), the current operating system model cannot completely support the needs or the vision of Universal Integrated Circuit Card (UICC). The move is now towards the development of Next Generation Smart Card Operating Systems (COSng), which will be able to handle multi-applications and support future requirements. 5. 4 Performance Performance and speed are very important factors that need to be considered in most smart card application.
To achieve this, transistor scaling or the reduction of the gate length (the size of the switch that turns transistors on and off), must be taken into consideration. This idea not only improves the performances of chips but also lowers their manufacturing cost and power consumption per switching event. Recently, IBM have built a working transistor at 6 nano meters in length which is per beyond the projection of The Consortium of International Semiconductor Companies that transistors have to be smaller than 9 nano meters by 2016 in order to continue the performance trend.
The ability to build working transistors at these dimensions could allow developers to put 100 times more transistors into a computer chip than is currently possible. The IBM results will lead to further research into small, high-density silicon devices and allow scientists to introduce new structures and new materials. Details are available from IBM Research News 9thDecember 2002, available online: http://www. research. ibm. com/. 5. 5 Reader Requirements As the needs and uses of smart card increases, the need for a Smart Card reader that is not portable, small or light, but also easy to connect and access has arrived.
However, some developers like “Browns” (http://www. brownsbox. com/) believe that the need for a reader is a problem, meaning extra expenditure, and, when working with a laptop, is a waste of a port. In view of this, an approach toward a device that can be attached to a PC (internally or externally) has arrived. To solve this problem, Browns developed a method that turns a floppy disk drive into a smart card reader. Another popular approach in Europe is the smarty smartcard reader/writer the size of a 3. 5-inch diskette by Smart Disk Corp.
The device does not require a serial, parallel, or USB port, instead it works directly from a diskette drive. Smarty supports all smart card a protocol, including ISO 7816 and it works under different operating systems. Details are available from: http://www. smartcomputing. com/. This idea of smart diskette was initially proposed by Paul (1989) as shown in figure 3. A similar approach involves the development of keyboard with integrated card reader, and/or keyboard with integrated fingerprint sensor and card reader by “Cherry”(http://www. accesskeyboards. co. uk/cherry. tm). 5. 6 Portability As mentioned earlier, portability or convenience of handling is one of the most important characteristics of smart cards. Since the smartness of smart card relies on the integrated circuit embedded in the plastic card, it is possible that the future smart cards might look like other everyday objects such as rings, watches, badges, glasses or earring because that same electronic function could be performed by embedding it in these objects. What remain is for developers and researchers to look into the best way of implementing it if the need arises. 6.
SMART CARD VS BIOMETRIC One of the primary reasons that smart cards exist is for security. The card itself provides a computing platform on which information can be stored securely and computations can be performed securely. Consequently, the smart card is ideally suited to function as a token through which the security of other systems can be enhanced. Most of today’s systems need proper user authentication/identification as it is a crucial part of the access control that makes the major building block of any system’s security. Three methods are currently in use: what the user has (e. . smart card), what the user knows (e. g. password), and what the user is (biometrics). Each of these methods has its own merits and demerits especially when used alone. When a single method is used, we believe smartcard is the best choice. Passwords can easily be forgotten, attacked, and guessed. Similarly, biometric schemes alone are not good enough to ensure user authentication, as they are also vulnerable to attacks. First, we look into some of the benefits in using biometric schemes and then analyze some of their limitations.
The primary advantage of biometric authentication methods over other methods of user authentication is that they use real human physiological or behavioral characteristics to authenticate users. These biometric characteristics are (more or less) permanent and not changeable. It is also not easy (although in some cases not principally impossible) to change one’s fingerprint, iris or other biometric characteristics. Further, most biometric techniques are based on something that cannot be lost or forgotten.
This is an advantage for users as well as for system administrators because the problems and costs associated with lost, reissued or temporarily issued tokens/cards/passwords can be avoided, thus saving some costs of the system management. However, as reported in (Luca 2002), the major risk posed by the use of biometric systems in an authentication process is that a malicious subject may interfere with the communication and intercept the biometric template and use it later to obtain access. Likewise, an attack may be committed by generating a template from a fingerprint obtained from some surface.
Further, performance of biometric systems is not ideal. Biometric systems still need to be improved in terms of accuracy and speed. Biometric systems with the false rejection rate under 1% (together with a reasonably low false acceptance rate) are still rare today. Although few biometric systems are fast and accurate (in terms of low false acceptance rate) enough to allow identification (automatically recognizing the user identity), most of current systems are suitable for the verification only, as the false acceptance rate is too high. Moreover, not all users can use any given biometric system.
People without hands cannot use fingerprint or hand-based systems. Visually impaired people have difficulties using iris or retina based techniques. Some biometric sensors (particularly those having contact with users) also have a limited lifetime. While a magnetic card reader may be used for years (or even decades), the optical fingerprint reader (if heavily used) must be regularly cleaned and even then the lifetime need not exceed one year. Biometric data are not considered to be secret and security of a biometric system cannot be based on the secrecy of user’s biometric characteristics.
The server cannot authenticate the user just after receiving his/her correct biometric characteristics. The user authentication can be successful only when user’s characteristics are fresh and have been collected from the user being authenticated. This implies that the biometric input device must be trusted. Its authenticity should be verified (unless the device and the link are physically secure) and user’s likeness would be checked. The input device also should be under human supervision or tamper-resistant. The fact hat biometric characteristics are not secret brings some issues that traditional authentication systems need not deal with. Many of the current biometric systems are not aware of this fact and therefore the security level they offer is limited. User’s privacy may be violated by biometric schemes. Biometric characteristics are sensitive data that may contain a lot of personal information. The DNA (being the typical example) contains (among others) the user’s preposition to diseases. This may be a very interesting piece of information for an insurance company.
The body odour can provide information about user’s recent activities. It is also mentioned in (Jain, 1999) that people with asymmetric fingerprints are more likely to be homosexually oriented, etc. Use of biometric systems may also imply loss of anonymity. While one can have multiple identities when authentication methods are based on something the user knows or has, biometric systems can sometimes link all user actions to a single identity. Furthermore, biometric systems can potentially be quite troublesome for some users. These users find some biometric systems intrusive or personally invasive.
In some countries people do not like to touch something that has already been touched many times (e. g. , biometric sensor), while in some countries people do not like to be photographed or their faces are completely covered. Lack of standards may also poses a serious problem. Two similar biometric systems from two different vendors are not likely to interoperate at present. Although good for user authentication, biometrics cannot be used to authenticate computers or messages. Biometric characteristics are not secret and therefore they cannot be used to sign messages or encrypt documents and the like.
On the other hand, smart cards provide tamper- resistant storage for protecting private keys, account numbers, passwords, and other forms of personal information. Smart cards can also serve to isolate security-critical computations involving authentication, digital signatures, and key exchange from other parts of the system that do not have a “need to know. ” In addition, smart cards provide a level of portability for securely moving private information between systems at work, home, or on the road. A better approach for the usage of biometrics is to combine biometrics with smartcards.
The advantages of this may include: all attributes of the smartcards will be maintained, counterfeiting attempts are reduced due to enrolment process that verifies identity and captures biometrics. It will be extremely secure and provide excellent user-to-card authentication. 7. THREATS TCG does not really address security from a user point of view; as the model is centered on platforms. User identification and authentication mechanisms, including owner, are rather rudimentary. Basically, proof of knowledge of a secret value shared between the owner and the TPM is proof of ownership.
In the case of the owner proof of knowledge is even proof of identity. To some extent, the pair (object UUID, Authorization Data) corresponds to a capability associated to a TPM-protected object. Threats are actually similar to those applying to capability-basedmodels. For example, the access authorization to a TPM-protected object is given very early, when the authorization data is associated to the object and not when the access is attempted. But more important authentication data can be freely duplicated and the user has to find some way to protect them.
Like for every sensitive piece of information the key issue with authorization data is storage protection. Because it is impossible for an operator to remember a 20-byte random value, most of the TPM administration products available today implement a simple password-based technique. The authentication data Auth Data is computed from a password value using SHA-1 hash algorithm. Auth Data= SHA( password)Of course, all the well-known weaknesses of password-based authentication apply to such a mechanism: • One-factor only authentication, • Easy to guess, subject to dictionary attacks, Easy to snoop, visible in the clear when keyed or transmitted to the verifying party, • Easy to lose and forget, • Easy to write down and to share with others This type of implementation is so common that TPM manufacturers had to implement countermeasures like lockout or response degradation in order to protect from dictionary types of attacks. Another natural solution would be to securely store the authorization data directly on the platform hard drive. This type of solution is considered subject to attacks  and raises a lot of side issues.
For example, the authorization data must be stored on an opaque container that is generally protected by a password and hence prone to dictionary attacks. Outside of the platform owner, who just plays an administrative role, regular platform users have also to be taken into account. In every day operations, platforms interact with users and user identity is a critical piece of the security and trust puzzle. For that matter all platform operating systems implement user identification and authentication mechanisms.
How users fit in this picture is not completely in the scope of TCG specification. As a consequence, authentication data are not assigned to specific users. Even though this is not a threat in itself, there is lot of practical cases where TPM-protected keys have to be assigned to specific users only. For example, the file encryption keys used by one user on a platform must be kept separated from the other platform users. 8. SMART CARD-BASED USER AUTHENTICATION Smart card-based authentication is a first step towards the TPM and-smartcard cooperative model introduced in section 2.
The principle is to use a smart card during the execution of the user side of the TCG authorization protocols. The most critical piece of information in TCG authorization protocol is the Authorization Data that is either stored locally on the platform or computed from an external seed secret such as password. This model raises many issues. Since smart cards another hardware tokens, are used to address this type of user authentication issues in environments like corporate IT or banking, smart card-based authentication can be the answer to the threats identified in section 3. 4.
For instance, as smart cards are physically secure and cannot beckoned, the duplication of an authorization data becomes impossible. Likewise, smart cards allow the usage of truly random authorization data, offering a particularly efficient protection against a dictionary attack. To offer a higher protection level, access to the authorization data can be protected by a Personal Identification Number (PIN). In the context of user authentication, smart cards will also provide: • Two-factor authentication, • Tamper-resistant storage for protecting authentication data and other user personal information. Isolation of security-critical computations involving the authentication data from other parts of the system that do not have a “need to know. ” • Portability of credentials and other private information between computers. But the integration of smart cards within TCG authorization protocols has an impact in terms of smart cards capabilities. 8. 1 Smart cards requirements In a smart card-based authentication scheme, the smart card will be primarily used to physically protect the Authorization Data. This means that the smart card must be able to: 1.
Store the Authorization Data, 2. Process the user side of the authorization protocol computation that requires the Authorization Data. Storing the Authorization Data in a smart card presents no particular difficulty. Every smart card, including the most basic one like simple memory card, has the capability to store a 20-bytevalue. On another hand, how much of the authorization protocol can be processed by a smart card is directly linked with the card cryptographic capabilities. In order to perform the entire user side of the protocol a smart card will have to be able to: Generate random values, • Compute a shared secret using a SHA-1-based HMAC, • Compute and verify authentication values using SHA-1 andSHA-1-based HMAC operations, • Encrypt authentication data using a XOR Most of cryptographic smart cards today have robust Random Number Generator and support SHA-1 in native mode, but smartcards offering HMAC in native mode are less common. A solutions to simply implement a Java Card applet providing these features. Following sections describe three, incrementally secure, possible implementation of smart card-based authentication. . 2 Importance of Smartcards to Computer Security 8. 2. 1 Importance of Smartcards as a Design Mechanism for Computer Networks This section highlights the fundamental security challenges that face us in this increasingly computer network oriented world, and how smartcards can provide key advantages towards security. 8. 2. 2 Fundamental Security Challenges Because computers and networks are becoming so central to our lives in this digital age, many new security challenges are arising. This is the era of full connectivity, both electronically and physically.
Smartcards can facilitate this connectivity and other value added capabilities, while providing the necessary security assurances not available through other means. On the Internet, smartcards increase the security of the building blocks Authentication, Authorization, Privacy, Integrity, and Non-Repudiation. Primarily, this is because the private signing key never leaves the smartcard so it’s very difficult to gain knowledge of the private key through a compromise of the host computer system. In a corporate enterprise system, multiple disjointed systems often have their security based on different technologies.
Smartcards can bring these together by storing multiple certificates and passwords on the same card. Secure email and Intranet access, dial-up network access, encrypted files, digitally signed web forms, and building access are all improved by the smartcard. In an Extranet situation, where one company would like to administer security to business partners and suppliers, smartcards can be distributed which allow access to certain corporate resources. The smartcard’s importance in this situation is evident because of the need for the strongest security possible when permitting anyone through the corporate firewall and proxy defenses.
When distributing credentials by smartcard, a company can have a higher assurance that those credentials cannot be shared, copied, or otherwise compromised. 8. 2. 3 The Smartcard Security Advantage Some reasons why smartcards can enhance the security of modern day systems are: 8. 2. 3. 1 PKI is better than passwords – smartcards enhance PKI Public Key Infrastructure systems are more secure than password based systems because there is no shared knowledge of the secret. The private key need only be known in one place, rather than two or more.
If the one place is on a smartcard, and the private key never leaves the smartcard, the crucial secret for the system is never in a situation where it is easily compromised. A smartcard allows for the private key to be usable and yet never appear on network or in the host computer system. 8. 2. 3. 2 Smartcards Increase the Security of Password Based Systems Though smartcards have obvious advantages for PKI systems, they can also increase the security of password based systems. One of the biggest problems in typical password systems is that users write down their password and attach it to their monitor or keyboard.
They also tend to choose weak passwords and share their passwords with other people. If a smartcard issued to store a user’s multiple passwords, they need only remember the PIN to the smartcard in order to access all of the passwords. Additionally, if a security officer initializes the smartcard, very strong passwords can be chosen and stored on the smartcard. The end user need never even know the passwords, so that they can’t be written down or shared with others. 8. 2. 3. 3 Two Factor Authentication, and more Security systems benefit from multiple factor authentications.
Commonly used factors are: Something you know, something you have, something you are, and something you do. Password based systems typically use only the first factor, something you know. Smartcards add an additional factor, something you have. Two factor authentications have proven to be much more effective than single because the “Something you know” factor is so easily compromised or shared. Smartcards can also be enhanced to include the remaining two features. Prototype designs are available which accept a thumbprint on the surface of the card in addition to the PIN in order to unlock the services of the card.
Alternatively, thumbprint template, retina template, or other biometric information can be stored on the card, only to be checked against data obtained from a separate biometric input device. Similarly, something you do such as typing patterns, handwritten signature characteristics, or voice inflection templates can be stored on the card and be matched against data accepted from external input devices. 8. 2. 3. 4 Portability of Keys and Certificates Public key certificates and private keys can be utilized by web browsers and other popular software packages but they in some sense identify the workstation rather than the user.
The key and certificate data is stored in a proprietary browser storage area and must be export/imported in order to be moved from one workstation to another. With smartcards the certificate and private key are portable, and can be used on multiple workstations, whether they are at work, at home, or on the road. If the lower level software layers support it, they can be used by different software programs from different vendors, on different platforms, such as Windows, UNIX, and Mac. 8. 2. 3. 5 Auto-disabling PINs Versus Dictionary Attacks
If a private key is stored in a browser storage file on a hard drive, it is typically protected by password. This file can be “dictionary attacked” where commonly used passwords are attempted in a brute force manner until knowledge of the private key is obtained. On the other hand, a smartcard will typically lock itself up after some low number of consecutive bad PIN attempts, for example 10. Thus, the dictionary attack is no longer a feasible way to access the private key if it has been securely stored on a smartcard. 8. 2. 3. 6 Non Repudiation
The ability to deny, after the fact, that your private key performed a digital signature is called repudiation. If, however, your private signing key exists only on a single smartcard and only you know the PIN to that smartcard, it is very difficult for others to impersonate your digital signature by using your private key. Many digital signature systems require “hardware strength on Repudiation”, meaning that the private key is always protected within the security perimeter of hardware token and can’t be used without the knowledge of the proper PIN.
Smartcards can provide hardware strength Non Repudiation. 8. 2. 3. 7 Counting the Number of Private Key Usages So many of the important things in our lives are authorized by our handwritten signature. Smartcard based digital signatures provide benefits over handwritten signatures because they are much more difficult to forge and they can enforce the integrity of the document through technologies such as hashing. Also, because the signature is based in a device that is actually a computer, many new benefits can be conceived of.
For example, a smartcard could count the number of times that your private key was used, thus giving you an accurate measure of how many times you utilized your digital signature over a given period of time. Figure 8. 2. 3. 7. 1: Smartcard Electrical Contacts Table 8. 2. 3. 7. 2 : Description of Contacts POSITION TECHNICAL ABBREVIATION FUNCTION C1 VCC Supply Voltage C2 RST Reset C3 CLK Clock Frequency C4 RFU Reserved for future use C5 GND Ground C6 VPP External programming voltage C7 I/O Serial input/output communications C8 RFU Reserved for future use 9.
SMART CARD ENABLED PRODUCTS This section lists popular security products and explains how smartcards can be used to enhance their security. 9. 1Web Browsers (SSL, TLS) Web browsers use technology such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to provide security while browsing the World Wide Web. These technologies can authenticate the client and/or server to each other and also provide an encrypted channel for any message traffic or file transfer. The authentication is enhanced because the private key is stored securely on the smartcard.
The encrypted channel typically uses a symmetric cipher where the encryption is performed in the host computer because of the low data transfer speeds to and from the smartcard. Nonetheless, the randomly generated session key that is used for symmetric encryption is wrapped with the partner’s public key, meaning that it can only be unwrapped on the smartcard. Thus it is very difficult for an eavesdropper to gain knowledge of the session key and message traffic. 9. 2 Secure Email (S/MIME, Open PGP) S/MIME and Open PGP allow for email to be encrypted and/or digitally signed.
As with SSL, smartcards enhance the security of these operations by protecting the secrecy of the private key and also unwrapping session keys within a security perimeter. 9. 3 Form Signing Web based HTML forms can be digitally signed by your private key. This could prove to be a very important technology for internet based business because it allows for digital documents to be hosted by web servers and accessed by web browsers in a paperless fashion. Online expense reports, W-4 forms, purchase requests, and group insurance forms are some examples.
For form signing, smartcards provide portability of the private key and certificate as well as hardware strength non repudiation. 9. 4Object Signing If an organization writes code that can be downloaded over the web and then executed onclient computers, it is best to sign that code so the clients can be sure it indeed came from areputable source. Smartcards can be used by the signing organization so the private key can’tbe compromised by a rogue organization in order to impersonate the valid one. 9. 5 Kiosk / Portable Preferences
Certain applications operate best in a “kiosk mode” where one computer is shared by a number of users but becomes configured to their preferences when they insert their smartcard. The station can then be used for secure email, web browsing, etc. and the private key would never leave the smartcard into the environment of the kiosk computer. The kiosk can even be configured to accept no mouse or keyboard input until an authorized user inserts the proper smartcard and supplies the proper PIN. 9. 6 File Encryption
Even though the 9600 baud serial interface of the smartcard usually prevents it from being a convenient mechanism for bulk file encryption, it can enhance the security of this function. If a different, random session key is used for each file to be encrypted, the bulk encryption can be performed in the host computer system at fast speeds and the session key can then be wrapped by the smartcard. Then, the only way to easily decrypt the file is by possessing the proper smartcard and submitting the proper PIN so that the session key can be unwrapped. 9. 7 Workstation Logon
Logon credentials can be securely stored on a smartcard. The normal login mechanism of the workstation, which usually prompts for a username and password, can be replaced with one that communicates to the smartcard. 9. 8 Dialup Access (RAS, PPTP, RADIUS, TACACS) Many of the common remote access dial-up protocols use passwords as their security mechanism. As previously discussed, smartcards enhance the security of passwords. Also, as many of these protocols evolve to support public key based systems, smartcards can be used to increase the security and portability of the private key and certificate. . 9 Payment Protocols (SET) The Secure Electronic Transactions (SET) protocol allows for credit card data to be transferred securely between customer, merchant, and issuer. Because SET relies on public key technology, smartcards are a good choice for storage of the certificate and private key. 9. 10 Digital Cash Smartcards can implement protocols whereby digital cash can be carried around on smartcard. In these systems, the underlying keys that secure the architecture never leave the security perimeter of hardware devices.
Mondex, VisaCash, EMV ( Europay-Mastercard-Visa), and Proton are examples of digital cash protocols designed for use with smartcards. 9. 11 Building Access Even though the insertion, processing time, and removal of a standard smartcard could be a hassle when entering a building, magnetic stripe or proximity chip technology can be added to smartcards so that a single token provides computer security and physical access. 10. PROBLEM WITH SMART CARD Even though smartcards provide many obvious benefits to computer security, they still haven’t caught on with great popularity in countries like the United States.
This is not only because of the prevalence, infrastructure, and acceptability of magnetic stripe cards, but also because of a few problems associated with smartcards. Lack of a standard infrastructure for smartcard reader/writers is often cited as a complaint. The major computer manufactures haven’t until very recently given much thought to offering a smartcard reader as a standard component. Many companies don’t want to absorb the cost of outfitting computers with smartcard readers until the economies of scale drive down their cost.
In the meantime, many vendors provide bundled solutions to outfit any personal computer with smartcard capabilities. Lack of widely adopted smartcard standards is often cited as a complaint. The number of smartcard related standards is high and many of them address only a certain vertical market or only a certain layer of communications. This problem is lessening recently as web browsers and other mainstream applications are including smartcards as an option. Applications like these are helping to speed up the evolution of standards. 11.
FUTURE WORK Different usage scenario can be defined to explore additional synergies between TPM and smart cards. For example, a MIS department orders trusted platforms from their favorite PC manufacturer. The machines are configured and personalized according to the end-user profile, following the corporate policies. The MIS representatives possess a specific smart card, the owner card, which is used for trusted platforms initialization and maintenance. During the initialization process the user smart card is created for the platform end-user.
This card stores the user secrets and credentials, to be used during the processing of security functions like digital signature of documents. Our scenario provides features to securely share the TPM among several users. Each user owns a dedicated Protected Storage Tree under the Storage Root Key (SRK), protected by local User Root Keys (URK). The first phase in the trusted platform life cycle will be the initialization of the TPM. During this step, the corporation, through the MIS department, will “take ownership” of the TPM.
This phase covers the loading of secrets into the TPM, the creation of a root storage key, but also the generation of a smart card that will be given to the main platform user. During this process a URK can be created for the first user, secured by the SRK, and then user keys can be generated under the URK. These keys will be used to generate quotes for a given user. The platform is then given to the main end-user, who also receives a user smart card. 12. CONCLUSION Most of the smart card systems in use today serve one purpose and are related to just one process or is hardwired to only one application.
A smart card cannot justify its existence in this respect. The approach of future smart card is therefore towards designing multi-application card with own operating system based on open standard that can perform a variety of functions. It must be configurable and programmable and it must be able to adapt to new situations and new requirements especially in areas such as security, memory management, and operating system. Most of smart card application methods today rely on the fact that the code of functions to be performed should be imported by card operating system from an outside server.
This approach is quite weak with regards to security. It is, therefore, important t