Report on Smart Cards

7/27/2019 Report on Smart Cards

1/14

1. INTRODUCTION

In the last decade, smart cards evolved from basic memory cards to complex systems on chipswith expanding processing power. This has opened the avenue to many applications such asfinancial transactions, e-commerce, physical access control, health, and transportation services.

The smart card, an intelligent token, is a credit card sized plastic card embedded with anintegrated circuit chip.

It provides not only memory capacity, but computational capability as well. A smart card usuallyconsists of a ROM or flash memory, EEPROM and a CPU. Access to data stored on the card isunder the control of the smart card operating system. The card operating system not only makesthe smart card secure for access control, but can also store a private key for a public key

infrastructure system.

Lately, the industry has come up with 32-bit smart card processors having more than 400Kbytesof EEPROM, and a memory management and protection unit serving as a hardware firewall. Thishardware firewall enables secure separation of adjacent applications, as well as being the basisfor secure downloading of applications.

The self-containment of smart card makes it resistant to attack as it does not need to dependupon potentially vulnerable external resources. Because of this characteristic, smart cards areoften used in several applications which require strong security protection and authentication. Inaddition to information security, smart cards achieve greater physical security of services andequipments, because a smart card restricts access to all but authorized users.

Furthermore, the smart card can be used as a credit/debit bank card which allows it to be usedeffectively in e-commerce applications. The multi-application smart card, along with the adventof open platform smart card operating systems, brings the only realistic option for managing

multiple electronic transactions nowadays. It is a cost effective secure way to managetransactions electronically Manufacturers, issuers and users have recognized the value of onecard that handles multi-applications.

A multi-application card will be able to automatically update new services and existingapplications, change and store user profiles for each application and be accepted by a range ofdevices-PC, POS, mobile phones . One of the most valuable applications is in using the smartcard to buy energy. Domestic consumers could for instance buy energy, at a price based on theirprevious consumption pattern, from any supplier wherever and whenever they choose. When the

customer wants to top up their gas or electricity credit they visit a vending machine which usesthe consumption data stored on their card to allocate a tariff and calculates how much energy tooffer the consumer for their money . Recently, the portal technology has been playing anincreasing role in computing. Service providers are rolling out portals to allow users to createcustomized web sites that display exactly the information of interest. Corporations are rolling out


2/14

portals to provide employees and business partner's customizable access to corporateinformation, including news feeds from external providers, or email, calendar and access tobill ing system, in addition to other web services.

2. LOGICAL FILE STRUCTURE OF A TYPICAL SMART CARD

In terms of data storage, a smart card is organized in a hierarchical form through directories.Similar to MS-DOS, there is one master file (MF) which is like the root directory. Under the root,we can have different files which are called elementary files (EFs). We can also have varioussubdirectories called dedicated files (DFs). Every DF is dedicated for a separate application.Under each subdirectory will be elementary files again. The master file is implicitly selected afterthe smart card is reset. The useful data that are needed for an application are located in the(EFs). EFs may be placed directly under the MF or under a DF. Since the MF is a special sort of

DF, it goes without saying that in a single application smart card, all application files can beplaced directly under the MF. Additional DFs can be placed within an application DF. Forexample, a DF placed directly under the MF could be dedicated to the Corporate ID application.

An additional level of DFs within the application DF could contain the files for the languagessupported, such as English and Arabic. Figure 1 shows logical view of a smart card filestructure. The elementary file (EF) simply consists of a header and the body which stores thedata. The header of the file stores information about the file such as identification number,description, types, size, and so on. Particularly, it stores the attribute of the file which states theaccess conditions and current status. Access of the data in the file depends on whether thoseconditions can be fulfilled or not.

Figure 1. Logical file structure of smart card

3. REPAID ELECTRICITY

Since the last decades of the past century, scientists, researchers and public people have beenworried about energy conservation. People spend much more power than what they actuallyneed and that results in a huge loss of energy. Moreover, the continuous increase in theuniversal energy prices has resulted in a huge economical loss. Thus we are proposing aprepaid electricity smart card based system so people can buy specific amount of energy to use it

only when then need. People can register for this service and charge their accounts through theInternet. The proposed system is based on an IP-based controller called TINY, and aWATTNODE type power meter which interrupts the controller at a regular interval based on theconsumption of electricity to update the balance based on a certain tariff. The power meter weused, interrupts the controller at a rate of 0.75Wph, so based on the particular tariff used and the


3/14

amount of power consumption needed, the correct amount of money to be loaded into the cardcan be easily calculated and programmed into the chip. The unique feature about this system isthat the electric utility in the home environment can be accessed remotely from the server due tothe fact that the controller is IP-based, without the need for a PC on site, which reduces the costof the system drastically. People now can buy electricity in advance, using the so-called prepaidelectricity cards. The proposed prepaid smart card can also be used to manage electricityconsumption in a hotel room, as well as accessing the room itself. people can consume only asmuch power as they really need. The main role of the smart card is summarized in two things:

Authenticating the user or log in

Updating the balance in the card based on the given tariff and the electricity consumptionprofile of the user stored in the smart card. See Figure 2 for the proposed system.

Figure 2 Prepaid Electricity System Design

Figure 3. Flow Chart for Prepaid Electricity

As shown in Figure2, the main role of the TINY IP-based controller is to control the flow ofelectricity using a solid state relay, based on the consumption profile of the user. The TINYcontroller is programmed to determine the exact amount of electricity measured by the powermeter by counting the exact number of interrupts corresponding to the amount of electricity which

the user intend to consume. The controller also provides remote access to the electricitysupplying company server. We used a PC/SC compatible smart card reader with ACOS1-8Ksmart card. The smart card here is used as a secure token to log in to the data base of thecompany server, in a client server manner, for controlling consumption of electricity as well astoping up the smart card with additional money [8]. See Figure3 for the authentication and theonline purchasing protocol of the smart card based prepaid electricity system.

4. Proposed Architecture

In this section, the overall design of the system is discussed in terms of two approaches: two-tierarchitecture, and three-tier architecture [8]. Both two and three tier architectures are examplesand variations of the well-know client/server computing model. The model was proposed as an


4/14

alternative to centralized mainframe and time sharing computing. In this model, the clientinteracts with the user possibly via a GUI interface, and requests on-line services from the server.The server, on the other hand, answers these requests and provides the services.

The fact that this system is spread across more than two different entities suggests three-tierarchitecture. Such architecture brings clear logical structure to the system. A major advantage of

the three-tier architecture over the two-tier architecture is scalability. Three-tier architecturesupports hundreds of users while the two-tier architecture is known to work well with less than100 users. This is because the latter maintains connections with each client while the three-tierarchitecture is able to manage these connections (via queuing, for example) better due to themiddle tier. Scalability is a major requirement for our design since there could be thousands ofcustomers who are trying to update the balance on their prepaid electricity card and trying toestablish a session with the servers. This requirement by itself is sufficient to justify the three-tierarchitecture over the two-tier architecture. See Figures 4 and 5 for the two-tier and three tierarchitectures respectively.

Figure4: Two-Tier Architecture

In addition, with the three-tier architecture most of the application (business) logic like locatingthe appropriate database, checking authority, generating query, is moved to the middle tier.Therefore, in the case of the three-tier architecture, changes in the business logic result in lessclient tier changes. Another advantage of the three-tier architecture is that its data security isincreased because the client tier no longer can access the data directly; it has to go through themiddle tier first [9,10].

However, the three-tier architecture has its own disadvantages. Designing and developing three-

tier architecture software is a complex process, and some of its available technologies arecomplex too (for Application Server Tier Data Server Tier Client Tier example, J2EE technologyor .NET technology). In addition, separation of business logic from presentation logic is notalways clear. Figure 6 shows the main components of the smart card system. The overall systemwas tested successfully in the lab using a 1000W heater.


5/14

Figure 6. Main components of the smart card system

5. Security Threats for Smart Cards

5.1 From Computers to Smart Cards

The best way to understand the threats facing a smart card is to start with the threats associatedwith a conventional desktop computer. We believe that the most important security aspect ofsmart cards, as participants in protocols, is the way in which they differ from other computationaldevices. By starting with a general purpose computer, and splitting apart its various functions intothose that make up a smart card and its operating environment, we can examine each changeand how it affects security. Each of these splits adds opportunities for attack. For example,consider a case where the owner of a card does not control the data stored on it. This leads toattacks by the person possessing the card against the data stored within it. This attack simplyisn't possible if there is no such split.

Our model of a general purpose computer consists of a CPU, storage, input/output devices, andpower supply. The CPU is the primary processor of the computer, responsible for carrying outcomputation. In a normal computer, it is tightly coupled to its storage, such as RAM, disk drives,or tape, as well as its generalized I/O devices, such as keyboards or mice for input, terminals orprinters for output, and various digital communication ports, such as serial ports or Ethernetcards. In this configuration, the computer can be treated as a single unit for most threat models.

We begin by miniaturizing the computer, which adds nothing beyond a useful visualization tool.Consider a computer such as the REX personal organizer. This PC-CARD has a small screen, aPC-CARD interface to communicate with another computer, and a few buttons for input. We willnow transform the REX, in stages, into a smart card, showing how each step of the transformationleads to new vulnerabilities.

Consider the I/O port, and replace it with a slow speed serial port. The system that the cardconnects to has a limited ability to attack it, since the card is presumably going to be attachedonly to its owner's computer, or perhaps, for a few moments, to another to trade contactinformation. The card, throughout, has the ability to send and receive information through itsscreen and buttons. It would not be difficult to transform something like the REX into a secureelectronic check book. (There are other engineering challenges, but it is substantially easier thanbuilding the same system with a smart card.)


6/14

Continue by decoupling the input mechanism, such that user input must go through a keyboardattached to the reader. It is obvious that the keyboard could record PIN and card information foruse in a later attack. Lastly, remove the screen, such that the card has no way of communicatingwith its user except through a screen of indeterminate fealty.

The essential characteristic of a smart card is that its functionality is split in ways unusual for acomputer. These splits mean that a smart card is handicapped," by which we mean \unable tointeract with the world without outside peripherals." This is the essential nature of smart cards:

one that differentiates them from portable computers such as the Palm Pilot, and that defines thetrust model in which they are forced to operate. Other splits may and do occur, but thefundamental one is that of being restricted in their I/O.

Smart card functionality is split in other ways. The cardholder might not have any control of thesoftware running on the card. In the case of multifunction cards, the card issuer might not haveany control either. The owner of the data inside the card might not be the cardholder, and thedata owner might require that the cardholder not be able to modify, or even view, the data.

In the following sections, we examine the ramifications of the split described above, as well asothers commonly found in smart card systems. Our models often include five or six parties. Weexamine in depth how the parties, when split, might attack each other. We also examine themotivations that cause attackers to engage in the variety of mischief that becomes possible whenroles are split apart. And finally, we discuss different resistance models.

5.2 Model Trust Environment of a Smart Card

There are many parties potentially involved in any smart card {based system. Usually, there areat least five or six, including the cardholder, the terminal, the data owner, the card issuer, the cardmanufacturer, and the software manufacturer.

The cardholder is the party who has day today possession of the smart card. The card is inhis wallet; he decides whether and when to use it. In the case of a smart card used as anelectronic wallet, he is the person to whom the wallet was issued. He may control the dataon the card, depending on the system, but it is highly unlikely that he had control of theprotocols, software, or hardware choices made in the creation of the card system. Note thatthis is in contrast to many personal computer based systems, where the owner and userusually has some say in the system he is using.The data owner is the party who has control of the data within the card. In cases such asusing a card as a mechanism for carrying digital certificates, the card owner is also the dataowner. However, if the card is an electronic-cash card, the issuer of the cash is the dataowner, and this split opens the possibility of attack.The terminal is the device that offers the smart card its interactions with the world. Theterminal controls all I/O to and from the smart card: the keyboard by which any data is

entered into the smart card, and the screen by which any data from the smart card isdisplayed. If the card is used as a phone call ing card, this is the pay phone owner. If thecard is used as an ATM identification card, this is the ATM service provider. If the card is apay-TV membership card, the terminal is the set-top box.


7/14

The card issuer is the party who issued the smart card. This party controls the operatingsystem running on the smart card, and any data that is initially stored on the smart card. Ifthe card is a telephone payment card, the issuer is the phone company. If the card is anemployee ID card, the issuer is the employer. Sometimes the issuer just issues the cardand then disappears from the system; other times he is involved with the systemthroughout. In some multi-function cards, the card issuer may have nothing to do with theapplications running on the card, and may only control the operating system. In other multi-

function cards, the same issuer may control all the applications running on the card.

From the security analysis point of view, it is often simplest to view the card issuer, themanufacturer, and the software engineers as the same party; however, they rarely actually are.Hence:

The card manufacturer is the party who produces the smart card. Note that this is asimplification; the manufacturer may or may not own the fabrication facility in which thechips are actually made; they may have subcontracted design functions, and they may beusing third party tools in their work, such as VHDL compilers. However, we model all ofthese as the card manufacturer. Opportunities to subvert the manufacture of the card comein many places, to a wide variety of individuals.The software manufacturer is the party who produces the software that resides on thesmart card. This is again a simplification of a probably complex array of makers ofcompilers, utilities, etc. Issues of trusting trust [Tho84] arise here in the same ways they dowith the card manufacturer.

5.3 Examples of Trust Splits in Smart Card Systems

Following are representative smart card{based systems, described in terms of what partiescontrol different aspects of the system. This list is not meant to be exhaustive, and there are bothother examples of splits described here and other splits not described here.

Digital Stored Value Card. These are payment cards intended to be substitutes for cash.

Both Mondex and Visa Cash are examples of this type of system. The card owner is thecustomer. The terminal owner is the merchant. The data owner and the card issuer are boththe financial institution that supports the system.

Digital Check Card This is similar to the card above, except that the card owner is thedata owner.

Prepaid Phone Card. These are simply a special-use stored value card. The card owner isthe customer. The terminal owner, data owner, and card issuer are all the phone company.


8/14

Account-based Phone Card. In this system, the smart card does not store an accountbalance, but simply an account number which is a pointer into a back-end database. Thecard owner and data owner is the customer, while the terminal owner and card issuer is thephone company.

Access Token. In this application, the smart card stores a key which is used in a login or

authentication protocol. In the corporate case, the cardholder is the employee, and the dataowner, terminal owner, and issuer are likely the company. In the case of a multi-use accesstoken, the cardholder and data owner might be the same person, while the terminal ownermay be a merchant and the data owner a financial institution.

Web Browsing Card. In this application, a customer can use his card in his own PC to buythings on the WWW. This is another example of a cash card. The difference is that thecardholder and terminal owner are both the customer (i.e., the owner of the PC). The dataowner and card issuer are both the financial institution.

Digital Credential Device. In this application, the smart card stores digital certificates orother credentials for presentation to another party. Here, the cardholder and the data ownerare both the same. The terminal owner is either the other party (in an in-store application,for example) or the cardholder (browsing on the WWW). The card issuer is the CA thatissued the credentials, or some other party that collects.

Key Storage Card. In this application, the user stores various (possibly verified) publickeys in a smart card to protect them having to be stored on his less secure PC. Here, thecardholder, the data owner, and the terminal owner are the same.

Multi-Function Card. This card is the most complicated. The card manufacturer and cardissuer are separate, as are the software manufacturers. The data owner may be thecardholder for some applications, and a separate entity for others. There are multipleterminal owners, depending on which applications are on the card.

6. Smart Card Threat Models

An attack is simply defined as an attempt by one or more parties involved in a smart cardtransaction to cheat. We consider two classes of attackers, those who are parties to the system,and those who are interlopers. Attacks by participants could be a cardholder trying to cheat aterminal owner, a card issuer trying to cheat a cardholder, etc. Outsider attacks could be mounted

by someone who steals a card: a temporary cardholder who steals a card from a legitimatecardholder, or replaces terminal software or hardware. Attacks by outsiders are often similar toattacks on protocols involving general purpose computers; however, they may take advantage ofvarious properties of the system created by the separation of role.


9/14

Motives for attack fall into a few broad categories [Sch97]. First and most obvious are financialthefts, including theft of money or credit, or theft of services sold to the general public, such astelephone cards. There are also impersonation attacks, where the card system is an intermediatetarget, with the system being attacked to gain access to some computer system, or other accesscontrol device. These differ from theft of service in that the user could not purchase the servicelegitimately. For example, the use of an access card to get into a computer system; computer

access is generally available, but access to the particular system is the goal of the attacker.There are attacks on privacy, where one party wants more information than is given by theprotocol. Lastly, there are publicity attacks, where the attacker is motivated not by any directfinancial gain through attacking the system, but a desire for notoriety.

6.1 Attacks by the Terminal Against

These are the easiest attacks to understand. When a cardholder puts his card into a terminal, heis trusting the terminal to relay any input and output from card accurately. For example, if a userputs a stored value card into a vending machine and makes a $1 purchase, he is relying on theterminal to send a \deduct $1" message to the card, and not a \deduct $10." Similarly, when thecard sends a message to the cardholder that says \balance = $1," the cardholder is relying on theterminal's screen to relay that message accurately. The ability for a rogue terminal to do damagein this environment is significant, and it is impossible for the cardholder to detect this kind of fraudin the context of a single terminal. This kind of fraud has been attempted using fake ATMmachines.

Prevention mechanisms in most smart card systems centre around the fact that the terminal onlyhas access to a card for a short period of time. Software on the card could limit the amount ofdamage a rogue terminal could do. A stored-value card could, for example, only allow theterminal to deduct $1 maximum per transaction, and to perform no more than one transactionevery minute [KS99]. However, there are prevention mechanisms that involve having the userown the smart card terminal, such as one attached to a personal computer. The real preventionmechanisms, though, have nothing to do with the smart card/terminal exchange; they are theback-end processing systems that monitor the cards and terminals, and flag suspicious behavior.

6.2 Attacks by the Cardholder Against the Terminal

More subtle are attacks by the cardholder against the terminal. These involve fake or modi_edcards running rogue software, with the intent of subverting the protocol between the card and theterminal. For some examples, see [McC96]. Good protocol design mitigates the risk of thesekinds of attacks, which can be made more difficult by hard-to-forge physical aspects of the card(e.g., the hologram on Visa and MasterCard cards), which can be checked by the terminal ownermanually. Note that digital signatures on the software are not effective here since a rogue card

can always lie about its signature, and there is no way for the terminal to peer inside the card.Defending against this kind of attack requires another function split: the cardholder must not beable to manipulate the data inside the card.


10/14

6.3 Attacks by the Cardholder Against the Data Owner

In many smart card{based commerce systems, data stored on that card must be protected fromthe cardholder. In some cases, the cardholder is not allowed to know that data. A building accesscard, for example, could have a secret value inside the card; knowledge of this value could allowthe cardholder to make additional access cards. Or knowledge of a secret key in an electroniccommerce card could allow the cardholder to make fraudulent transactions. In other cases, thecardholder is allowed to know the value, but not allowed to change it. If the card is a stored-value

card, and the user can change the value, he can effectively mint money.

There are two essential characteristics of these attacks. One, the card must act as a secureperimeter, preventing the cardholder from accessing the data inside the card. In this context, thecard may need to be fairly confident that it will detect and respond

to attacks with a minimum of control over its environment. And two, the attacker has access to thecard on his own terms. He is allowed to take the card into his laboratory and perform whateverexperiments he wants to. He is allowed to take cards and destroy them in order to learn how they

work.

There have been many successful attacks against the data inside a card. These attacks includereverse-engineering and defeating tamper-resistance [AK96], fault analysis [BS97, BDL97], andside channel attacks such as power and timing analysis [Koc96, Koc98b, KSWH98b, DLK+99].

These attacks have been particularly effective against pay-TV access cards [McC96, Row97],and have been used against digital cellular telephone access cards [BGW98]. They are startingto be used against stored-value cards for electronic commerce [Row97].

6.4 Attacks by the Cardholder Against the Issuer

There are many financial attacks that appear to be targeting the issuer, but this may be illusory. Infact, the attacks are targeting the integrity and authenticity of data or programs stored on the card.These attacks are made possible by the issuer's decision to use a smart card system where the

cardholder holds data for the issuer or other party. Using the pay telephone application as anexample, if the phone were to use an account-based system, where a simple card holds a verylong account number that is used by the phone company to dereference an account stored on aback-end system, then there are account guessing and theft attacks based on the

numbers. This sort of system can be enhanced by adding a challenge/response or inverted hashchain mechanism for sending replay resistant passwords.

This makes strong use of a simple smart card in conjunction with a back office{managed

authorization scheme to resist fraud. If the card issuer chooses to put bits that authorize use of thesystem in the card, they should not be surprised when those bits are attacked. These bits couldbe \authenticated" account numbers, or it could be a system with a key buried within the card, onthe assumption that this key cannot be extracted, and proper completion of the protocol indicatesthat the card has not been tampered with.


11/14

These systems all rest on the questionable assumption that the security perimeter of a smart cardis sufficient for their purposes.

6.5 Attacks by the Cardholder Against the Software Manufacturer

Generally, in systems where the card is issued to an assumed hostile user, the assumption existsthat the card will not have new software loaded onto it. This is enforced by the use of pre-issuance stages with various one-way transformations being employed by the card manufacturerto ensure that the soft-ware is not tampered with. The underlying assumption may be that the splitbetween card owner and software owner is unassailable, and relies on the separation beingstrong. However, attackers have shown a remarkable ability to get the appropriate hardware sentto them, often gratis, to aid in launching an attack.

7 Resistance Models

There are, broadly, two ways to resist attacks against smart card systems. The first is to make

specific attacks harder: use strong cryptographic protocols, increase tamper-resistance, etc. Wedon't discuss these methods in detail; we believe they are less effective and more prone toimplementation and design failure than the second, which is to make entire classes of attackineffective. This can be done most effectively by reducing the number of parties, or increasing thetransparency of a party's role to the point where carrying out an attack is difficult. The easiest wayto reduce the number of parties is to combine roles so that there are fewer hats to wear. If, forexample, the cardholder is also the data owner, all attacks by the cardholder against the dataowner are simply irrelevant. Or, if the terminal owner is also the issuer, then attacks by theterminal owner on the issuer are only possible in the transformative case, where an attackertakes control of the terminal.

7.1 Fewer Splits

Each time a system has the design role of two or more parties merged into one, the avenues ofattack that are available to one of those parties against the other disappears. For example, if thecardholder and trusted terminal are merged by adding screen and data entry to the card, then thekey sniffing and entruste display problems simply disappear.

Contrariwise, adding parties to the system opens new venues of attack which need to beconsidered. The separation of the terminal and card from each other creates a venue which couldscarcely have been designed better to enable man-in-the-middle attacks. The combination of

h sical encasement of the card, and terminal's control of the user interface and network allow


12/14

most any such attack documented to be carried out if the protocol is not designed to handle it.Experience has shown that even many security products are released without considerationgiven to MITM, replay, and rection style attacks. [Sho96, Sho97] Even if these attacks areconsidered, the addition of parties to a transaction makes managing keys, nonces, sequencenumbers, and other defences substantially more difficult.

7.2 More Transparency

security of a system is to allow widespread public examination of it. It has been shown repeatedlythat interested attackers will obtain specifications or attack the system without them [Sho96,Bla94], and that open publication leads to review and It is widely understood by the securitycommunity that the best way to ensure the analysis. (Examples are IPSec, PGP, and S/MIME.)Combining the mechanisms of simplicity and openness greatly simplifies the task of reviewerswho choose to examine a system. Thus, reducing the number of parties not only eliminates entireclasses of attacks as shown above, but it also makes the task of analyzing the system simpler.

The simplicity of the security analysis will likely cause the analysis to occur sooner, as well asgiving it a higher likelihood of success.

The transparency defence involves cleanly separating roles so that attacks are more difficult toexecute. For example, the Mondex system includes a variety of terminal types (some portable)that allow a user to check certain parameters independent of a

merchant terminal. This allows a class of attacks on the cardholder or be discovered much morequickly.

Access to the full set of Mondex stored parameters(i.e., the data owner's data) would presumablymake the system that much more secure by increasing the audit-ability of the system. Similarly,an attack by the software manufacturer is made more difficult by the presence of strong and clearspecifications, and/or open source implementations

7.3 Design for Security

This defensive model of design is focused on designing systems to be secure from thearchitecture down [SSS+98]. Adding security to a system after the design phase has been shownto be difficult expensive, and failure prone. Therefore, we offer a model where careful design fromthe start eliminates the need for many costly and complex attempts to bolt security on at a laterphase. The reductionist model not only simplifies the process of design and implementation, butis fairly difficult to implement incorrectly.

We have seen that implementation failures are a primary cause of cryptosystem failure in the field[And94, Sch97, Sch98a, Koc98a, Sch98b]. Another facet to the transparency defences is to avoidthe complexities and risk of multi-application smart

cards. Not using a multi-application smart cards both reduces the number of parties involved and


13/14

creates a simpler operating environment with less complexity and potential for bugs. Thereduction in the number of parties using the card (fromNto

2) means that the issues of OS subversion and cross application attacks are practicallyeliminated.

8. How Smart Cards are Used ?

1. Commercial Applications

a. Banking/paymentb. Identification

c. Ticketingd. Parking and toll collectione. Universities use smart cards for ID purposes and at the library, vending machines, copy

machines, and other services on campus.

2. Mobile Telecommunications

a. SIM cards used on cell phonesb. Over 300,000,000 GSM phones with smart cards

c. Contains mobile phone security, subscription information, and phone number on thenetwork, billing information, and frequently called numbers.

3. Information Technology

a. Secure logon and authentication of users to PCs and networksb. Encryption of sensitive data

4. Other Applications

a. Over 4 million small dish TV satellite receivers in the US use a smart card as its removablesecurity element and subscription information.

b. Pre-paid, reloadable telephone cardsc. Health Care, stores the history of a patientd. Fast ticketing in public transport, parking, and road tolling in many countries

CONCLUSION

A secure smart card based system for e-payment, implemented on prepaid electricity over theinternet, was proposed. The smart card system has been designed and implementedsuccessfully using a three tier model client-server system, which was shown to be superior overthe two tier client-server system model. The proposed system has the benefit of using a secure


14/14

smart card to log in to the network, and control the amount of money needed to be spent for therequired electricity consumption based on the user profile stored on the card. The proposedsystem has also the unique feature of using an IP-based controller which provides remote accessto company server without the additional cost of a PC. Work is ongoing for shifting to a true openplatform multiplication smart card environment.

Report on Smart Cards

Documents

Transcript of Report on Smart Cards