Internet Security 2 (IntSec2)

1 SmartCards
Prof. Dr. Andreas Steffen
Institute for Internet Technologies and Applications (ITA)

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 1

1 SmartCards 1.1 Overview SmardCard types Physical form factors Electrical contacts 1.2 Physical Security Chip layout Passivation layer removal detection Charge detection Random cell placement Scrambled addressing Power and timing analysis 1.3 SmartCard File System Master, directory and elementary files File names Internal file structure File types 1.4 SmartCard Messages Application protocol data units (APDUs)

Cryptographical Building Blocks

Secure Network Protocols Data Integrity NonRepudiation

Privacy

Authentication

Encryption

MACs MICs

Challenge Response

Smart Cards

Digital Signatures

Symmetric Key Cryptography

Message Digests

IVs

Nonces

Secret Keys

Public Key Cryptography

Block Ciphers

Stream Ciphers

Hash Functions

Pseudo Random

Random Sources

Elliptic Curves

DH RSA

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 2

Glossary: DH RSA IV MAC MIC Diffie-Hellman public key cryptosystem Rivest-Shamir-Adleman public key cryptosystem Initialization Vector, required to initialize symmetric encryption algorithms Message Authentication Code, cryptographically secured checksum Message Integrity Code synonym for MAC

Nonce Random number, used in challenge-response protocols

Literature

Wolfgang Rankl & Wolfgang Effing

Handbuch der Chipkarten

Inhalt

5. berarbeitete und aktualisierte Auflage 2008

Aufbau Funktionsweise Einsatz von Smart Cards

Hanser Fachbuchverlag ISBN 3-446-40402-3

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 3

Internet Security 2 (IntSec2)

1.1 Overview

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 4

Smart Card Types

SIM card

USB token

Crypto card

Java card Memory card

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 5

Smart Card Types

Cards with a chip Cards with a chip

Chip types Chip types Memory cards Memory cards
without security logic without security logic with security logic with security logic

Interface types Interface types

with contacts with contacts contactless contactless dual-interface dual-interface

Microprocessor cards Microprocessor cards

without coprocessor without coprocessor with coprocessor with coprocessor
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 6

Physical Form Factors (ISO 7816)

ID-000 Mini-UICC ID-00

1111 2222 3333 4444

JANE DOE
ID-1 0.76 mm

ID-1 ID-00 ID-000

54 x 85.6 mm (ISO 7810 credit card format) (Visa/MC credit cards) (mini card, rarely used) (GSM SIM card) (new SIM card) 33 x 66 mm 15 x 25 mm

Visa Mini 40 x 66 mm

Mini-UICC 12 x 15 mm

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 7

Contactless and Dual-Interface Cards

Proximity Cards (ISO 14443): distance < 10 cm Vicinity Cards (ISO 15693): distance = 10 cm 1 m Operating Frequency: f = 13.56 MHz Products: MIFARE (Philips, et al.), LEGIC (Kaba)
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 8

Electrical Contacts (ISO 7816-2)

C1 C2 C3 C5 C6 C7

Vcc RST CLK AUX1

C1 C2 C3 C4

C5 C6 C7 C8

GND SWP I/O AUX2

C1 C2 C3 C5 C6 C7 C1 C2 C3 C5 C6 C7

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 9

Electrical Contacts Vcc (C1): Supply voltage ISO 7816-3 Class A 5V 10%, 1..5 MHz, 60mA @ 5 MHz Class B 3V 10% ,1..5 MHz, 50mA @ 5 MHz Class C 1.8V 10%, 1..5 MHz, 30mA @ 4 MHz EMV (payment cards) 5 V 10%, 1..5 MHz, 50mA TS 102 221 (GSM/UMTS [U]SIM cards) Class A 5V 10%, 1..5 MHz, 10mA @ 5 MHz (operating state) Class B 3V 10% ,1..5 MHz, 7.5mA @ 5 MHz (operating state) Class C 1.8V 10%, 1..5 MHz, 5mA @ 5 MHz (operating state) RST (C2): CLK (C3): Reset input used to switch the smart card microcontroller on and off. Clock input delivers an external clock signal (1..10 MHz) that is used as a system clock for the smart card microcontroller and as a reference for the serial communication channel. Ground. EEPROM programming voltage. Not used any more since modern cards generate the programming voltage on-chip using a charge pump fed by Vcc. Now used in [U]SIM cards for Near Field Communication (NFC) via the Single Wire Protocol (SWP) . Input/Output for serial communication running either the T=0 or T=1 protocol.

GND (C5): Vpp (C6):

I/O (C7):

AUX1 (C4): Auxiliary contact; USB devices: D+ AUX2 (C8): Auxiliary contact; USB devices: D-

Internet Security 2 (IntSec2)

1.2 Physical Security

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 10

10

Classical Microprocessor Layout

Infineon SLE 66CX160S

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 11

Typical Smart Card Chip Components CPU: 8051 (Infineon, Philips, Atmel), 6805 (Motorola, ST Microelectronics), H8 (Hitachi), 80251 (Infineon AE-4 (Renesas) CALM (Samsung) ARM 7 or ARM Cortex AE-5 (Renesas) 8 bit architecture 8 bit architecture 16 bit architecture 16 bit architecture 16 bit architecture 16 bit architecture 32 bit architecture 32 bit architecture

RAM: ROM: Flash:

256 8192 Bytes ( 1 RAM cell = 4 EEPROM cells) ( 1 EEPROM cell = 4 ROM cells) (replacement for EEPROM) 8 240 kBytes 1 8 MBytes

EEPROM: 1 80 kBytes

11

Classical Chip Layout Floor Planning

RAM CPU

Crypto Coprocessor Logic

EEPROM

ROM

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 12

12

Passivation Layer Removal Detection

Giesecke & Devrient

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 13

13

Block Layout Standard Cells

RAM CPU

Crypto Coprocessor Logic

EEPROM

ROM

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 14

14

Smart Card Chip Layout Random Cell Placement

RAM

EEPROM

ROM

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 15

15

Classical Memory Layout Regular Structures

RAM

EEPROM

ROM

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 16

16

RAM Cell Charge Detection

Giesecke & Devrient

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 17

Charge detection in RAM cells When cooled to -60 C, RAM cells can keep their charge up to several weeks after the power supply has been switched off. The content of a RAM cell can be read out using a state-of-the-art electron-beam microscope. In order to be able to do this measurement on a secure smart card chip, the passivation and metallization layers covering the the RAM structure must first be physically removed, usually leading to the destruction of the RAM cells.

Source: Rankl and Effing, Handbuch der Chipkarten, 2008

17

Smart Card Memory Scrambled Addressing

RAM

EEPROM

ROM

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 18

18

Power and Timing Analysis

NOP MUL JMP

(no operation)

(multiplication)

(jump)

power consumption

time
Source: Rankl and Effing, "Handbuch der Chipkarten", 2008

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 19

19

Power Analysis of Triple DES Computation

Without counter-measures it is possible to extract the secret 3DES key!

Source: Giesecke & Devrient, in Rankl and Effing, "Handbuch der Chipkarten", 2008

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 20

20

Internet Security 2 (IntSec2)

1.3 SmartCard File System

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 21

21

Smart Card File System (ISO 7816-4)

MF

DF

DF

EF

EF

DF

EF

EF

EF

EF

MF Master File

(root directory, must always be present)

DF Dedicated File (directory file, can contain directory and data files) EF Elementary File (data file)
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 22

22

Smart Card File Names (ISO 7816-4)

MF Reserved FIDs FID File Identifier (2 bytes) DF FID File Identifier (2 bytes) DF Name (1-16 Bytes)
usually ISO 7816-5 AID 3F00 MF root directory 0000 EF PIN and PUK #1 0100 EF PIN and PUK #2 0001 EF application keys 0011 EF management keys 0002 0003 0004 0005 EF EF EF EF manufacturing info card ID info card holder info chip info

EF

Short-FID (5bits) FID File Identifier (2 bytes)

3FFF file path selection FFFF reserved for future use

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 23

FID forming rules EFs in the same directory cannot have the same FID Stacked DFs cannot have the same FID EFs in a directory (MF oder DF) cannot have the same FID as the parent directory Application Identifiers (AIDs) An AID consists of a 5 byte Registered Identifier (RID) containing a country code, an application category and a provider identifier plus an optional Proprietary Application Identifier (PIX) with a variable length of 0..11 bytes. AIDs must be registered with an appointed national registration authority and are usually kept confidential.

23

Smart Card Internal File Structure

Header
pointer EEPROM pages 100'000 write cycles 64 byte page size

EF

Body

Header: file structure info, access control rights, pointer to data body Body:
content changes never or seldom, protected from erasure data, content might change often, many write operations

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 24

24

Smart Card File Types

EF structures EF structures
transparent transparent
transparent transparent execute execute

record-oriented record-oriented
linear fixed linear fixed linear variable linear variable cyclic cyclic

individual individual
data bases data bases data objects data objects script files script files
SCQL Queries GET DATA PUT DATA

READ BINARY WRITE BINARY UPDATE BINARY

READ RECORD WRITE RECORD UPDATE RECORD

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 25

25

Smart Card File Type "transparent"

length 1 2 3 4 5 6 7 8 9 m

offset = 3 data (5 Bytes)

Example: read 5 bytes of data starting from an offset of 3 bytes Maximum read/write block: 255 bytes (short) / 65'536 bytes (extended) Maximum offset: 32'767 bytes Minimum file size: 1 byte Maximum file size: 98'303 bytes (with offset)
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 26

26

Smart Card File Type "linear fixed"

byte number 1 record number 1 2 3 4 2 3 4 5 6 7 8 9 m

Example: read fixed-length record #3 Maximum number of records: 254 Record length: 1 .. 254 Bytes
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 27

27

Smart Card File Type "linear variable"

byte number 1 record number 1 2 3 4 2 3 4 5 6 7 8 9 m

Example: read variable-length record #3 Maximum number of records: 254 Variable record length: 1 .. 254 bytes
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 28

28

Smart Card File Type "cyclic"

byte number 1 record number 1 2 3 4 2 3 4 5 6 7 8 9 m

Example: read the most-recently written record (#1) Maximum number of records: 254 Record length: 1 .. 254 bytes
Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 29

29

Internet Security 2 (IntSec2)

1.4 SmartCard Messages

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 30

30

APDUs Application Protocol Data Units

Command APDU CLA INS P1 P2 Lc Data Body Le

Header

Response APDU Data Body SW1 SW2 Trailer

Andreas Steffen, 14.02.2009, 1-SmartCards.ppt 31

Command APDU CLA: Class Byte (e.g. 0X for ISO 7816-4/-7/-8, A0 for GSM) INS: Instruction byte P1: P2: Lc: Le: Parameter 1 byte Parameter 2 byte Length command byte (length of data field in command APDU) Length expected byte (length of data field in response APDU, maximum: 0x00 )

Response APDU SW1: Status Word 1 byte SW2: Status Word 2 byte Common Return Codes Normal processing: 61XX, 9000 Warning processing: 62XX, 6300 Execution error: Checking error: APDU cases Case 1: | CLA | INS | P1 | P2 | Case 2: | CLA | INS | P1 | P2 | Le | Case 3: | CLA | INS | P1 | P2 | Lc | Data | --> | SW1 | SW2 | --> | Data | SW1 | SW2 | --> | SW1 | SW2 | 64XX, 6500 617XX ... 6FXX

Case 4: | CLA | INS | P1 | P2 | Lc | Data | Le | --> | Data | SW1 | SW2 |

31