Smart cards a fascinating and fruitful adventure Gemalto Technology & Innovation Nguyen Quang Huy 2 Smart Cards in the our life  Secure transaction (banking, pay-TV)  Telecom (SIM/USIM/RUIM, M2M, convergence, M-TV, M-banking, M-ticket)  Control Access (physical and logical resource)  E-citizen (e-passport, e-ID, e-Heath, e-driving license, ) 3  No internal timer, battery  No keyboard, display, network interface  Current generation  µ-processor: 16-bits, <=10MHz  RAM: 4K  ROM: 100K for code storage  E 2 PROM (10 5 updates ): 64K for data storage  I/O: serial (9600 bps), – Contactless protocols: MiFare, FeliCa, Calypso  Next generation  µ-processor: 32-bits, up to 100MHz  Flash memory: more durable and more rapid  I/O: USB (12 Mbps) – Contactless open protocols: NFC, ZigBee 25 mm 25 mm 2 2 Smart Card HW 4 Smart Card SW  Proprietary architecture  Undisclosed specification  Tedious application development  Closed configuration: no application can be added after issuance  Open architecture  Open specification  High-level programming languages  Post-issuance applications are available  Some open architectures  Java Card  MULTOS  .NET Card  Basic Card 5 Example: Java Card  Introduced by Schlumberger in 1996  Leading open multi-applicative architecture  >5 billions Java-embedded cards issued  Applications (applets) developed in Java Integrated Circuit Operating System Java Card Virtual Machine API in Java Native API Card Manager Applet 1 Applet 2 JC Firewall I/O command 6 Security threats  No battery  Card tearing (or power failure ) may cause inconsistency data  No internal timer  Logging for post-mortem analysis is not possible  No keyboard, display, network device  secure usage environment  Payment terminals (POS and ATM): security certification  Security of PC and handset: keyboard logger, false display (phishing), etc  Contactless interface  Cardholder is not aware of malicious actions  Physically owned by attackers  Vulnerable to both logical and physical attacks 7 Attacks  Logical attacks: use I/O commands to exploit SW vulnerabilities  buffer overflow, type confusion, covert channels, protocol attacks, etc  Physical attacks: use physical phenomenon to exploit SW/HW vulnerabilities  Invasive attacks: destructive and require specific logistics  HW reverse-engineering; disabling HW security features, etc  Non invasive attacks: affordable logistics – Side-channel: use the emitted signals (power consumption, execution time) to guess the secret (keys, PIN)  Execution signature (E 2 PROM update, DES rounds, etc) may leak secret – Fault-injection attacks: use physical means (infrared heat, laser, X-ray) to flip some bits in the memory  Modify code and runtime control flow, data: the consequence is hardly predictable  Combined attacks 8 Counter-measures and beyond  Detection  HW: (shield-removal, temperature, frequency, laser, light) sensors  SW: checksum, fault-trap  Protection  HW: memory/bus encryption, redundancy, error-correcting code  SW: transaction mechanism (anti-tearing), random noise, protection of control flow  Auditing  HW: security registers  SW: fault-counters, security exception  Reaction  Muting (infinite loop) and clearing RAM No counter-measure is perfect Trade-off between security and performance (tender eligibility criterion)  Use of mathematical techniques: formal methods 9 Mathematically proven security assurances 10 Vietnam: smart card deployment  Mobile telecom  Low-end cards: <=64K EEPROM  Banking  Small-scale migrations to EMV standard: VP Bank, VCB, etc  Online banking (secure reader/authentication server): VCB  Why the banks are not keen on using smart cards ? – Cards mainly used for ATM withdrawal: rare (offline) POS payment ⇒ fraud is limited – Card holders are usually paying for the fraud ! – Insfratructure cost for a migration (ATM, POS, servers, etc)  E-government  e-passport project (since 2006) [...]... Small market implies small players  Few smart cards manufacturers  MK Technology JSC: 20 milions smart cards delivered in 2008  Main products: SIM, USIM, RUIM – Sale representative of foreign products  Dosmetic share in final products – Card personalization for final clients – A first Vietnamese smart card OS ? MKCos (Sao Khue 2008)  Even fewer application developers  Vietnamizing imported applications... Vietnamizing imported applications 11 Joining the adventure  Expanding dosmetic market by SIM-based attractive applications e.g.,  M-payment, online payment  Value-added applications on mobile network  M-ticket for public transport  Making E-Government come true  Healthcare card, ID-card, etc  Education/Training  More training courses for – embeded programming: lucrative outsourcing market – security... card, ID-card, etc  Education/Training  More training courses for – embeded programming: lucrative outsourcing market – security engineering: go beyond anti-virus  Support of overseas experts  Enterprising  Win-win JV with foreign partners to learn technology 12 . Smart cards a fascinating and fruitful adventure Gemalto Technology & Innovation Nguyen Quang Huy 2 Smart Cards in the our life  Secure transaction (banking, pay-TV)  Telecom. Circuit Operating System Java Card Virtual Machine API in Java Native API Card Manager Applet 1 Applet 2 JC Firewall I/O command 6 Security threats  No battery  Card tearing (or power failure ) may. issuance  Open architecture  Open specification  High-level programming languages  Post-issuance applications are available  Some open architectures  Java Card  MULTOS  .NET Card  Basic Card 5 Example: