1. SECURITY OF SMART CARDS
Prepared By:
Bansi Mehta (15IT050)
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
Department of Information Technology
Chandubhai S. Patel Institute of Technology
2. OUTLINE
• Technology used in cards.
• Magnetic cards.
• Microprocessor cards.
• Types of microprocessor cards.
• Inside a microprocessor card.
• Smartness of microprocessor card.
• 2 Factor verification.
• Online Transactions.
• Security provided by the cards.
• Security of the cards.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
4. TECHNOLOGY USED IN CARDS:
• Optical.
• Memory unit.
• Magnetic.
• Microprocessor.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
Major evolution while changing from magnetic strip to microprocessor.
5. MAGNETIC CARD
• Reason Behind decreasing use of magnetic cards – Security.
• If the card reader is tampered with and a card is swapped in it then
information can be easily retrieved from the magnetic strip.
• That information can be easily copied to other cards to generate a duplicate.
• All this could be done without the knowledge of the user.
• This introduced the concept of “Microprocessor Cards”
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
6. SHIFT TO MICROPROCESSOR CARDS
• Enclosed in plastic casing.
• Has a microprocessor chip embedded inside.
• Which receives an input processes and generates output.
• Has a memory unit.
• Also posses the magnetic strip technology.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
7. TYPES:
• Contact – Card needed to be inserted.
• Contactless – Card needed to be brought in proximity.
• In contactless radio frequencies are user. The card stay in passive mode and
the reader in active. When ever the card comes in the field of the reader it
becomes active and then the transmission of information takes place with
the help of radio frequency.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
8. WHAT’S INSIDE A MICROPROCESSOR
CARD?
• CPU: Heart of the chip.
• SECURITY LOGIC: Detecting abnormal conditions.
• SERIAL INTERFACE: Communication.
• TEST LOGIC: Self test procedures.
• ROM: Operating system.
• RAM: Temporary memory unit during operations.
• EEPROM: Permanent data.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
9. WHAT MAKES THIS CARD SMART?
• Unlike magnetic card, the information of this card cannot be easily obtained.
• Smartness of this card depends on the working mechanism.
• To authorize any user:
o Certificate + pin.
o Certificate + biometrics.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
10. 2 FACTOR VERIFICATION:
• Each card has a pair of public and private key.
• When the card is inserted/ brought near to the card reader, it generates a random
number.
• This random number is unique for each transaction.
• The card encrypts that random number with its private key and sends it to reader.
The reader sends it to server along with the public key of the card.
• Server decrypts the encrypted random number with cards’ public key and sends it
back. Reader matches both the generated random number and the decrypted
number to see if they are same.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
11. CONTD.
• When the user enters the pin in the terminal, it is encrypted using the public
key of the card and send to the card.
• The card decrypts it with its private key and matches it with the one stored in
it.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
12. ONLINE TRANSACTION
• Card details are tokenized and send during communication with third party
gateway.
• What is tokenizing?
• Keeping card number or any other details as it is and inserting some
numbers which may seem random in between.
• The dedicated organizations have mechanisms to interpret this random
seeming number.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
13. HOW SECURE ARE SMART CARDS?
• The Security Provided by the Card
1) Symmetric key algorithm:
DES, Triple DES.
2) Asymmetric key algorithm:
RSA
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
14. CONTD.
• The Security of the Card:
1) Physical invasive attack- Read the data of the buses and probes.
But they require special chemical and acid to remove plastic coting and very
sophisticated equipment to read the data. Often ends up damaging the card.
2) Side channel attacks- Measuring minute fluctuations in the time required to
perform a cryptographic operation or measuring fluctuations in the power
consumed by the smart card.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT
15. CONCLUSION
• Although microprocessor based card may still lack in security mechanisms.
• But security is an evolving field.
• Hackers would find increasingly sophisticated attacks against smart cards
while smart card manufacturers will find increasingly sophisticated
countermeasures.
IT-306.02 | Sem-6 | Department of Information Technology | CSPIT