Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Smart Card Basics

City University of Hong Kong Computer Science (College of Science & Engineering Requirement) CS1102 Introduction to Computer Studies Project Presentation
by

PakHin Yuen

on 18 April 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Smart Card Basics

Smart Card Basics Group 1 :
53091343 YU Hiu Ching
53092014 CHAN Yuk Hin
53093404 CHIU Tsz Ching
53117209 YUEN Pak Hin Smart Card Introduction Smart Cards = Chip Cards = IC Cards Question for U TIPS SMART CARDS Software of SmartCards Hardware of SmartCards SMART CARDS Smart Cards in Daily Life 1. Contact cards 3. Multi Component Cards combination of contact and
contactless card
multiple methods of communication
antenna / contact pads


manipulate data 2. Contactless cards Smart
cards readers a device to retrieve
information
operate with smart cards radio frequency (RFID)
without physical insertion
Antenna communicate
to the reader Types of Smart Cards & Smart Card Readers SMART CARDS Substrate:
PLASTIC CARD COMPUTER CHIP IC = Integrated Circuits of the chip General International Standards Size: ISO7610 Specification:
ISO 7816 (Contact Cards)
ISO 14443 (Contactless Cards) Chips Producer - Microprocessor (CPU) - Memory (RAM/ROM/EPROM) - I/O Interface (Input/Output) Usual Specifications CPU - 8-bits RAM - 128-780 bytes ROM - 4-20 KB EPROM - 1-16 KB CPU design format -
RISC (Reduced Instruction Set Computing) equipped with on-chip hardware
encryption module
New - Public Key Encryption
Old - Private Key Encryption Clock Speed
run at 5 MHz Embedded Chips Architecture C1 - Vcc = Voltage Supply (5V) C5 - Grd = Voltage Earthing (0V) Embedded Chips Architecture C2 - Rst = Reset the logics and information Warm Reset: Signal sending Cold Reset: Signal Interruption Embedded Chips Architecture C6 - Vpp = Supply higher Programming Voltage to EPROM (ABANDONED) Embedded Chips Architecture C3 - Clk = Receive external input of the logics and arithmetic instructions (e.g. Readers) Embedded Chips Architecture C7 - I/O = Communicate between chips circuits and external network
(Signal buses) 1. Supply Voltage 2. Carry out logic & arithmetic
instructions 3. Communicate between integrated circuit chips & outside networks
(Send & Receive data) AN OVERVIEW 4. Reserve for extra use Dynamic Application COS JAVA
VISA
Global Platform MasterCard
MULTOS
(MULTi
Operating Systems) Advantages Portable Microchips stored with data Convenient transaction of data + Information Security Suppose
2 different card run 2 different COS.

Card A runs Fixed File Structure.
Card B runs Dynamic Application.



Which one requires larger RAM?
Which one requires larger ROM? Fixed File Structure
Card Operating System (COS) ALL:
Structures
Functions
Instructions
ARE PRESET by card issuer. Secured Computing & Strorage WORKLOAD PERCENTAGE BONITA CHIU (53093404) - 100%
CHARLES YUEN (53117209) - 100%
HIU CHING YU (53091343) - 100%
YUK HIN CHAN (53092014) - 100% Type of smart cards Most common type
Electrical contacts (metallic chip) <-> card reader
Connector: bonded to
the encapsulated chip
in the card 1. Contact cards Examples:
Straight Memory Cards
Protected / Segmented Memory Cards
Stored Value Memory Cards 1. Contact cards Applications:
network security
access control
e-commerce
electronic cash 2. Contactless cards Examples: proximity cards, Gen 2 UHF card

Drawbacks:
The limits of cryptographic functions (hackers)
The limits of user memory
The limited distance between card and reader 2. Contactless cards Applications: 3. Multi Component Cards Examples: ISO7816, ISO14443

Applications:
vending passes
access control
network security 1. Contact readers The most common type
Requires physical connections
Enables larger data transport 1. Contact readers Advantages
more secure (direct coupling to the reader)
High negotiated speed (up to 115 kilo baud)

Applications: payment 2. Contactless reader Works with a radio frequency
The card comes close to the reader 2. Contactless reader Applications:
Payment
Physical Access Control
Transportation Smart Card
Readers Contact
Readers Contactless
Readers - Data stored in chips are containing
1. business beneficial information
2. personal confidential privacy 2 Systems of
Smart Card Security Managing Threats -
Security System
Planning Smart Card Information Security
& Security System Planning Components of
Information Security Through the I/O interface,
interactive and interdependent communication carries out between cards and outside networks. Risk of data safety Drug formula Examples Bank information Personal information Why Information Security? Security Technology Ethics + = Security
PLAN? DATA SECURITY Hardware Software Data
(to be protected) Personnel Servers Mass storage
devices Communication buses Client I/O interface Operating Systems Database Management Systems Communication and Security Applications Databases containing
different kinds of information Professionals & Technicians
on Data Security HOST-BASED
SYSTEM SECURITY CARD-BASED
SYSTEM SECURITY Security Systems
embedded on : HOST COMPUTER HOST SERVERS CARD READERS Security Systems
Embedded on: CARD CHIPS on-chips security system CHALLENGING
QUESTIONS ENTER! Question 1 Suppose
2 different card run 2 different COS.

Card A runs Fixed File Structure.
Card B runs Dynamic Application.



Which one requires larger RAM?
Which one requires larger ROM? Question 3 WHAT is the DIFFERENCE
between:

DATA SECURITY
&
INFORMATION SECURITY ? Question 4 HOST-BASED
&
CARD-BASED
SECURITY SYSTEMS were introduced.
WHICH one is better for data/information security? STEP 1: Analyzing Threat Source INTERNAL THREATS EXTERNAL THREATS System plughole (Hard&Soft ware)
Data plughole (Data)
Unethical technicians (personnel) Hardware <> Software <> Data <> Personnel Virus & Malware
(Hard&Soft ware, Data)
Hackers (Personnel) Step 2: Deployment & Design Hardware <> Software
<> Data <> Personnel Step 3: Road Test Test by HACKING the system yourself Learn the weak points
of the system Step 4: Synthesis Modify the security systems after learning about the weak points Employ the system Employ Systems
with
continuous auditing & periodic secured monitoring and maintenance Smart Card Security Mechanisms DATA
&
INFORMATION
SECURITY Computer
Network Inside the computer world,
there are many
unexpected and unknown threats.
Therefore, we need to have SECURITY System thinking of
data security mechanism Data Integrity 1 3 Authentication
& Non-Repudiation Confidentiality 2 Authorization
& Delegation 4 Auditing & Logging 5 Management 6 Was all the data arrived and not lost or corrupted? Are all the data correct & come from the right source? Can the sender confirm receipt? Only the sender & receiver can access the data? Can I set who I want to share the data with secured way? Can I ensure the security system is work functionally? Can I be allowed to manage the system administration? An OVERVIEW of system
data security mechanism 1. Ensure information security Data Originality
Personnel Identity
Authorized Retrieval 2. Ensure system administration Data Sharing
Security System Monitoring & Management Data Integrity Function: Ensure data not being corrupted Mechanism: Assign an identity to each datum by cryptography Verify the ID and characteristics of each datum Any attempt of change in ID will be noted down Authentication Function:
Ensure data transaction is retrieved by
the right person Mechanism: Adoption of Key Encryption System
(Confidentiality) Different kinds of Data Encryption Standard and System & Digital Signature will be further discussed Non-Repudiation Function:
Ensure the data transaction is not permitted by third party Mechanism: Adoption of Key Encryption System
(Confidentiality) Authorization & Delegation Function: ensure proper procedures done to authorize third party to manage system
Utilize the third party management Mechanism: Auditing and Logging Function: ensure the system is functioning well with constant monitoring Mechanism: By Soft Engineering Methods Example: Policies and Procedures Management Function: ensure the users are authorized to manage the security system Mechanism: By Soft Engineering Methods Example: Setting authorized management policy Cryptography Algorithm
(Data Encryption System) Encryption & Decryption Symmetric Encryption System Data encrypted & decrypted with the same key (secret key) Asymmetric Encryption System (Public Key) Data encrypted & decrypted with the public keys & private keys Detailed Asymmetrical Encryption System (Public Key) HOWEVER, in real life,
DATA is not completely safe.

Your data can be physically stolen
(for example your octopus card is being stolen) Although the card might be found, however,
you may already suffer from lost. YOU SHOULD BE CAREFUL YOURSELF!!! Question 2 Are the smart card readers provide the computing base for the smart cards? You may use ATM as an example Question 5 Symmetrical & Asymmetrical Cryptography were introduced.

WHICH one is better for data/information security? Other Reference Website
& their inner paths en.wikipedia.org/wiki/Smart_card www.smartcardalliance.org/ www.smartcardbasics.com www.iso.org www.buzzle.com/articles/types-of-smart-cards.html www.basiccard.com www.cardlogix.com/ www.infineon.com www.tldp.org/HOWTO/Smart-Card-HOWTO/classification.html
Full transcript