A
smart card doesn’t look so different from a credit
card. But, it has an embedded controller that provides
computational capability and protected storage.
A
smart card’s most important feature is the higher
level of security it offers compared to other technologies
like magnetic-stripe or memory cards. Smart cards
are good for applications needing a portable token
and the ability to manipulate the data they carry.
Smart
cards are also referred to as an integrated circuit
card (ICC), and can interface with a point-of-sale
terminal, ATM, or card reader integrated into a phone,
computer, vending machine, or other appliance. As
Figure 1a shows, the semiconductor devices on a smart
card attach to a module embedded in the top left corner
of the card, which provides contacts to the outside
world.
|
(Click
here to enlarge)
|
Figure
1a—This is the plastic form
factor and module for a contact smart card as
defined by ISO 7816. b—in
a contactless smart card, the antenna is generallly
located around the perimeter of the card. |
Although
most smart cards require physical contact between
the card and the pins in a reader, a growing number
of applications use contactless cards. These cards
communicate and are powered by radio signals or inductive
or capacitive coupling (see Figure 1b).
Contactless
smart cards are used in situations requiring quick
transactions (e.g., mass-transit turnstiles). They
can be more physically robust than contact cards because
there’s no wear and tear on the contacts and
the readers aren’t as open to wear or vandalism.
Efforts are underway to standardize hybrid cards for
contact and contactless systems.
The
international standards for smart cards have been
developing since the late 1970s. ISO 7816, the basis
of most smart card-related standards, defines the
mechanical, physical, electrical, and handshake interface
between the card and reader without restricting the
silicon in the card or the application for the card.
More recent standards address new technologies such
as contactless smart cards or application areas like
financial cards, Internet payments, airline ticketing,
and so on (see Table 1).
| Table
1–Various organizations are involved in developing
standards relating to smartcards. The Smart Card
Forum has prepared an overview and description
of pertinent standards, “Standards and Specifications
of Smart Cards: An Overview.” |
COSTS
AND BENEFITS
Current
smart cards, made by GemPlus, Schlumberger, and Bull
CP8, among others, range in price from less than $1
to about $20. This cost includes the silicon, OS,
module (the chip package providing the connections
to the outside world), and plastic card.
In
addition to the card itself, the software and networks
previously designed to handle cash, credit, or checks
have to be modified. Let’s look at the benefits
of implementing a financial smart card.
A
stored-value card is attractive because it reduces
the amount of change the shopper carries and can be
used in small-value transactions where credit cards
or checks are less desirable. Retailers prefer stored
value because it increases small cash transactions,
which financial institutions currently avoid because
the overhead on credit cards or checks are too high
for profit.
The
cards also reduce the hidden cost of handling, storing,
and safeguarding cash (estimated as ~4% of the value
of all transactions).
OVERALL
SYSTEM SECURITY
The
security of any application depends not just on the
smart card chip and its security features but on the
software structures implemented on-chip and even more
broadly on the integrity of the overall system.
To
design for security, first define the entire system.
Consider the operating environment, including any
expected, imagined, or feasible security attacks.
Be paranoid. If the system involves any monetary value
or secret, proprietary, or private information, there
will be active attempts on the system.
Define
the personality of the attacker (university student
hacking for the challenge, international cartel searching
for industry secrets), the attacker’s resources
(home workshop, university lab, or the resources of
an entire government), and the value of the information
to the attacker in time and money.
No
security strategy is absolute. Given enough time,
resources, intelligence, and luck, it’s possible
to circumvent any security.
Most
systems impose many barriers so that defeating one
or a few security features does not compromise the
entire system and so that the time and resources needed
to break into the system exceeds its value to the
attacker. But of course, system developers need to
design a reasonable and practical system with a cost
commensurate with the value of the protected information.
An
attacker will search out the weakest link in the security
chain. So, evaluate all aspects of the system:
- is
system knowledge controlled or segregated so that
no one person or group knows all details?
- is
the exchange or storage of information protected?
- do
the protected secrets affect the entire system
or a single user?
- is
the system prepared to not only prevent a security
break but recognize if one has taken place and
have the means to recover?
- can
you update the system against new attack scenarios,
so the system won’t become obsolete over
time?
It’s
good to evaluate system performance using various
security criteria—those of a recognized body
(e.g., ITSEC) or industry (e.g., SET), or those defined
only for the specific application.
Also
consider the exportability of the system if the application
is international or to be exported. Most governments
closely control encryption or decryption techniques.
Once
you identify the overall system security needs and
vulnerabilities, you can use the smart card as a tool
to strengthen security.
