View and vote on the article here: Smart Cards Security
Smart Cards Security| Category | | | Summary | | The wave of the future is barrelling in fast, and surfing to the beach is the Smart Card. Imagine your identity just chilling in the back of your pocket, in a single credit card sized form. Inside that card contains: your credit and debit accounts, medica |
| | Body | This card is even expected to replace currency and credit cards. This 'electronic wallet' is protected by cryptographic keys, to ensure protection even when someone manages to get a hold of your card. This powerful little card is riding in fast and has already caught on in the US government and the medical fields in Europe.
There are two basic types of smart cards - contact and contactless. Contact smart cards require a smart card reader, where the micro-chip needs to have direct contact in order to be read. The micro-chip is placed in a cavity formed in the card and bonded by glue. The micro-chip is a conductive material usually gold plated, and is made up of an I.C. chip that is placed on a contact pad and surrounded by epoxy and wire bond. This card is often used for logging into government computers and encryption keys for sending emails.
A contactless smart card only needs to be swiped within close proximity of a reader. The card, as well as the reader, has an antenna in order to work wirelessly. The card needs to have a power source of some kind in order to work. Some cards run off a chip that emits an electromagnetic signal while others run off a small battery. The contactless chip and antenna are set between two cards and are connected through a conductive link, such as a thin wire; these cards are used for mass transit systems, such as the metro system in the D.C area. There are two other types of cards which are spin-offs of the contact and contactless cards- hybrid and combi cards. The hybrid card has both contact and contactless chips in the card, which are not connected to each other. The combi card has one chip that is the contact and contactless chips combined. The chips in these cards fall into two categories as well-microprocessor and memory chips.
A memory chip stores information and has optional security features. The security of the chip is dependant on the reader and only provides low to medium security. A microprocessor chip can: add, delete, and modify information in its memory. This chip contains it?s own little operating system and can come in 8, 16, and 32 bit architectures, and all the cards use some sort of electrical fluctuation to send and receive data.
Smart card data is encrypted and stored on the card itself, which opens holes for that data to be compromised. All the data is stored on the EEPROM, which stands for Electrically Erasable Programmable Read-Only Memory- this means if it is exposed to a certain type of current the data it can be modified or even erased. The voltage fluctuation is hard to determine so this is not usually a successful attack, but high temperature or focusing the UV light on the EEPROM can remove the security lock and then the data can be compromised. In order to protect the data, certain measures have been taken to make the hacking process much more difficult.
Using advanced micron technology greatly reduces the size, power, and electric variations cards use, and adding a third metal layer makes it more difficult to use Simple Power Analysis (SPA) and Differential Power Analysis (DPA). SPA and DPA are power attacks where the hacker monitors the power spikes and ?reads? the data off the card. The cards contain a built-in timer that has an unpredictable number generator and changes the pattern of power fluctuations. They also have a set of security procedures and firmware functions that allow an application to detect and respond to conditions that might indicate an attack. These conditions include: invalid operating condition, bad codes, bad addresses and violations of chip integrity; they then can respond by interrupting current power flow, program reset, or erasing entire EEPROM array. On the OS side, all of the files contain certain attributes to aid in the security process.
There are five basic rights given: ALW (Always) access is not restricted, CHV1 (Card holder verification) access granted with common user identification PIN, CHV2 (Card holder verification) access granted with unblocking PIN pre-stored in the card, ADM (Administrative) all levels combined and any added administrative policy, NEV (Never) access is forbidden. For added security two PIN numbers are stored in the card, one set by the user and the other preset in the card. When a PIN has been incorrectly punched in the card is locked until it is reset through a specified process, usually going to the administrator and having it reset. Software is also used to protect the data, and the type of security is based on the vendor and software used.
While the card is riding in on its wave, constant changes are being made. As more and more vulnerabilities are found, more and more changes are being made. These cards are made in easy to assemble parts to make replacing outdated technology easy to ensure the users? card is up to date in security and features. Much like desktop PCs, smartcards are only as safe as you or your administrator make them. |
|
This article was imported from zZine. (original author: Pixie Luv)
There are no replies to this post yet.
|