Software and Hardware Issues in Smart Ca20161218-12195-Uinjmf
Software and Hardware Issues in Smart Ca20161218-12195-Uinjmf
Software and Hardware Issues in Smart Ca20161218-12195-Uinjmf
discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/220250209
CITATIONS READS
13 603
4 authors, including:
Odysseas G. Koufopavlou
University of Patras
192 PUBLICATIONS 1,526 CITATIONS
SEE PROFILE
All content following this page was uploaded by Georgios Selimis on 18 December 2016.
I. I NTRODUCTION
will last for a considerable time period. This card identified II. S MART C ARD M AIN F UNCTIONALITY
you as member of a selected group, and was accepted by The evolution of Smart Cards technology is based on the
certain restaurants and hotels. Later, VISA and MasterCard convergence of many different technologies [2]. To understand
entered the market, and eventually the cost pressures of smart card technology, smart card functionality can be sepa-
fraud, tampering, merchant handling, and bank charges made rated into three basic abstraction layers as presented in Figure
the machine-readable card format using a magnetic stripe 1. The hardware layer is characterized by the main components
unavoidable. This technology is used only for data storage of a smart card silicon chip. In this layer, the basic hardware
and its security features are weak. Therefore, magnetic stripe architecture of a processing system is found, consisting of
technology is considered unsuitable for storing sensitive data a Microcontroller, RAM, ROM and EEPROM memory units,
and for highly sophisticated applications. Coprocessor and Input/Output interface. The operating system
In 1968, German inventors Jurgen Dethlof and Helmut layer is characterized by the operating system that efficiently
Grotrupp filled the first Integrated Circuit Card related patents. manages Smart Card system resources. The operating system
Similar applications followed in Japan in 1970 and France is placed in a ROM. The application layer is characterized by
in 1974. In 1984, the French Postal and Telecommunications the smart card applications which are stored in an EEPROM.
services (PPT) successfully carried out a field trial with The topmost layers of Figure 1 are more accessible to the
telephone cards. By 1986, many millions of French telephone smart card users while the bottommost hardware layer is
smart cards were in circulation. Their number reached nearly transparent to those users.
60 million in 1990, and 150 million in late 90’s. Today, The command message sent from the application layer, and
Manuscript received 27 September 2006; revised 27 May 2008. the response message returned by the card to the application
G. Selimis is with the Ultra Low Power DSP Group, IMEC Netherlands layer, are called Application Protocol Data Units (APDU).
(e-mail: [email protected], http://www.imec-nl.nl). An APDU can be considered a data packet that contains a
A. Fournaris, G Kostopoulos and O. Koufopavlou are with Department of
Electrical and Computer Engineering of Patras, Greece. complete instruction or a complete response from a card. Two
Digital Object Identifier 10.1109/SURV.2009.090310. types of APDUs are defined in ISO 7816-4: command APDU
1553-877X/09/$25.00
c 2009 IEEE
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
144 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 11, NO. 3, THIRD QUARTER 2009
85.6mm
(CAPDU) and response APDU (RAPDU). Command APDU
is responsible for sending data from the smart-card reader 9.07 9.62
to the smart card, and Response APDUs, is responcible for C1 VCC
C2 RST
C5 GND
C6 VPP
senting data back from the smart card to the smart card reader C3 CLK
C4 RFU
C7 I/O
C8 RFU
communication. Those protocols are called T=0 and T=1. In C3 CLK C7 I/O
the T=0 protocol, the terminal initiates communications by C4 RFU C8 RFU Thickness=0.76 mm
sending a 5 byte instruction header which includes a class
byte (CLA), an instruction byte (INS), and three parameter Fig. 2. Smart card front view, dimensions and contacts
bytes (P1, P2, and P3). This is followed optionally by a data
section. From the smart card’s perspective, most commands TABLE I
are viewed as either incoming or outgoing. The length of the F UNCTIONALITY OF SMART CARD CONTACTS
data employed by each incoming our outgoing command is Position Technical Abbreviation Operation
specified by the P3 byte. Error checking is handled exclusively C1 Vcc Supply Voltage
by a parity bit appended to each transmitted byte. If the card C2 RST Reset
C3 CLK Clock Frequency
correctly receives the 5 bytes, it responds by transmitting
C4,C8 RFU Reserved for future use
a one-byte acknowledgment equivalent to the received INS C5 GND Ground
byte. If the terminal is transmitting additional data (incoming C6 Vpp External Programming Voltage
command) it will send the number of bytes, specified in P3. C7 I/O Serial Input/Output
When the card has received the complete instruction, it can
process it and generate a response. All commands have a two-
byte response code, SW1 and SW2, which reports success or The card connects to a reader through direct physical
an error condition. If additional data need to be returned by contact or a remote contactless electromagnetic interface. This
a successful command, their data length is specified in the difference separates smart cards into two basic categories:
SW2 byte. In this case, the GET RESPONSE command is contact smart cards (ISO 7816) and contactless smart cards
used, which is a 5-byte instruction conforming to the protocol. (ISO 14443, type B) [3]. There are also dual interface cards,
In the GET RESPONSE instruction, P3 will be equal to that communicate with the external world using both ways.
the number of bytes specified in the previous SW2 byte. Contact cards have an one-centimetre diameter gold plated
GET RESPONSE is an outgoing command from the card’s pad that has eight contacts on it. These contacts are in
point of view. The terminal (smart card receiver) and card turn wired to a microchip underneath the pad. The electrical
communicate in this manner, using incoming or outgoing specifications for smart cards are defined in ISO 7816 parts
commands, until processing is complete. 2 and 3 and GSM 11.11. Electrical contacts are typically
denoted as C1 through C8 from top left to bottom right.
The layout of the contacts according to ISO 7816 is shown
III. S MART C ARD H ARDWARE in Figure 1 and the description of each contact is presented
A smart card hardware system is described by its physical, in Table 1. The Vcc contact is specified at 5 volts. Low
electrical properties and its hardware architecture. In this power demands and interoperability with mobile phones have
chapter, the hardware of a typical smart card is described. triggered a modification in the Vcc voltage from 5 volts to less
Also, the need for low power dissipation is highlighted and than 3 volts [4]. The Vpp is used for voltage supply to the
low power solutions are presented. memory units of the Smart Card. The Vpp contact is rarely
used due to resulting charge pumps on the chip after Vpp
activation [5], [6].
A. Physical and Electrical Properties A brief description of the contacts is presented in Table 1.
A smart card is a credit card size plastic card with an Recently, a new generation of smart cards, called contactless
embedded microchip. A smart card is more secure and smart card, have been introduced in the worldwide smart card
contains significantly more memory than a magnetic stripe market. Contactless cards have an embedded microprocessor
card. It includes an embedded integrated circuit chip (ICC), chip but also contain a miniature radio transceiver and antenna.
which is a microcontroller with internal memory. Sensitive They only operate within close proximity to the reader. Instead
information can be stored in the memory and elaborated of inserting the card you simply pass the card close to the
mechanisms protect those information. The development of reader. Contactless cards tend to be more costly than contact
smart cards keep step with the development of various related cards and are best suited for transportation and building access
technologies and special effort is demanded for integrating all applications.
these technologies in the smart card circuit. Some advantages of the contactless smart card technology
The physical size of a smart card is described in ISO 7810. are the following:
The dimensions of a smart card are 85.6 mm by 53.98 mm, • more than one person can be serviced by the reader at
with a corner radius of 3.18mm and a thickness of 0.76mm as the same time.
presented in Figure 2. Smartcard chip placement was defined • the lack of physical electrical connection minimizes the
in ISO 7816-2, which was developed in 1988. maintenance of the reader since there are no worn con-
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
SELIMIS et al.: SOFTWARE AND HARDWARE ISSUES IN SMART CARD TECHNOLOGY 145
EEPROM CRYPTO
GND
The contact interface
Fig. 4. Smart card microcomputer architecture
view due to its restricted size. Even when using a high level
language in the smart card, the programmer is acutely aware
Fig. 3. Dual interface smart card of the need to economize on the use of temporary variables.
Therefore, a smart card programmer has to be aware not only
of how much RAM he is using, but also how much RAM is
tacts to be replaced or openings to be unblocked.
needed by the routines he calls. A typical RAM capacity is 1-
• the issue of interoperability, different things to different
4 Kbytes. It is divided into regions for the registers, the stack,
people, is being improved.
general variables, cryptographic algorithms and the I/O buffer.
Contactless smart card integrated circuits constitute a sig- When the limits of the available memory are reached, RAM
nificant advance in security identification technologies and by moves its content to the EEPROM. The main disadvantages of
incorporating strong security features they can significantly this scenario are the long data writing delay of the EEPROM
enhance privacy protection in a properly implemented system. and the limited lifetime of the EEPROM cells, since those
In order to achieve interoperability, smart card manufacturers cells can be written for a limited number of times.
have begun to employ both communication protocols (ISO The EEPROM non-volatile memory is a costly component
7816 and ISO 14443) to the smart card system. As a result, that takes up to 50 percent of the smart card chip area. The
many companies are now producing smart cards with dual data stored in EEPROM are organized in a more elaborate
interface (Figure 3). Power on the contactless Smart Card way when compared to data organization in the other two
is provided by induction, as a result of an antenna on the types of memory. In the first EEPROM region (16-32 bytes)
card being moved through a magnetic field provided by the manufacturing data are stored, generated during chip fabrica-
stationary device. No battery is required. However, this RF tion. In the following EEPROM region, tables and the pointers
field induction process supplies the Smart Card with very are stored or loaded. The combination of these tables and
limited amounts of power. For this reason, power dissipation pointers and the routines stored in the ROM yield the complete
is very constrained in contactless smart cards. smart card operating system (operation system region). Above
the operating system region, application specific-commands
B. The Smart Card Hardware Architecture or algorithms that are too large to fit in the ROM are
Smart card integrated circuit development follows the evo- placed (application program region). Following the application
lution of several different design technologies. Such tech- program region, a region containing all of the file structures,
nologies include semiconductor technology, mixed technology the entire externally visible file tree (file region) is positioned.
integration and power consumption design techniques. The Finally, there is an optional free memory region that has
resulting smart card integrated circuit is a complex Secure its own memory manager. This free memory region is often
System on Chip (SeSoC) that includes a CPU core, dedicated assigned to individual applications in the file region. Data like
IP blocks, native embedded software and functions for mem- account numbers, number of loyalty points or amount of e-
ory management and security [7]. cash is stored there.
The heart of a smart card is a CPU surrounded by four There are basically two categories of files for file smart
functional blocks [1]: ROM, EEPROM, RAM, and an I/O port cards. The first category is directory files, which are called
(Uart). The card also includes special circuitry for security dedicated files (DFs). The second category consists of the files
(Crypto) and memory management (MMU). that hold the actual user data, which are called elementary files
The ROM contains the chip operating system (or mask) (EFs). A DF acts as a sort of folder containing other, lower
which is burned in during fabrication. The ROM is efficient level DFs or EFs that logically belong together. EFs can be
in terms of space and power requirements. It is also used classified into those for the external world (working EFs) and
for storing fixed data, standard routines and lookup tables. those for the operating system (internal EFs).
Code and data placed in read-only memory when the card is The operating system is typically stored in ROM. RAM is
manufactured, cannot be altered in any way. The ROM content the working memory of smart card’s CPU. Data storage and
is static for the life of the chip. retrieval is done in the EEPROM. The Memory Manager Unit
The RAM is the processor’s working memory. The RAM (MMU) is a hardware module responsible for handling mem-
is a volatile memory used for temporal storage of executing ory access requested from CPU. The chip has an input/output
programs and data. This is the most precious resource on (I/O) serial line for communicating with the outside world. The
the smart card, from the card software developer’s point of universal asynchronous receiver transmitter (UART) module
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
146 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 11, NO. 3, THIRD QUARTER 2009
serializes commands coming from the terminal and responses The above methods for low power design and the need for
going to the terminal [1]. speed and flexibility in smart card operations can be combined
Crypto Processor unit is a dedicated hardware structure so as to propose a new approach in system architecture
which is typically able to perform a very limited set of design called Application Specific Instruction Set Processors
cryptographic computational tasks. It can achieve extremely (ASIP) [14]. ASIPs take advantage of user-defined instruc-
high computational performance and high-energy efficiency tions and a user-defined data path optimized for a certain
for cryptographic high cost operations. target application. The result of this optimization is higher
The electrical power for the chip is provided by the terminal computational performance and better energy-efficiency than
on VCC and GND contacts. All processing operations in in general purpose processor approaches. For this reason, the
the chip are synchronized with a clock (CLK) contact that current industrial smart card market tends to use more and
is received from the terminal. The RST contact receives the more customized processors, like ASIPs.
electrical reset signal from the terminal, which brings the chip
to an initial status. IV. S MART C ARD O PERATING S YSTEMS
The first generation of the smart card software starts around
C. Low Power Issues 1981 with memory and credit cards, the second in 1985 with
Next generation smart cards enclose wireless communi- health care cards, the third around 1992 with CQL and SIM
cation protocols (contactless cards) and can operate only in cards, and finally the fourth around 1996 with open smart
extremely low power conditions [8], [9]. Therefore, efficient cards like Multos and Java Card [15].
power management is demanded in order to support sophis- From the first generation cards of the early eighties to
ticated, computational intensive, services on the smart card. the open platforms model of the late nineties, changes in
CMOS hardware technology offers high power dissipation software architecture have been characterized by a progressive
efficiency compared to other integration technologies [4] so separation between the operating system and applications.
it fits appropriately for implementing smart card systems. Application-level and operating system-level parts were no
Power dissipation in CMOS technology is given by the longer managed together, meaning that providers could man-
formula: age the software life cycle themselves. If the operating system
Pd = Cef f .V 2 .f (1) is loaded and initialized at the lowest level, the loading and
instantiation of application-level software is moved up to user
where Pd the power in Watts, Cef f is the effective switch
level.
capacitance in Farads, V is the supply voltage in Volts, and f
Today, smart card OS infrastructures have evolved from
is the frequency operation in Hertz. From equation (1) it can
be noted that voltage reduction leads to a significant reduction chip-dedicated to chipless infrastructures by means of low-
in power consumption. Therefore, voltage supply reduction level drivers layered by system and then application services
is an efficient way for reducing power consumption. In fact, [16]. These low-level drivers are usually chip specific but can
as CMOS technology evolves, external voltage supply and work with either open or native cards.
required circuit operational power is decreasing. Hardware abstraction layers (chip and driver level) come
Another way to reduce power consumption is decreasing first. Chip drivers are implemented in native machine lan-
the effective switch capacitance Cef f and the frequency f by guage. The hardware abstraction layers provide the OS with
minimizing the switching activity. Cef f = aC, where C is the general low-level services that remain identical regardless of
capacitance being charged/discharged and a the probability the utilized chip [16]. Usually, chip drivers manage crypto-
that a transition occurs (switching activity). A widespread graphic peripherals (for example, RSA, DES, or random gen-
technique to reduce the switching activity parameter is the erator), system peripherals for memory writes/reads/accesses
use of a gated clock. Because CMOS power consumption is and communication, and security peripherals such as normal
proportional to the clock frequency, dynamically turning off working - condition sensors. Those chip drivers must account
the clock to unused logic or peripherals is an obvious way for new hardware features dedicated to security, memory
to reduce power consumption [4]. Gated clocks are used, in access, or communication. Some features are quite simple.
power management, to shut down portions of the chip that They include:
are inactive. This, saves on clock power because the local 1) A universal asynchronous receiver-transmitter (UART)
clock line is not active all the time. Further reduction of power communication driver.
consumption through switching activity minimization can be 2) Memory banking, which enhances addressing capacity.
obtained by using asynchronous designs [10], [11]. The lack 3) Timers and an interruption handler.
of clock reduces the switching activity factor dramatically. 4) Error correction and scrambling for highly reliable
Another way to reduce the system frequency is by the use of memories and
pipelined architectures. A given hardware function can achieve 5) new security sensors.
the same performance level if the system adopts parallel The smart card operating system (OS) is a sequence of
architectures operating with lower external voltage. In other instructions, permanently embedded in the ROM. The OS
low power approaches, hardware designers try to analyze the for proprietary cards is built over a set of services for data
required operations and replace power demanding functions management, access control, and cryptographic services The
with simple low power circuits. An attempt in this road is basic functions of an operating system that are common across
presented in [13], [12]. all smart card products are: [1].
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
SELIMIS et al.: SOFTWARE AND HARDWARE ISSUES IN SMART CARD TECHNOLOGY 147
MULTOS VM
Hardware Hardware
is included when compiling and the. ”class” files could be
tested in the Java Card simulation environment. The byte code
Fig. 5. Java Card system architecture converter verifies the .class file and optimizes them for the
limited resources of a smart card. They are statically linked
and converted into .cap files. The .cap files could be tested in
1) Management of interchange between the card and the
the Java Card emulator environment.
outside world, primarily in terms of interchange proto-
col.
2) Management of the files and data held in memory. B. MULTOS
3) Access control to information and functions. MULTOS (Multiple Operating System) originally devel-
4) Management of card security and the cryptographic oped by Mondex International, is an open high-security multi
algorithm procedures. application operating system for smart cards, enabling a
5) Maintaining reliability, particularly in terms of data number of different applications to be held securely on the
consistency, sequence interrupts, and recovering from card at the same time. For application development, Mondex
an error. International has developed a smart card-optimised language:
MEL (MULTOS Enabling Language), and the MULTOS API
A. Java Card specification. The MULTOS specification is openly licensed
and controlled by leading international organizations. The
A Java Card [17] is a typical smart card: it conforms
most important feature of MULTOS is the language indepen-
to all smart card standards and thus requires no change to
dency as is presented in Figure 6.
existing smart card-aware applications [17]. However, Java
Assembly Programming Language: MULTOS is the only
Card has a basic difference from the typical smart cards, a
platform that has an easy to use assembly language. MULTOS
Java Virtual Machine (JVM) is implemented in its read-only
smart card applications were originally developed in MEL
memory (ROM). The Java Virtual Machine controls the access
(MULTOS Executable Language), which contains typical as-
to all smart card resources such as memory and I/O, and thus
sembly instructions plus ”smart card friendly functions” called
essentially supports the functionality of a smart card operating
primitives.
system. The JVM executes a Java byte code subset on the
C Programming Language: MULTOS is a platform that
smart card, ultimately providing the functions accessible from
has a C compiler. The SwiftC development tool from Swift-
outside, such as signature, log-in, and loyalty applications.
Card is an ANSI compliant compiler that allows very quickly
A smart card with the potential to set the overall smart
port of existing application to the MULTOS operating system.
card standard, Java Card is comprised of standard classes and
Java Programming Language: Both Java Card and MUL-
APIs that let Java applets run directly on a standard ISO
TOS can support the Java language. In both cases, a Java com-
7816 compliant card. The main architecture of a Java card
piler translates the source to Java classes. For Java Card, the
is presented in Figure 5.
classes are converted to Java Card byte code. For MULTOS,
Java Card operating system allows the applications on a
the SwiftJ compiler translates the Javaclasses (or Basic, or
smart card to be written in Java [18]. This fact gives inde-
Modula2) to MEL code.
pendence to Java on-card software development. Additionally,
Visual Basic Programming Language: Smartcard for
it provides a good basis for multi-application cards, which
Windows has chosen this language as their application de-
support more than one application at a time. The on-card
velopment language of choice. To make MULTOS accessible
executables are referred as Card applets and consist of a
to the Visual Basic (VB) community, SwiftCard Technology
Java Card Specific byte code, which is interpreted by the
is currently working on a Visual Basic to MEL translator.
Java Card Runtime environment. This runtime environment
controls the execution and makes sure that different applets
do not interfere. C. Windows Card
The source files can be compiled into regular Java byte In 1999, Microsoft presented their Windows for smart cards
code with a standard Java compiler. The Java Card Framework operating system. As the newest member of the windows
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
148 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 11, NO. 3, THIRD QUARTER 2009
operating system family, Windows for smart cards extends Chinese Remainder Theorem (CRT) in order to speed up the
the benefits of the windows environment to the smart card calculation process. Even when 1024 bit keys are used, the
segment. time needed to perform one signature is typically less than
The Microsoft windows for smart cards is designed to be one second. Usually the EEPROM region that contains the
a low-cost, easy to program platform that runs visual basic private key is designed in such a way that the sensitive key
applications and is designed to extend the pc environment into data never leaves the chip. In this case, even the card holder
smart card use. Quite similar to Java Card, the development of can’t access the key material. The usage of the private key
applications running on a smart card is leveraged by providing is protected by the user’s PIN, so that possession of the card
a high-level programming language. Instead of Java, Microsoft alone does not give the right to sign with that card.
chose to use byte code generated from Visual Basic to be Although smart cards have the ability to generate RSA key
executed in a runtime environment on the card. The on-card pairs, this operation can be very slow. The upper bound of this
applet communicates with corresponding off-card applications time delay violates the ISO specifications for communication
using common APDUs. The operating system exposes an timeout, hence, specialized hardware or software is sometimes
API for working with smart card contents. The API offers necessary to reduce the time delay of key pair generation.
interoperability and can be accessed either by Visual Basic or Also, the cryptographic strength of the key pairs generated
native applets. in smart cards may not be very high. Due to the lack of
There are many other operating systems for smart cards. computing power, a relatively weak random number source
The most popular other such operating systems are Cyberflex as well as relatively weak algorithm for selecting large prime
[19], MFC [20], Oscar [21] and StarCOS [1]. numbers is used in smart card key pair generation.
Other digital signature approaches can be used to reduce the
V. S ECURITY I SSUES IN S MART C ARD T ECHNOLOGY key size. One such approach is Digital Signature Algorithm
Thwarting malicious behaviours in Smart Card technology (DSA) using 512 bit key pairs or Elliptic Curve Digital
is a major security issue. In order to maintain a high security Signature Algorithm (ECDSA) using 160 bit key pairs [28],
level, Smart Cards support strong cryptographic functions. [29].
In this chapter, the cryptographic capabilities of Smart Card The use of public-key algorithms based on Elliptic Curves is
technology are discussed and possible attacks on Smart Card quite novel and not yet extensively used. There are two types
systems are presented along with appropriate security coun- of Elliptic Curves (EC) used in elliptic curve cryptography
termeasures. (ECC), EC over GF (p) and GF (2n ). ECC defined over
GF (p) Fields (a Galois Field over the prime p) utilizes
resources similar to those of standard public-key cryptography
A. Cryptographic Capabilities (RSA). ECC over GF (2n ) (a Galois Field over polynomials of
Many cryptographic approaches have been proposed for size n) computations don’t require carries (addition/subtraction
smart card security. Each approach leads to an implementation is a XOR operation, and multiplication is done without internal
either in software or in hardware [16]. The choice of imple- carries).
mentation depends on the application and on the algorithm to Hashing algorithms [30], [31], [32]: Hash Functions, like
be implemented. Hardware implementations are more expen- SHA-1 and MD-5, are employed in digital signature gener-
sive in terms of hardware resources (power consumption, chip ation and verification process. Hash functions are generally
area) but they perform better than software implementations faster than digital signature scheme algorithms. For that reason
in terms of throughput. The environment of smart cards is the digital signature of an entity, is generated using the entity’s
resource-limited and the design of specific crypto cores has to hash value, which is small compared to the document to be
be power and area efficient. signed.
Secret-key encryption algorithms [22], [23], [24]: DES, Random numbers are always required in cryptographic
Triple DES and, more recently, AES are commonly found procedures. Smart cards use random numbers for:
in smart cards. Software implementations are 10-100 times 1) Key generation, in order to authenticate the card and the
slower that hardware ones. For this reason attempts are made terminal.
for improving software implementations. In order to achieve 2) Creating padding bytes and blinding values for encryp-
that, the processor needs to access memory very fast and to tion, as initial values for transmission sequence counters.
utilize an extensive instruction set. Such an instruction set 3) Implementation of algorithmic counter-measures against
includes instructions for specific cryptographic functions like side-channel attacks.
bit permutation, expansion and substitution. Such instructions Random numbers that cannot be predicted or externally in-
are enabled by a configuration register that determines how to fluenced, guarantee the security of these procedures [33]. Due
place the bits of one register. to the fact that most cryptographic systems have a classified
Public-key encryption algorithms [25], [26], [27]: All security status, researchers do not publish their designs [33].
Public Key encryption algorithms employ a complex mathe-
matical background for performing cryptographic operastion.
For example, RSA, Diffie-Helman (DH), or the Digital Sig- B. Threats/Attacks on Smart Cards and Security Countermea-
nature Standard (DSS) employ modular multiplication. RSA sures
signatures and verifications are supported with a choice of 512, The introduction of cryptographic mechanisms does not
768, or 1024 bit key lengths. The algorithms typically use the guarantee that our system will operate in a secure environment.
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
SELIMIS et al.: SOFTWARE AND HARDWARE ISSUES IN SMART CARD TECHNOLOGY 149
A malicious entity can mount a cryptanalytic attack and may etc.) is a potential consumer of smart cards for identification
succeed to decode useful information like keys from a smart purposes [37].
card system. Apart from using cryptology an attacker can rely Transaction processing: The potentials of smart card tech-
on the help of highly sophisticated technological tools in order nology are very high especially if that technology is used
to read the smart card bus of memory. For these reasons, in assisting goods and service transactions, both in web-
the attacks can be distinguished in two main categories: non- based and traditional establishments. The smart cards can be
invasive tampering attacks and invasive tampering attacks. reloaded with cash value in ATM machines and can be used
Reverse engineering is the most extreme form of invasive as a credit card.
attack where the smart card is depackaged and completely Following the above directives, Smart Cards can be applied
analyzed [12]. Monitoring of bus signals is often sufficient to in a wide variaty of applications:
extract data, and can be undertaken by dropping picoprobes Financial services: Smart Cards are used to deliver higher
on bus lines. value-added services to businesses and consumers at a lower
On the other side, there are plenty of non-invasive attacks. cost per transaction. These services include money on a card,
Software attacks use the normal communication interface of corporate card programs, and targeted marketing programs
the processor and exploit security vulnerabilities found in the based on analysis of consumers’ buying patterns.
protocols, cryptographic algorithms, or their implementation. Loyalty programs: Airlines, shops, retailers, and other
Eavesdropping techniques monitor with high time resolu- companies that offer a range of loyalty programs along with
tion, the analogue characteristics of all supply and interface their basic product, benefit from Smart Card technology. Smart
connections and any other electromagnetic radiation produced Cards are used to deliver these programs with a higher level
by the processor during normal operation. of service and at a lower cost.
Fault generation techniques use abnormal environmental Telecommunications: Smart Cards offer a mechanism to
conditions to generate malfunctions in the processor that secure cellular phones against fraudulent use. Additionally,
provide additional access. they offer the ability to download new functions into a phone
There are several works that propose techniques or design in real time.
aspects for protecting the smart card from the above attacks. Set-top boxes: In subscription satellite and cable services,
The smart card security is improved by techniques like: Smart Cards offer security and the ability to add/update
1) Eliminating data dependent power consumption [34]. customer functions available to consumers in real time.
2) Defending against fault induction by using a redundant Secure network access: Smart Cards can carry an individ-
encoding scheme [35]. ual’s digital signature. With this ability, they provide a special
3) Diffusing data depended timing [35]. mechanism to secure access to computer networks within a
4) Propagating alarm signals as an internal part of the data corporation. They help ensure that only individuals with the
[36]. proper authority can get access to specific network resources.
5) Add tamper proof protection of the Smart Card chip Other Applications of Smart Cards include: Government,
[36]. Healthcare, Information Technology, Mobile Communication,
Mass Transit, Electronic Toll Collection, and Telephone Cards.
VI. S MART C ARD A PPLICATIONS Smart Card technology is focused on the following trends:
Smart cards are introduced with an increasing usage rate in a 1) The evolution of transistor technology, following
wide variety of information technology applications. Telecom- Moore’s law, enable us to gradually integrate more
munication companies provide SIM (Subscriber Identity Mod- and more complicated systems on chip covered area
ule) cards for mobile telephony and prepaid public telephone constrained environments, like Smart Cards. However,
cards. Smart cards are used as multimedia or pay-TV cards and battery technology cannot follow this evolution. Thus,
they are also employed in transportation systems. An attempt power-energy dissipation tends to become the design
for more secure financial service cards (banking, shopping) bottleneck in Smart card systems. For this reason, low
enforces the conversion of magnetic stripe cards or credit cards power-energy policies are applied on smart card systems
to smart cards. In general, Smart Cards are used for three in order to extend their battery’s lifetime.
major purposes: authentication, identification and transaction 2) The idea of using smart cards anytime, anywhere, any-
processing. way is gaining ground as a design goal. Thus, in order
Authentication: Smart cards provide information to au- to establish Smart Card technology as a credible trust
thenticate an individual’s claim of personal identification mechanism for a wide variety of informatics applica-
using either token-based or knowledge based authentication tions (internet-wifi, financial transactions, telecommuni-
approaches [3]. Token-based systems use an item such as a cations, transportations), network and application inter-
passport, driver’s licence, credit card, or key for identification, operability becomes a crucial factor. Improvements on
whereas knowledge-based systems tend to rely on memorized the smart card communication interface must be made
information such as PIN numbers or passwords. in order to support up-to-date communication protocols
Identification: As government public and private organi- and mechanisms. Additionally, in order to interact with
zations move towards electronic method of service provision, various information systems, Smart Cards should be
the need of secure electronic personal identification becomes able to enclose more complicated operating systems and
more critical. Every organisation (university, company, library, applications (Multi-application Smart Cards).
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
150 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 11, NO. 3, THIRD QUARTER 2009
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
SELIMIS et al.: SOFTWARE AND HARDWARE ISSUES IN SMART CARD TECHNOLOGY 151
GSM and 3GPP specifications rely on the presence of a [2] K. Mayes and K. Markantonakis, Smart Cards, Tokens, Security and
UICC in the terminal for its operation. Without a UICC present Applications, Springer, January 2008.
[3] K. M. Shelfer, J. D. Procaccino, Smart Card Evolution, Communications
in the terminal the user can only make emergency calls. The of the ACM, Vol.45, No.7,July 2002.
UICC allows users to easily move their user subscriptions [4] J. Rabaey, A. Chandrakasan and B. Nikolic, Digital Integrated Circuits:
(including the phonebook) from one terminal to another. The A Design Perspective, Prentice Hall, 2003.
[5] A. Abrial., J. Bouvier, M. Renaudin, P. Senn, P. Vivet, A new contactless
user simply removes the smart card from a terminal and inserts smart card IC using an on-chip antenna and an asynchronous microcon-
it into another terminal. UICC is a generic term that defines troller, IEEE J. Solid-State Circuits, page(s): 1101-1107 Vol. 36, No 7,
the physical characteristics of the smart card (like the number July 2001.
[6] Proximity Communication Interface Implementation Specifications, New
and disposition of pins, voltage values, etc.). The interface Media Development Association, July 2001.
between the UICC and the terminal is standardized. [7] R. Wolfgang , Smart Card Applications: Design models for using and
A UICC may contain several logical applications, such programming smart cards, John Wiley and Sons, 2007.
as a SIM (Subscriber Identity Module), a USIM (Universal [8] B. Glover, H. Bhatt, RFID Essentials (Theory in Practice), O’Reilly,
January 2006.
Subscriber Identity Module), and an ISIM (IP multimedia [9] S. Lahiri, RFID Sourcebook, IBM press, September 2005.
Services Identity Module). Additionally, a UICC can contain [10] P.L. Sin, C.S. Choy, J. Butas , C.G. Chan, A Low Power Asynchronous
other applications, such as a telephone book. DES, IEEE Intl. Symposium on Circuits and Systems 2001, ISCAS ’01,
vol. 4 pp. 538-541, May 2001.
USIM (standardized in 3GPP TS 31.102 [39]) is another ex- [11] N. Sklavos, O. Koufopavlou, Low Power Implementation of an Encryp-
ample of an application that resides in third-generation UICCs. tion/Decryption System with Asynchronous Techniques, proceedings of
USIM provides another set of parameters (similar in nature, 2000 Conference On Microelectronics, Microsystems and NanoTechnol-
ogy, (MMN’00), pp. 325-328, Greece, November 20-22, 2000.
but different from those provided by SIM) which include user [12] G. Selimis, A. Kakarountas, A. P. Fournaris, A. Milidonis and O.
subscriber information, authentication information, payment Koufopavlou, A Low Power Design for SBOX Cryptographic Primitive of
methods, and storage for messages. USIM is used to access Advanced Encryption Standard for Mobile End-Users, in. ASP Journal
of Low Power Electronics JOLPE, Vol. 3, No3, 2007.
UMTS networks, the third-generation evolution of GSM. [13] G. Selimis, A. P. Fournaris, O. Koufopavlou, Applying Low Power
A USIM is required if a circuit-switched or packet-switched Techniques in AES MixColumn/InvMixColumn Transformations, proceed-
terminal needs to operate in a 3G (Third Generation) network. ings of 13th IEEE International Conference on Electronics, Circuits and
Obviously, both SIM and USIM can co-exist in the same Systems ICECS’06, Nice, France, December 10-13, 2006.
[14] T. Glokler , H. Meyr , Design of Energy-Efficient Application-Specific
UICC, so that if the terminal is capable, it can use both GSM Instruction Set Processors, Kluwer Academic Publishers, 2004.
and UMTS networks. [15] D. Deville, A. Galland, G. Grimaud, S. Jean, Smart Card Operating Sys-
A third application that may be present in the UICC is ISIM tems: Past, Present and Future, in proceedings in fifth USENIX/NordU
Conference, Vasteras, Sweden, February 10-14, 2003.
(standardized in 3GPP TS 31.103 [40]. ISIM is of special [16] J. F. Dhem and N. Feyt, Hardware and Software Symbiosis Helps Smart
importance for the IMS, because it contains the collection of Card Evolution, published in IEEE Micro vol. 21, No 6, 14-25, 2001.
parameters that are used for user identification, user authenti- [17] M. Baentsch, P. Buhler, T. Eirich, F. Horing M. Oestreicher, JavaCard-
From Hype to Reality, IEEE Concurrency, pp.36-42, October -December
cation, and terminal configuration when the terminal operates 1999.
in the IMS. ISIM can co-exist with a SIM, a USIM, or both [18] M. Hendry, Multi-Application Smart Cards: Technology and Applica-
applications in the same UICC. tions, Cambridge University Press, July 2007.
[19] Schlumberger, Cyberflex Smart card Series Developers manual, Avail-
able from www.cyberflex.com
VIII. C ONCLUSION [20] E. M Hamann, H. Henn, T. Schack, F. Seliger , Securing e-business
In this article, the recent smart card evolution is outlined. applications using smart cards, IBM Systems Journal, 2001 - re-
search.ibm.com.
Different smart card component technologies are analyzed and [21] General Information Systems Ltd., OSCAR, Specification of a smart card
the way those technologies are integrated into a complete filling system incorporating data security and message authentication,
smart card system is discussed in detail. More specifically, Available from http://www.gis.co.ukloscman1.htm
[22] J. Daemen, V.Rijmen, Efficient Block Ciphers for Smartcards, USENIX
issues in hardware design, software and operating systems, Workshop on Smartcard Technology May 10-11, 1999 Chicago, Illinois,
transmission protocols, cryptography and security are ana- USA.
lyzed. Also, the basic problems and bottlenecks in smart [23] Advanced Encryption Standard (AES), National Institute of Standards
and Technology (NIST), FIPS PUB 197, 2001.
cards devices are identified. Tactics for solving those problems [24] Data Encryption Standard, National Institute of Standards and Tech-
are presented. Furthermore, international standards on smart nology (NIST), Federal Information Processing Standard (GIPS) 46,
cards are discussed and the beneficial feature of smart cards National Bureau of Standards, 1977.
interoperability using those standards is highlighted. The wide [25] H. Handschuh and P. Paillier, Smart Card Crypto-Coprocessors for
Public-key Cryptography, published in J-J. Quisquater and B. Schneier,
variety of different smart cards is remarked and the most Eds., Smart Card Research and Applications, vol.180 of Lecture Notes
important such device models are analyzed. Smart Cards have in Computer Science, pp. 386-394, Springer-Verlag, 2000.
an increasing role in the technologically connected world and [26] Y. Eslami et al., An area-efficient universal cryptography processor for
smart cards, IEEE Trans. VLSI Syst., vol. 14, 2006, pp. 43-56.
familiarizing the reader on this technology seems imperative [27] D. Hankerson, A. Menezes, S. Vanstone, Guide to Elliptic Curve
before delving deeper in this technological field. In the future, Cryptography, Springer-Verlag, New York, 2004.
smart cards will become a miniature of a complete computer [28] IEEE Standard Specifications for Public-Key Cryptography, 2000.
[29] A. P. Fournaris, O. Koufopavlou, Hardware Design Issues in Elliptic
system, able to perform multiple procedures for a wide variety Curve Cryptography for Wireless Systems book chapter in Wireless Se-
of applications. curity and Cryptography: Specifications and Implementations, N. Sklavos
and X. Zhang, CRC press, 2007.
R EFERENCES [30] HMAC Standard, National Institute of Standard and Technology (NIST),
Secure Hash Standard, FIPS PUB 180-1, 2003.
[1] R. Wolfgang and E. Wolfgang, Smart Card Handbook, John Wiley and [31] SHA-1 Standard, National Institute of Standards and Technology
Sons, 3rd Edition, 2004. (NIST), Secure Hash Standard, FIPS PUB 180-1, 1995.
Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.
152 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 11, NO. 3, THIRD QUARTER 2009
[32] Digital Signature Standard, National Institute of Standards and Tech- Dr. Apostolos Fournaris has received his diploma
nology (NIST) FIPS PUB 186-2, 2000. and Phd degree in Electrical and Computer Engi-
[33] E. Trichina, M. Bucci, D. D. Seta, R. Luzzi, Supplemental Crypto- neering department of University of Patras, Greece,
graphic Hardware for Smart Cards, IEEE Micro, vol.21, No.6, Novem- in 2001 and 2007 respectively. His research interests
ber/December 2001. include Public Key cryptography, Finite Field arith-
[34] L. Benini, A. Macii, E. Macii, E. Omerbegovic, M. Poncino and F.Pro, metic, wireless network security and VLSI design.
A novel architecture for power maskable arithmetic units, in proceedings He currently serves as an adjunct faculty (Assistant.
of the 13th ACM Great Lakes symposium on VLSI, Washington, D. C., Professor), in the Department of Computer Engi-
pages: 136 - 140, 2003. neering and Informatics, University of Patras and in
[35] R.J. Anderson, Security Engineering: A Guide to Building Dependable the Department of Electrical Engineering, Technical
Distributed Systems, Wiley, 2008. Educational Institute of Patras.
[36] S. Moore, R. Anderson, P. Cunningham, R. Millins, and G. Taylor,
Improving Smart Card Security using Self-timed Circuits, Eighth Interna-
tional Symposium on Asynchronous Circuits and Systems, Manchester,
UK, April 08-11, 2002.
[37] RESET ROADMAP 5.0, Roadmap for European Research on Smartcard George Kostopoulos Giorgos Kostopoulos received
related technologies, Version 5. his Diploma in Electrical & Computer Engineering
[38] 3GPP http://www.3gpp.org/specs/specs.htm. from the Electrical & Computer Engineering Dept.,
[39] 3GPP TS 31.102, Characteristics of the Universal Subscriber Identity University of Patras, Greece in 2003. Since then
Module (USIM) application. he is working as a Researcher Engineer, in the
[40] 3GPP TS31.103, Characteristics of the IP Multimedia Services Identity Department of Electrical and Computer Engineering
Module (ISIM) application. of the University of Patras. His research interests
include Security in Wireless Networks, New Gener-
ation Networks Architectures, Security Management
in New Generation Networks and Communication
Networks. Giorgos Kostopoulos has published more
Dr. George Selimis received his Diploma in Elec- than 15 technical papers and book chapters in these areas. He has also
trical and Computer Engineering from the Electrical participated as Senior Engineer in European Research Projects.
and Computer Engineering Department, University Professor Odysseas Koufopavlou received the
of Patras, Greece in 2003. He finished his Ph.D. in Diploma of Electrical Engineering in 1983 and the
July 2008 in the same department. In October 2008, Ph.D. degree in Electrical Engineering in 1990, both
he joined in IMEC Netherlands and he is working from University of Patras, Greece. From 1990 to
as researcher in the Watts DSP group. His research 1994 he was at the IBM Thomas J. Watson Research
interests include Cryptographic Engineering, Low Center, Yorktown Heights, NY, USA. He is currently
Power design and Security in Wireless Networks. Professor with the Department of Electrical and
Computer Engineering, University of Patras. His
research interests include computer networks, high
performance communication subsystems architec-
ture and mplementation, VLSI low power design,
and VLSI crypto systems. Dr. Koufopavlou has published more than 150
technical papers and received patents and inventions in these areas. He has
participated as coordinator or partner in many Greek and European R&D
programmes. He served as general chairman for the IEEE ICECS’1999.
View publication stats Authorized licensed use limited to: IMEC. Downloaded on October 8, 2009 at 09:34 from IEEE Xplore. Restrictions apply.