Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News
Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News Mifare, Oyster and ITSO Cards Hacked Smart Card & Identity News
On the other hand, memory-based smartcards are just non-volatile memories, typically EEPROM, with external connectivity in a smartcard form factor. Some provide simple password protection for specific data contained within the smartcard, while others allow free access to all the data. Their simplicity makes them affordable and their modest power requirement makes them easy to use not only in contacted form but also in non-contacted form as RFID cards. Figure 2: A high-level block diagram of a memory smartcard The Right Card for Each Application Product developers and service provides never want to overpay for security. They want adequate security to protect the value at stake, but not too much because it may erode profit margins. High-end applications like banking have immense value at stake and so require the highest level of security. These high-end applications are well suited for microcontroller-based smartcards. Applications with lower-end security demands, like plain loyalty cards, are well suited for memory smartcards. However, there are many applications that require more security than memory smartcards offer, but do not command enough profit margins to cover the costs associated with microprocessor-based smartcards. These applications need an alternative type of smartcard – the cryptographic RF smartcard. Cryptographic RF Smartcards Cryptographic RF smartcards innovatively capture the security offering of microprocessor smartcards and implement that security in pure hardware logic. This eliminates the need to develop complex operating systems. The innovative logic-only implementation lowers power requirements for the smartcard enabling full-performance as non-contacted RF smartcards, which eliminates the need for periodic replacement. Figure 3: A high Level Diagram of a cryptographic RF smartcard Smart Card & Identity News • January 2008 12
True Hardware-based Security Cryptographic RF smartcards offer true hardware-based security for authentication, encryption, and secure data storage. They contain a 64-bit hardware-based cryptographic engine embedded in the silicon, with up to four sets of non-readable 64-bit authentication keys, four sets of non-readable 64-bit session encryption keys, and 2K bits of configuration memory. The configuration memory provides application developers with true flexibility for customizing security and data protection options and then blowing fuses to permanently lock in the configuration and custom security keys in the hardware. Secure Dynamic Mutual Authentication Capability Up to now, when there was a need to prove authenticity, as in trying to gain access (TV subscription program access or secure building access) or to claim value (cash registers, laundry machines, pay-per-use copier machines), only high-end microprocessor based smartcards were able to provide true authentication. Cryptographic RF smartcards can establish authenticity securely through a cryptographic dynamic mutual authentication process using the non-readable keys. They use the authentication keys, session encryption keys and a random number to generate a unique identity, or “cryptogram”, for each transaction. Both the RF smartcard reader and the RF smartcard must be able to duplicate each other’s cryptograms before any data can be accessed or written. The keys are completely inaccessible, even to the owner of the device or original silicon manufacturer. A unique cryptogram is generated for each transaction, so a cryptogram, intercepted during a transaction, cannot be used to effect a second transaction. In the extremely unlikely event that the non-readable key(s) from one smartcard becomes known, they cannot be used with any other smartcard because each cryptographic RF smartcard has its own unique set of authentication keys. Fuse bits are blown to permanently lock the security information in the smartcard such that even the card silicon manufacturer cannot access it. Dual Authentication Supports Cash-equivalent Cards Uniquely, cryptographic RF smartcards allow two completely independent users to access the same section of the memory, using completely separate authentication keys with different access levels for adding and deducting cash. As an example, energy meter applications that happen to be very popular in developing countries using pre-pay models, the energy company will use a higher privilege access key to add energy credits to the card from its offices. The energy meter at the purchaser’s home is then equipped with a less privileged key that can only allow for reduction of energy credits and never vice-versa. Multiple Sectors with Configurable Access Cryptographic RF smartcards are available as a complete family in densities from 1 Kbit to 64 Kbits of completely usable memory to accommodate a wide range of information storage and cost requirements. The user memory itself may be divided into as many as 16 separate sections, each of which can independently customized to allow different levels of read and write access. For example, a smartcard that contains health records might keep the patient’s ID and billing address in a portion that is accessible by the billing department and insurance company, while diagnostic information is stored in another area that is accessible only by the doctor, and prescription information is stored in yet another section that can be written to by the doctor and only read by the insurance company and the pharmacist. Multitude of Data Protection Options Be it cash credits or private health records, cryptographic RF smartcards provide many protection options customizable by the application developer at deployment time. These include one-time-program (OTP) modes, read-only modes and program-only modes. In addition to protection by pre-authentication requirements, cryptographic RF smartcards can fully encrypt data during transmission to protect confidentiality and dynamically generate Message Authentication Codes (MAC) to verify message source and integrity. To top off, cryptographic RF smartcards are implemented in hardened silicon using secure product strategies that include content scrambling, tamper monitors for environmental factors, and detection capabilities for physical and systematic security attacks. Cryptographic RF smartcards are innovative in their approach to true hardware security and bridge the complexity and affordability gaps between microprocessor and memory based smartcards. Laden with usable memory and security options, cryptographic RF smartcards offer an unrivaled level of flexibility for application developers, allowing full customization to enable adaptability to virtually any application in the smartcard space. Smart Card & Identity News • January 2008 13
- Page 1 and 2: dentity News • Smart Card & Ident
- Page 3 and 4: Contents Regular Features Lead Stor
- Page 5 and 6: Payzone To Target The 'Unbanked' Wi
- Page 7 and 8: What are the changes or differences
- Page 9 and 10: Carl-Otto Künnecke Growing market
- Page 11: Versatile Hardware Security With Cr
- Page 15 and 16: It is important to note that the cr
- Page 17 and 18: attacks. The Mifare card because it
- Page 19 and 20: Buying into Contactless Payment By
On the other h<strong>and</strong>, memory-based smartcards are just non-volatile memories, typically EEPROM, with<br />
external connectivity in a smartcard form factor. Some provide simple password protection for specific data<br />
contained within the smartcard, while others allow free access to all the data. Their simplicity makes them<br />
affordable <strong>and</strong> their modest power requirement makes them easy to use not only in contacted form but also<br />
in non-contacted form as RFID cards.<br />
Figure 2: A high-level block diagram of a memory smartcard<br />
The Right <strong>Card</strong> for Each Application<br />
Product developers <strong>and</strong> service provides never want to overpay for security. They want adequate security to<br />
protect the value at stake, but not too much because it may erode profit margins. High-end applications like<br />
banking have immense value at stake <strong>and</strong> so require the highest level of security. These high-end applications<br />
are well suited for microcontroller-based smartcards. Applications with lower-end security dem<strong>and</strong>s, like<br />
plain loyalty cards, are well suited for memory smartcards. However, there are many applications that require<br />
more security than memory smartcards offer, but do not comm<strong>and</strong> enough profit margins to cover the costs<br />
associated with microprocessor-based smartcards. These applications need an alternative type of smartcard –<br />
the cryptographic RF smartcard.<br />
Cryptographic RF <strong>Smart</strong>cards<br />
Cryptographic RF smartcards innovatively capture the security offering of microprocessor smartcards <strong>and</strong><br />
implement that security in pure hardware logic. This eliminates the need to develop complex operating<br />
systems. The innovative logic-only implementation lowers power requirements for the smartcard enabling<br />
full-performance as non-contacted RF smartcards, which eliminates the need for periodic replacement.<br />
Figure 3: A high Level Diagram of a cryptographic RF smartcard<br />
<strong>Smart</strong> <strong>Card</strong> & <strong>Identity</strong> <strong>News</strong> • January 2008<br />
12
Change language