基于射频识别卡的智能饮水机控制系统设计
Smart-cards: A cost-effective solution against
electronic fraud
ABSTRACT
Smart-cards have the tremendous advantage, over their magnetic stripe ancestors, of being able to execute cryptographic algorithms locally in their internal circuitry. This means that the user's secrets (be these PIN codes or keys) never have to leave the boundaries of the tamper-resistant silicon chip, thus bringing maximum security to the overall system in which the cards participate.
Smart-cards contain special-purpose microcontrollers with built-in self-programmable memory and tamper-resistant features intended to make the cost of a malevolent attack far superior to the benefits. This paper is both a survey of the existing components, their applications and an attempt to describe some of their possible evolutions.
1
基于射频识别卡的智能饮水机控制系统设计
1 What is a smart-card?
In the time-scale of the silicon industry, the idea of inserting a chip into a plastic card is rather old : the first patents are now twenty year's old but practical applications emerged only a eight years ago due to limitations in storage and processing capacities of past circuit technology. New silicon geometries and processing refinements lead the industry to new generations of cards and more ambitious applications such as wireless communications; (GSM), pay-TV, loyalty and physical access-control.
Over the last four years there has been an increasing demand for smart-cards from national administrations and large companies such as telephone operators, banks and insurance corporations. More recently, another market opened up with the increasing popularity of home networking and Internet.
The physical support of a conventional smart-card is a plastic rectangle on which can be printed information concerning the application or the issuer (even advertising) as well as readable information about the card-holder (as for instance, a validity date or a photograph). This support can also carry a magnetic stripe or a bar code label. An array of eight contacts is located on the micro module in accordance with the IS0 7816 standard but only six of these contacts are actually connected to the chip, which is (usually) not visible. The contacts are assigned to power supplies (Vcc,Vpp), ground, clock, reset and a serial data communication link (commonly called I /O) . Their specification part in the standard is currently reconsidered upon requests from various parties (suppression of the two useless contacts, creation of a second I/O port, I2C bridging etc.).
For the time being, card CPUs are still 8 bit microcontrollers and the most common cores are Motorola's 68HC05 and Intel's 80C51 but new 32-bit devices will soon begin to appear. RAM capacities (typically ranging from 76 to 512 bytes) are very limited by the physical constraints of the card. The program executed by the card's microprocessor is written in ROM at the mask-producing stage and cannot be modified in any way. This guarantees that the code is strictly controlled by the manufacturer. For storing user-specific data, individual to each card, the first generation of non-volatile memories used EPROM which required an extra \
2
基于射频识别卡的智能饮水机控制系统设计
components only contain EEPROM which requires a single 5 V power supply (frequently that of the microprocessor) and can be written and erased thousands of times (cycles). Sometimes, it is possible to import executable programs into the card's EEPROM according to the needs of the card holder. EEPROM size is a critical issue in the design of public-key applications (where keys are relatively large). Consequently, smart-card programmers frequently adopt typical optimization techniques such as re-generating the public-keys from the secret-keys when needed, re-generating the secret-keys from shorter seeds, avoiding large-key schemes(for instance Fiat-Shamir) or implementing compression algorithms for redundant data (text, user data, etc.) and EEPROM garbage collection mechanisms. Real and complete operating systems have been developed for t his purpose by several manufacturers. Finally, a communication port (serial via an asynchronous link) for exchanging data and control information between the card and the external world is available. A common bit rate is 9600 bit& but much faster interfaces are commonly being used (from 19,200 up to 115,200bits/s) in full accordance with ISO 7816.
A first rule of security is to gather all these elements into a single chip. If this is not done, the external wires, linking one chip to another could represent a possible penetration route for illegal access (or use) of the card. ISO standards specify the ability of a card to withstand a given set of mechanical stresses. The size of the chip is consequently limited and present constraints (especially memory and cryptographic capabilities) mainly follow from this limitation.
Smart-card chips are very reliable and most manufacturers guarantee the electrical properties of their chips for ten years or more. ISO standards specify how a card must be protected against mechanical, electrical or chemical aggressions but for most existing applications, a card is far obsolete before it becomes damaged. A well known example is the French phone card where the failure rate is less than three per 10,000pieces.
Annex 1lists some of today's most common chips as well as their characteristics (where 0 = maximal clock rate given in MHz, 8 = EEPROM, U =EPROM, Witness cell (detects if the EEPROM was erased abnormally), Clock Frequency., Temperature, Abnormal Voltage (vpp), Light exposure and passivity sensor. Information about such security detectors and tamper-resistance capabilities is usually rather hard to obtain from
3
基于射频识别卡的智能饮水机控制系统设计
the manufacturers for obvious security reasons).
In general, smart-cards can help whenever secure portable objects are needed, and in particular whenever the external world H needs to work with data without knowing its actual value. The card's tamperproof ness, combined with public-key cryptography (secret less terminals), generally provide adequate solutions to many everyday security problems.
2 Smart-card communication and command format
Communication with smart-cards is ruled by the (previously-mentioned) ISO standard 7816/3. Only two protocols are currently defined in this standard (byte-oriented T = 0 and block-oriented T = 1) although up to 14 are reserved (T = 14 is very rare, and means that the communication protocol is proprietary). Thus the electrical levels and error handshakes as well as the frequency used impose a specific hardware on the<< external side>>which is the equivalent of a UART with more sophisticated functions. This minimal hardware, needed to operate a card, consists of:
* A mechanical interface: the connector * An electronic interface: the coupler
* And a box containing the above two elements: the smart-card reader (or
simply<< reader >>)
The simplest readers are quite similar to modems and manage only the ISO communication protocol without interacting ((intelligently)) with the operating system of the card. They are called ((transparent readers)) and should (but in practice may...) operate with any smart-card from any vendor which complies with the ISO standard.
The most sophisticated readers can be programmed with parts of the application logic and contain data (for instance RSA or DSA public keys), files and programs. They can execute cryptographic functions, replace completely a PC, have keyboards, pin-pads or displays and generally use a specific programming language and do not support all types of smart-cards even if they comply with the ISO standard (because they often integrate particular commands dedicated to a given card).
To operate a card, the reader needs to implement the following four functions:
(1)Power on/off the card
4
基于射频识别卡的智能饮水机控制系统设计
(2)Reset the card
(3) Read data from the card (get commands) (4) Write data to the card (put commands).
Get and put commands contain a header (actually a function code consisting of 5 bytes designated by CLA, INS, P1, P2 and LEN) according to which the card processes the incoming data. An acknowledge byte and a couple of status bytes (SW1and SW2) are sent during (and after) the execution of each command.
3 Card lifecycle
Although the card lifecycle and manufacturing are described in many different sources, we particularly recommend Fuchs Berger & al’s excellent overview.
Smart-card manufacturing starts with the design of the card operating system and the application software, following the principles applying to any software for use in security applications. This is in itself a nontrivial task but at least the memory available in smart card chips is relatively small which limits the eventual size of the software. There have to be checks that the operating system meets its specification and also that no unintended features have been included.
The ROM mask of the operating system is then given to the chip manufacturer, who will return an implementation of the code for cross-checking before manufacturing the batch of chips. This is in itself a useful integrity check but clearly one normally requires this code to be kept confidential and therefore its distribution should be carefully controlled. Furthermore, the manufacturer has to be accountable for all chips made, some of which, due to yield failures, will need to be destroyed. Otherwise, an attacker may obtain raw chips to mount any form of counterfeit operation.
The batch of chips is distributed to the fabricator [smart-card manufacturer] whose task it is to embed the chips into the plastic cards? The role of the fabricator varies considerably between customers and their services. As a very minimum the fabricator must test the complete IC card to ensure its operational state. In some cases the fabricator completely personalizes the card to the requirements of the issuer.
5