Savvy Cards: Technology for Secure Management of Information

0
0
1889 days ago, 607 views
PowerPoint PPT Presentation

Presentation Transcript

Slide 1

Brilliant Cards: Technology for Secure Management of Information Rajat Moona Computer Science and Engineering IIT Kanpur moona@iitk.ac.in

Slide 2

Agenda Machine intelligible plastic cards What are shrewd cards Security instruments Applications SCOSTA encounter Indian Driving License application

Slide 3

Plastic Cards Visual character application Plain plastic card is sufficient Magnetic strip (e.g. Visas) Visual information likewise accessible in machine comprehensible shape No security of information Electronic memory cards Machine coherent information Some security (seller particular)

Slide 4

Smart Cards Processor cards (and accordingly memory as well) Credit card estimate With or without contacts. Cards have a working framework as well. The OS gives A standard method for trading data An understanding of the charges and information. Cards must interface to a PC or terminal through a standard card peruser.

Slide 5

Smart Cards gadgets GND VCC VPP Reset I/O Clock Reserved

Slide 6

What's in a Card? CLK RST Vcc RFU GND RFU Vpp I/O

Slide 7

Typical Configurations 256 bytes to 4KB RAM. 8KB to 32KB ROM. 1KB to 32KB EEPROM. Crypto-coprocessors (actualizing 3DES, RSA and so on., in equipment) are discretionary. 8-bit to 16-bit CPU. 8051 based plans are normal. The cost of a mid-level chip when delivered in mass is under US$1.

Slide 8

Smart Card Readers Dedicated terminals Usually with a little screen, keypad, printer, frequently likewise have biometric gadgets, for example, thumb print scanner. PC based perusers Connect through USB or COM (Serial) ports

Slide 9

Terminal/PC Card Interaction The terminal/PC sends summons to the card (through the serial line). The card executes the charge and sends back the answer. The terminal/PC can't specifically get to memory of the card information in the card is shielded from unapproved get to. This is the thing that makes the card keen.

Slide 10

Communication systems Communication between brilliant card and peruser is institutionalized ISO 7816 standard Commands are started by the terminal Interpreted by the card OS Card state is overhauled Response is given by the card. Charges have the accompanying structure Response from the card incorporate 1..Le bytes took after by Response Code

Slide 11

Security Mechanisms Password Card holder's assurance Cryptographic test Response Entity validation Biometric data Person's recognizable proof A mix of at least one

Slide 12

Password Verification Terminal requests that the client give a secret word. Secret word is sent to Card for confirmation. Plan can be utilized to allow client verification. Not a man distinguishing proof plan

Slide 13

Cryptographic check Terminal confirm card (INTERNAL AUTH) Terminal sends an arbitrary number to card to be hashed or scrambled utilizing a key. Card gives the hash or cyphertext. Terminal can realize that the card is true. Card needs to check (EXTERNAL AUTH) Terminal requests a test and sends the reaction to card to confirm Card consequently realize that terminal is credible. Essentially for the "Element Authentication"

Slide 14

Biometric methods Finger print recognizable proof. Components of fingerprints can be continued the card (even checked on the card) Photograph/IRIS design and so on. Such data is to be confirmed by a man. The data can be put away in the card safely.

Slide 15

MF EF DF EF DF EF Data stockpiling Data is put away in keen cards in E 2 PROM Card OS gives a document structure component File sorts Binary record (unstructured) Fixed size record Variable size record

Slide 16

File Naming and Selection Each documents has a 2 byte document ID and a discretionary 5-bit SFID (both one of a kind inside a DF). DFs may alternatively have (all inclusive one of a kind) 16 byte name. OS keeps tack of a current DF and a current EF. Current DF or EF can be changed utilizing SELECT FILE order. Target record indicated as either: DF name File ID SFID Relative or supreme way (succession of File IDs). Parent DF

Slide 17

Basic File Related Commands for record creation, cancellation and so on., File size and security traits determined at creation time. Summons for perusing, composing, annexing records, overhauling and so forth. Charges chip away at the current EF. Execution just if security conditions are met. Every record has an existence cycle status pointer (LCSI), one of: made, introduced, actuated, deactivated, ended.

Slide 18

Access control on the records Applications may determine the get to controls A secret word (PIN) on the MF choice For instance SIM watchword in mobiles Multiple passwords can be utilized and levels of security get to might be given Applications may likewise utilize cryptographic confirmation

Slide 19

A case situation (foundation ID card) Read: Free Write: upon check by K1, K2 or K3 What happens if the client overlooks his secret key? Solution1: Add chief secret key Solution2: Allow DOSA/DOFA/Registrar to alter EF3 Solution3: Allow both to happen Select: P2 confirmation Security prerequisites: EF1: Should be changed just by the DOSA/DOFA/Registrar Readable to all EF2: Card holder ought to have the capacity to adjust EF1 (individual information) Name: Rajat Moona PF/Roll: 2345 MF Read: Free Write: Password Verification (P1) EF2 (Address) #320, CSE (off) 475, IIT (Res) EF3 (watchword) P1 (User watchword) EF3 (secret word) P1 (User watchword) P2 (sys secret key) EF4 (keys) K1 (DOSA's critical) K2 (DOFA's vital) K3 (Registrar's vital) Read: Never Write: Once Read: Never Write: Password Verification (P1)

Slide 20

Bk# dt issue dt issue dt issue dt issue dt retn dt retn dt retn dt retn A case situation (foundation ID card) EF1 (individual information) Library deals with its own particular keys in EF3 under DF1 Institute deals with its keys and information under MF Thus library can create applications autonomous of the rest. EF2 (Address) MF EF3 (secret word) EF4 (keys) Modifiable: By administrator staff. Perused: all DF1 (Lib) EF2 (Privilege information) Max Duration: 20 days Max Books: 10 Reserve Collection: Yes EF1 (Issue record) EF3: Keys K1: Issue staff key K2: Admin staff key Modifiable: By issue staff. Perused all

Slide 21

How can everything work? Card is embedded in the terminal Card gets control. OS boots up. Sends ATR (Answer to reset) ATR transactions occur to set up information exchange speeds, capacity arrangements and so forth. Terminal sends first order to choose MF Card reacts with a mistake (since MF choice is just on watchword presentation) Terminal prompts the client to give secret word Card confirms P2. Stores a status "P2 Verified". Reacts "alright" Terminal sends secret word for check Card reacts "alright" Terminal sends summon to choose MF again Card supplies individual information and reacts "alright" Terminal sends order to peruse EF1

Slide 22

Another Application Scenario Terminal with two card perusers Application programming keeps running here 1. Verify client to bank officer card: 1a. Get challenge from financier card. 1b. Get reaction for the test from international ID (IAUTH). 1c. Approve reaction with officer card (EAUTH) 2. Verify officer card to visa. 3. Exchange cash to the client's card User's card Banker's card The terminal itself does not store any keys, it's the two cards that truly validate each other. The terminal just encourages the procedure.

Slide 23

Status of savvy card arrangements Famous Gujarat Dairy card Primarily an ID card GSM cards (SIM cards for mobiles) Phone book and so on + verification. Cards for "charge card" applications. By 2007 end all Visas will be brilliant. EMV standard Card for e-handbag applications Bank cards Card innovation has progressed Contactless brilliant cards, 32-bit processors and greater recollections JAVA cards

Slide 24

SCOSTA Experience Part of E-administration activity of the Government. Government chose to Create Smart driving licenses/enlistment endorsement Backend framework is as of now set up Various keen card merchants in the nation All with their own particular exclusive arrangements In a national case, restrictive arrangement was not satisfactory. NIC chooses to request that IIT Kanpur offer assistance. SCOSTA: S store C ard OS for T ransport A pplications

Slide 25

Goals of this Project To characterize a standard arrangement of summons for keen cards for use in Indian applications. To give a reference usage of this standard. Transport Applications (Driving License and Vehicle Registration Certificate) were the pilot ventures. Henceforth the OS standard is named SCOSTA. SCOSTA is characterized by IIT Kanpur alongside a specialized subcommittee of SCAFI (Smart Card Forum of India). The OS is not by any stretch of the imagination limited to the vehicle applications and can be utilized as a part of any ID application

Slide 26

The SCOSTA Standard Based on ISO 7816-4, - 8, and - 9. Expels ambiguities in ISO 7816. Has bolster for symmetric key cryptography (Triple DES calculation) and inner and outside verification. Encryption/unscrambling and crypto checksum calculation and confirmation utilizing 3DES are additionally upheld.

Slide 27

SCOSTA Implementation - Challenges Portability – ought to be anything but difficult to port to various processors. Asset Constraints – exceptionally restricted memory (32 KB ROM, 512 byte RAM are average). Typically 8 bit processors are utilized. Government forms Vendors and their business advantages.

Slide 28

Challenges of the application System must work across the nation Cards are issued by the RTO authorities may not be all that "clean" Challans are finished by police "for" RTO "Clean"?? Challans are settled by the Judiciary. RTOs are regulated by the STA But under the Union Ministry

Slide 29

Solution A strong key administration plan was required. Arrangement depended on Key determinations, utilization counters and so on

Slide 30

Solution The whole framework depends on few "across the nation" generator keys. Securely housed with the legislature. Say the keys are k1, k2, k3, k4. Keys are themselves never put away anyplace. Rather five out of seven card plan is utilized.

Slide 31

5 out o

SPONSORS