Contactless smart card technology is used in applications that need to protect personal information or deliver secure transactions. There are an increasing number of contactless smart card technology implementations that capitalize on its ability to enable fast, convenient transactions. Current and emerging applications using contactless smart card technology include transit fare payment cards, government and corporate identification cards, documents such as electronic passports and visas, and contactless financial payment cards.
The contactless device includes a smart card secure microcontroller, or equivalent intelligence, and internal memory and has the unique ability to securely manage, store and provide access to data on the card, perform complex functions (for example, encryption or other security functions) and interact intelligently via RF with a contactless reader.
Applications that require the highest degree of information and communications security (for example, payment applications, government IDs, electronic passports) use contactless smart card technology based on an international standard that limits the ability to read the contactless device to approximately 4 inches (10 centimeters). Applications that need longer reading distances can use other forms of contactless technologies that can be read at longer distances.
With a substantial market share according to Derrick Robinson at IMS Research, Philips’ MIFARE portfolio is the established industry benchmark for contactless and dual interface smart card schemes. Operating at 13.56 MHz and in full accordance with ISO14443A – the international standard for contactless smart cards and readers – the MIFARE platform consists of chip solutions for pure contact less and dual interface smart cards and reader devices.
The diversity of the MIFARE product portfolio covers low- and high-end chip solutions, providing smart identification technologies suitable for use in a wide array of design scenarios. MIFARE® is a registered trademark Koninklijke Philips Electronics N.V.
Mifare Security Overview
There has been a lot of discussion recently over the security of the Mifare card particularly because of the extended business applications such as an ePurse being proposed for this platform. Expressions such as low security are thrown around in a way that could confuse or even misrepresent the platform.
In any scheme it is the overall security that matters not the individual components. It is also fundamental to ensure that the components are used in the right way, in most high visibility failures it has been a protocol or procedure failure that has resulted in the end disaster. However memory cards such as Mifare do have restricted security functionality.
The Mifare chip technology is based on a simple contact less memory device with discrete logic to provide some security functionality across the air gap with the reader (i.e. at the radio frequency level). This technology is proprietary to Philips Semiconductors and requires their IPR to be available in both the Smart Card chip and the Mifare reader. In practice this means that both the Smart Card and the reader need to have a Philips (and a Mifare licensed chip, e.g. Infineon) chip embedded within them.
The original Mifare 1K memory was introduced in 1994 and there are now 6 chips in the Mifare range from Philips; Mifare Classic (1 Kbytes of EEPROM nonvolatile memory), Mifare 4K (4 Kbytes of EEPROM), Mifare DESFire (4 Kbytes of EEPROM), Mifare Ultralite (64 bytes of EEPROM), Mifare ProX (1 Kbytes or 4 Kbytes Mifare emulation in a microcontroller chip.
Total chip EEPROM including Mifare emulation memory is 16 Kbytes) and Smart MX ( a Mifare ProX upgrade with 72 Kbytes of EEPROM). The Mifare ProX and the Smart MX are microcontroller based chips and provide the Mifare functionality as emulation in the chip. The discussion that follows relates to the Classic 1k Mifare but the arguments would hold for most other memory cards.
Mifare Card Operation
The Mifare 1K card has its 1 Kbyte memory arranged as 16 sectors, each with 4 blocks of 16 bytes. The last block in each sector stores two keys, A and B, which are used to access (depending on the access conditions also set in this block), the other data blocks. The Mifare reader interacts with the card as follows:
1) Select card (ISO 14443 allows multiple cards in its field)
2) Log-in to a sector (by providing key A or key B) and
3) Read, Write, Increment, or Decrement a block (must conform to the access conditions).
The Increment and Decrement operations allow the block to be treated as an electronic purse. It is important to note that the cryptographic interchange takes place between the reader and the card and more precisely between the Mifare chip in the reader and the Mifare chip in the card.
The terminal has to present the appropriate key to the reader and normally this key would be derived from a Master key stored in a Secure Access Module (SAM) at the terminal. The card ID and parameters, which are unique to each card, can act as the derivation factor. This means that each card is using a different key set to protect a particular sector. Breaking an individual card will not reveal the Master keys.
The Log-in process referred to above implements a mutual authentication process (a challenge/response mechanism) which then sets up an encrypted channel between the card and the reader using Philips proprietary Crypto-1 algorithm. These security services operate at the RF (Radio Frequency) level and cannot provide any cryptographic audit trail. In essence this means that you must trust the terminal but more particularly you have no evidence if it misbehaves.
Secure Messaging
In a transaction-based scheme it is standard practice to protect the messages with some Cryptographic Check Value (CCV) or digital signature. This ensures the authenticity of the source of the message and that the message has been unchanged in transit from source to destination. This requires that the Smart Card is able to both create and check such CCVs or digital signatures. Without such security services being applied it is not easy to resolve disputes and the scheme is vulnerable to a wide range of attacks. The Mifare card because it hasn't got a CPU is not capable of creating or checking such cryptographic messages.
Consider the operation of a CPU Card. In this case the transactions operate between the SAM (Secure Access Module) and the card. Cryptographic protection operates between these end points. Consider for example the case where you want to increment the value of a purse stored on the card. The card is set up so that the command to increment the purse has a CCV attached, the chip checks this CCV before it effects the value load process. This Cryptographic CCV is created by the Secure Access Module (SAM) attached to the terminal.
No where in this scenario are the cryptographic keys available in plain text. Even if the terminal is attacked with some Trojan software, the transaction records can be subsequently checked for authenticity. It is not possible for the Trojan operation to fool this process. In addition sequencing controls can be incorporated in the messages which are checked by the CPU to stop replays.
MIFARE Advantages
• Open architecture platform - convenient, secure and fast
• Compatibility with all current and future products
• Broadest product portfolio available
• microcontrollers and hardwired logic ICs available
• mixed installations possible
• Broadest offer of card and reader suppliers
• Operable in harsh environmental conditions
• maintenance-free, reliable and proven technology
• Established and running infrastructure around the world
• Proven, reliable and robust technology
• First choice for fraud-proof, contactless payment transactions
Applications:
• Employee access card with secured ID and the potential to employ biometrics to protect physical access to facilities:
• Transportation • Drivers Licenses.
• Mass Transit Fare Collection Systems.
• Electronic Toll Collection Systems.
• Retail and Loyalty / Consumer reward/redemption tracking on a smart loyalty card, that is marketed to specific consumer profiles and linked to one or more specific retailers serving that profile set.
• Health Card / Consumer health card containing insurance eligibility and emergency medical data.
• University Identification / All-purpose student ID card (a/k/a/ campus card), containing a variety of applications such as electronic purse (for vending and laundry machines), library card, and meal card.e.
Highlights of the Project
Smart Card Reader is used and one such vital application is “THE PREVENTION OF DRUG ABUSE”. The smart card reader employs MIFARE technology to communicate with the card; Mifare refers to the contactless technology. The main objective of the project is to show how the Smart Card is used to READ and WRITE data, and how data is transmitted and displayed/entered by means of the Computer. For the Read operation the Microcontroller is interfaced to the Computer and to the Mifare reader, hence the data from the card is first transmitted to the microcontroller and then displayed in the computer. Thus the Read operation on the Card is performed.
The Mifare Reader is also used for Write operation, for write operation all the data to be written is directly transmitted from the Computer to the Card, for this the reader is connected directly to the Computer, and hence all the data is directly transmitted from the Computer and it is written on the card. Thus both Read and Write operations are successfully accomplished by means of the Smartcard. Since, the smart card is very cost effective, and very apt for the modern scenario. These smart cards are affordable to the employee / patient depending on the application. The prescription which can be stored in the smart card can thus be accessed and dosage can be constantly monitored. For this purpose this is a boon for the pharmaceutical industry,
System Specification
The hardware and software requirements for the development phase of our project are:
Software Requirements :
Platform : Windows 98/2000/NT
Front End : Java JDK1.3, Java Applets, Tom cat 1.4
Tool : J2ME Wireless Tool Kit 1.0.4
Back End : Microsoft Access
Hardware Requirements :
Processor : Pentium IV 2.5 Ghz
RAM : 256 MB
HDD : 40 GB
FDD : 1.44 MB
Keyboard : 105 Keys
Monitor : 14” Soft White color SVG
No comments:
Post a Comment