eecs 598-2:smartcards
lecture 1
peter honeyman
citi

what is a smartcard    
     portable, tamper resistant computer
     exact size and shape of a credit card
     embedded microprocessor with rom, eeprom, and ram
     contact/contactless

brief history
     invented by dethloff and gr)IĀ$(BU(Btrupp in late 60's, patented early 80's-A
     dozens of patents filed by moreno in 70's

overview
     inexpensive ($1-$20)
     rudimentary os, file system, communication
     api includes basic cryptographic operations

overview
     special attention to data security and data integrity
     strong authentication and access control
     correct (predictable) response to loss of power
     intended for use in hostile environments

memory and logic cards
     not smart -- no microprocessor
     useful for rudimentary electronic purse
     memory card has no security
     logic card has limited security
     not programmable

smartcard software
     host software
     "reader-side" software
     card software
     "card-side" software
     rpc is the right conceptual model

host software
     constitutes the vast majority of smartcard software
     end-user application	
     system software for communication
     smartcard-specific software
     written in high-level language, e.g., c, c++, java, etc.
     runs on workstations, servers, etc.

card software
     runs on smartcard
     can be os, utility, or application software
     often preloaded on card rom
     can be loaded in eeprom ("soft mask")

card software
     typically written in assembler
     lately, high-level language support
     java byte code
     basic
     tcl

card software functional characteristics
     conceptually: service end of rpc
     implement security functionality on smartcard
     remote call from reader-side
     mutual suspicion is encouraged
     challenge/response
     pin ("chv")

javacard
     developed in late '96
     javacard spec from sun
     java subset
     byte type
     no gc
     mix with native card crypto and file system
     basic, tcl card also interesting

security
     based on strong cryptography
     des, 3des, rsa
     used for authentication and access control
     pin protection also useful for access control

operating systems
     dos-like resource manager
     master/slave relationship between reader and card
     implements iso 7816 functionality

file systems
     rooted, hierarchical file system
     file size determined at time of creation
     memory freed in order allocated
     i.e., memory freed out of order remains allocated until successive allocations are freed
      create, delete, read, write, etc.

file types
     linear file: sequence of fixed-size records, cursor based
     sometimes supports seek
     cyclic file: circular linear file
     transaction log
     give extra life to hot spot
     transparent file: bytestream

access control
     access control list associated with each file
     identity ( operations

communications
     single i/o pin
     simplex communications
     half-duplex, master/slave
     serial, up to 115.2 kbps
     channel often quite noisy, so 9.6 kbps is typical