1.2.2000
Anssi Kanninen
CSE
Helsinki University of Technology
At the end of this year, the new electronic identity services will be introduced to the public in Finland. The system is based on the smart card where the identification information is stored. The goal of the EID-project is to get an EID-card for everyone, so the security of the cards is an essential object of inspection. This paper is about electronic identity and smart card technologies focusing their emerging security problems. General backgound information about the EID-project and the smart cards itself is also included. The main part of the paper is the descriptions of different attacks against the cards and the EID-system.
2 Electronic Identification (EID)
2.1 Network Security
3.1 Background
3.2 Specification
4 Common Attacks on Smart Cards
4.1 Introduction for the Attack Classification
4.3 Attacks by the Terminal Against the Cardholder or Data Owner
4.4 Attacks by the Cardholder Against the Terminal
4.5 Attacks by the Cardholder Against the Data Owner
5 Security Problems in Smart Card Based EID System
Smart card technology has already became familiar to every people as GSM SIM cards, telephone cards and bankcards. The old magnetic stripe cards will slowly be replaced with smart cards which have an integrated circuit merged into them. When the old cards could be used only as a static identification tool for specific operations (bank cards) or as a very small magnetic memory (old-fashion telephone cards), the IC in a smart card makes it possible to use the card for much complex operations.
One of the most important applications of the IC card is a general identification of the cardholder. This application will soon be available for all Finnish people as a result of the FINEID project. The purpose of the electric identification of to offer more secure and practical way to identify a person and make it possible to sign a document electrically. Also the security of the network and the smart card terminal are a fixed part of the whole EID system.
When using a smart card as a legal identification, the card and the identification itself have to be very secure and reliable. What are the major benefits and weaknesses of the smart card? How are the cards protected against possible attacks? How secure can the terminals be made?
In this paper I have focused on smart cards generally, their security problems and the security of the electronic identification system which will be used in Finland and Sweden.
Chapter 2 describes the electronic identification in general and the FINEID project. Chapter 3 gives the basic information of the smart card technology and using it in FINEID project. Chapter 4 presents some examples of the common attacks used against smart cards and chapter 5 describes the protection methods used against the attacks. Chapter 5.3 summarizes the security issues and chapter 6 gathers the whole paper. Chapter 7 lists the glossary user in this paper.
Network security is an essential part of the security of the whole EID system. Formerly, when for example the payment orders were done between the bank offices, the information flowed in the network that is owned by the bank. There was no need to secure the traffic because it was assumed that no one could break into the private network of the bank. In a case of Internet, the traffic must be secured somehow to prevent misusing because we canīt rely only on the physical security of the terminals and network lines.
Information security is considered to consist of integrity, confidentiality, availability and non-repudiation of the information [1]. Information integrity means that the secured information can't be changed without authorization for that information. Confidentiality means that the contents of the information sent between two parties are not readable by any third party. Availability stands for the requirement for that the information must be available when it's needed by users. Non-repudiation means that the sender can't deny that he/she has sent a message.
Experience has shown that there are three primary elements of network security: [1]
None of these elements is safe alone. All of them must be covered for achieving the complete security in the network.
Network attacks can be divided to three different types: [1]
The electronic identification system, which uses the smart card as an identification tool, must support the following security services: [1]
These services must follow the ISO/IEC-standards mentioned in the EID specification [1].
The goal of the FINEID is to offer an electronic identification to all the Finnish people. New digital services will be introduced to the public in December 1999. Finnish Population Register Centre serves as a certificate authority of official information.
The benefits of this task are obvious. In the future, most of the people have an own home computer or at least they are using some computer at least once a day which have some kind of connection to the Internet. Thereīs no need to leave earlier from work to make it to the bureau in time. Not to mention the rushing between different bureaus and waiting in the line in every office. Filling applications digitally also reduced the work of the bureau employee because the computer does the dirty mathematical and statistical work and there are no different handwritings. In addition to public sector services, the same identification can be used in the private sector everywhere where some identification of the person is needed.
FINEID, like EID generally, is based on public key infrastructure and the use of the identification card. To use a card, the user must have a card reader and a personal PIN-code for the card.
The Finnish Population Register Centre is responsible for manufacturing the cards, creating the keys, issuing and storing the certificates. Also the services related to blocked-card registers and time stamps and the distribution of the cards would belong to their responsibility [2].
FINEID EID system is based on Swedish SEIS-standards. FINEID application specification is the same as the corresponding SEIS standard. The certification contents have some minor changes with SEIS standard [2].
Secure digital transactions always need a third trusted party, a certification authority (CA). In FINEID project, that authority will be the Finnish Population Register Centre. According to the FINEID information in FPRCīs WWW-page, they were chosen to be a CA because "Finnish Population Register Centre has experience in manage the social security ID's of citizens reliably and because of that, have been a natural choice for an administrator of the electronic identification".
The services provided by CA are:
As said, smart cards are slowly replacing the old-fashion magnetic stripe cards. The old cards have very limited memory and their information security is very limited. The most famous misusing of the magnetic stripe cards in Finland happened about one year ago when the magnetic stripes and pass codes of some cards were copied and used afterwards [3]. That canīt happen with IC cards because the card itself verifies the PIN code and the card canīt be copied, at least not so fast and cheap as the magnetic stripe card. Most of the people had considered the old cards safe before that but nowadays their weaknesses are better known. Copying the magnetic stripe card is not an expensive action. Because an IC card actually includes a working computer, the contents of the memory can more easily be hidden.
The term "smart card" is commonly used when discussing about a plastic card including an integrated circuit. However, more exact term for the card which is used by ISO, is an Integrated Circuit Card (ICC) [4]. The ISO/IEC 7816 standard specifies an accurate card size, chip location, card material and optional parts like magnetic stripe or photo etc.
There are two forms of the IC card, contact and contactless. The contactless card may have an own power supply as it is with the "Super Smart Cards" which have an integrated keyboard and LCD display. The operational power can also be supplied to the contactless card with an inductive loop. Iīll focus on the contact cards in this paper because they are much more commonly used.
Contact IC cards feature eight contacts as specified in the ISO standard but only six of them are actually used to communication. The supply voltage that drives the chip is called Vcc and is generally 5 volts. In the future we will also have cards which have 3 V Vcc. The other signal line in the card is a reset line, which initiates the card when the power is turned on. The card has also a clock signal line. The clock frequency is usually either 3,5795 MHz or 4,9152 MHz [4]. The last 2 lines are Vpp and I/O line. Vpp is a high voltage, which is used when programming the EPROM memory in the card. The I/O line is the interface for the commands and data between the card reader and the card.
Primary use of the card is as storage of small amounts of data. There are several different memory types used with the cards and there can be one or more memory types in the same card. Most used types in IC cards are ROM, EPROM, EEPROM and RAM. EPROM memory is used in so called one time programmable mode (OTP) because there is no ultraviolet light window in IC cards.
The card may have memory only, memory with security logic or memory with CPU. The simple telephone cards may have just the EEPROM memory and the memory controller logic whereas more sophisticated applications demand ROM, EEPROM, RAM and a CPU. Chip specification describes the parameters of the chip which are for example the microcontroller type (e6805, 8051 etc.), ROM size, RAM size, clock speed, co-processor and so on. One possible co-processor may be a public-key cryptography processor.
Smart card usage in the FINEID project follows the SEIS standards.
The card contains three different private RSA keys [5]. They are used to the following purposes:
The length of each of the keys is 1024 bits [5].
The card contains also several PIN codes for different purposes. The User Master PIN is referred as PIN number 1 and it protects the digital signature (authentication) key and the key encipherment key. PIN code 2 protects the non-repudiation key. If the key has been blocked through three consecutive incorrect PIN verifications, it can be unblocked with an unblocking procedure, which is defined in the issuerīs policy declaration. [5]
Table 1 describes the file access conditions used in the EID application directory in the card.
File | Read | Update |
AUF | Always | Issuer verification |
CIF | Always | User Master PIN (PIN1) |
Certificates | Always | User Master PIN (PIN1) |
RSA keys | Never | Never |
Table 1: EID card file access conditions [5]
For each of the private keys there must exist at least one associated certificate
The smart card marketing people often claim that smart cards cannot be attacked successfully. As we may notice in the Internet sites of the smart card hackers [6], this is definitely not the case.
One method for classifying the possible attacks against smart cards is to categorize the attacks by the parties involved in the attack action [8]. The different parties in the smart card based system are the following:
The attack types described in the next sections are the ones that can be considered with EID cards. Attackers are considered as two different classes: those who are parties to the system and those who are outsiders.
The possible attackers can be divided to following categories: [9]
This attack class is also known as the trusted terminal problem. The cardholder must somehow trust to the terminal that the terminal does what the cardholder wants and only that. This is very important in EID system because of the digital signing service. If the cardholder wants to sign some data, he/she must have some confidence that the terminal doesnīt sign anything else than just the wanted data. The above scam with the old magnetic stripe cards is the attack of this type. The terminal copied the card so that the cardholder didnīt notice anything.
This type of attack is performed with fake or modified cards running some rogue software. The goal is to break the protocol between the card and the terminal.
With EID cards, this type of attacks are relevant only if the card has been stolen. The data owner should be the only one who knows the PIN code for the data (secret key) so the new cardholder tries to get or modify the data some other way. These following techniques have already used with great success against some pay-TV- and public telephone cards [9]. Also some early smart cards have been successfully hacked.
Tamper resistance must be considered more careful in smart card systems than in the old magnetic stripe card systems. The old systems had cryptographic systems in a secure place and the passcodes for the card were verified remotely from the card terminals. In smart card system, the card itself must be secured very carefully because the cryptographic keys are in the card itself and not in some safe deposit of the bank. The attacker can steal a card and take it to the private lab and examine it with care and time. When planning the tamperproofing, itīs important to know the class of attackers we want the cards to be protected against.
The card may be vulnerable to the attacks, which try to operate the card in an environment, which is against the specifications of the card. For example, the card can be driven with unusual clock rate or voltage levels and this can cause some malfunctioning in the poorly secured card. This failure can cause an operating system crash or some output of secure data. These techniques are called differential fault analysis [7].
The attacker may also try a straight physical attack to the card like removing secure components or burning some parts of memory. The IC may not be so difficult to remove from the card than one might expect. The circuit in some of the cards can be successfully removed with some quite cheap home lab equipment so this type of attack could be performed even by class I attacker [9]. There is also some very sophisticated attack methods so tamperproofing is very essential process for smart card manufacturers.
Differential power analysis is quite new attack type, which has successfully used against certain smart cards [10]. The power consumption of the card is measured and analyzed. If an attacker has some hint what the card might be doing when measuring the power consumption, the attacker can obtain a quite accurate picture of the internal behaviour of the card. Multiplication, division and other arithmetic operations consume different amounts of power.
These types of attacks are typically some violations against the privacy of the cardholder. This is very important in the EID system because the issuer is able to generate the secret keys for the cardholder.
When the data owner uses the card, how can he/she be sure what programs there are really running in the card? For example, when verifying a PIN code fails, how can we ensure that the card has actually tried to verify it? Or what if the card accepts all the PIN codes? There are many possibilities for the manufacturer to attack against the data owner and these attacks would obviously be very harmful.
When planning the tamper proofing the card and other security issues itīs important to classify the possible attackers against our system. EID system must obviously be protected against class II and even the class III attackers whereas for example in a case of PayTV-cards it could be enough if we just secure them against class I attackers.
Terminal and card reader security can be improved by setting some limitations for the allowed transactions and other user actions. For example, we could allow the user to sign only certain types of data. Also some time limits like actions per minute or maximum time for the terminal to access the card can be set. When the users will have their own card readers and software at home, itīs very difficult to be sure that everybody has trusted security modules. Because of that, the most secure attack prevention mechanisms are those which have nothing to do with the interface between the card and the terminal [7]. They monitor the terminals operations and log all the suspicious behaviour in the information net.
The manufacturer of the card must be trusted organization, which has well known products. Also the organization, which has the responsibility for initializing the keys the card, must be known to be very reliable. The system, which creates the key pair, must secure itself that the secret key cannot be revealed. The organization, which personalizes the cards, must have a very high-class quality assurance. It must also have a clear way to administer the other important information for activating the card. The register organization must also be reliable and it must have a secure way to identify a person when issuing and registering his/her EID card. The CA must have reliable information systems and also the methods for generating the certifications. The users themselves must understand their own responsibilities in the EID system and they must also have enough skill to use it. The authority, which offers some EID-related services, must ensure that the services work the way they are supposed to and that the secure information is certified and it can not be changed when delivered. The same authority must also be able to put time stamps for the data it handles. Also the help desk and blocking list services must be secure and some limited number of staff must be authorized to administer them and identify the users. [11]
The maintaining of the proper security level is a continuing process. New technologies appear to the market all the time so the security demands will also grow. Itīs important to use security methods which are widely known and always question the commercial announces about "100%" secure systems which the manufactures willingly tell about.
The terminal and the card reader are major factors in the security of the whole EID system as noticed in section "4.3 Attacks by the Terminal Against the Cardholder or Data Owner". In the future, there will certainly be many kinds of card readers, software and computer equipment which together build up the terminal equipment. The FINEID specifications donīt specify the terminals. They just mention that the card readers and software must be "approved". [11] So, that means they have to be purchased from some trusted organization. All the workstation components and software of the issuer must also be approved.
Tamperproofing of the card is the other obvious demand for preventing the attacks mentioned in the section "4.5 Attacks by the Cardholder Against the Data Owner". The cards must fulfill the ISO/IEC 7816 standard, which specifies most the characteristics of the card. The FINEID specification doesnīt take any attitude on physical security of the card.
The attacks described in section "4.4 Attacks by the Cardholder Against the Terminal" can be prevented by careful specification of the protocol. The software and the protocol specifications are based on the SEIS standards with only few modifications [2]. An important demand is that the cardholder must not be able to manipulate the data inside the card [7]. The FINEID specification for the protocol is quite extensive and the fake cards are very difficult to manufacture because the secret keys are not readable from the card.
The attack types mentioned in sections "4.6 Attacks by the Issuer Against the Cardholder" and "4.7 Attacks by the Manufacturer Against the Data Owner" must be prevented by the trusted organizations, which are responsible for issuing and manufacturing the cards. The main demand is that no one organization is able to reveal the keys by itself. The manufacturing methods and quality assurance must be accepted in public [11].
The FINEID documents specify clearly and in detail the protocol- and data specifications of the smart cards. But what about the physical tamper resistance? All that is mentioned about it is that it fulfills the ISO/IEC 7816 standard. Nothing more is said about the physical characteristics. However, there is already some critical discussion about the standard. For example, it doesnīt clearly define the conditions (voltage, temperature etc.) where the card is proved to function properly [12]. This hole in the standard may give an attacker a chance to use DFA or other sophisticated methods to make the card function improperly. Itīs also well known that some straight physical attacks against the older cards have been successful even by class I attackers [9]. Thereīs no guarantee that the new cards are secure against physical attacks. We just have to trust that the cards made by the manufacturer have a high physical security level. FINEID project doesnīt seem to give any rules to the manufacturer about the physical security of the cards.
Trusted terminal problem is the other critical issue of the specifications. The specification mentions vulnerable terminals as "unapproved readers" [11]. This is an essential part of the whole EID security but there is not any kind of description of a reader or other terminal equipment, which would be secure to use. We have no use for the fine security protocols of long secret keys if the terminal is truly untrusted. The security of the terminals may not be a problem right now but when the smart card readers become cheaper and there will be a reader in every home computer, the attacks against the reader and the software will certainly become more common.
According to the specification, Finnish Population Register Centre will be the one and only Certification Authority. Now, if thereīs some security leak in FPRC, all the identifications for Finnish citizens are in danger. The other solution would be distributing the CA to several places and let each one of them certify the others. Of course this solution would have itīs own problems but at least the consequences of the security leak would not be so serious than they are in the solution of one CA.
Electronic identification will come as a part of every-day life of all the Finnish citizens. Starting from December 1999, Finnish people will be able to get a smart card based electronic identification. With that card, several public services can be reached from the Internet and other remote terminals. Internet is not safe by default so we must use strong public-key cryptography and other methods to improve the network security.
We specified smart card as a plastic card, which has an integrated circuit included. We examined the basic smart card techniques and their use in the FINEID project. Attacks against smart cards can be classified by categorizing them by the parties involved in the attack action. Attackers can be categorized based on their skills and available funding resources and tools. EID Smart card system must be secured against the most powerful attackers. We must tamperproof the cards and also secure the card readers and computers, which they attach to. Also all the other modules in the EID system must be secured.
We noticed that FINEID project doesnīt specify all the security issues properly. Neither do the standards the specifications are based on. Tamperproofing and the trusted terminal problem are major parts of the security and they are hardly mentioned in the specification. FINEID project specifies also that weīll have the Finnish Population Register Centre as a certification authority. To have only one CA is also considered as security a risk.
| IC | Integrated Circuit |
| EID | Electronic Identification |
| CA | Certificate Authority |
| ROM | Read Only Memory |
| EPROM | Erasable Programmable ROM |
| EEPROM | Electronically Erasable Programmable ROM |