My understanding of smart cards is that they are a complete system on a chip. I.E. they have a processor and memory and can perform calculations independent of the system that is communicating with them.
I few questions:
- What type of microprocessor is typically used in a smart card?
- Did Gemalto create their own processor / architecture for this purpose?
- How does a smart card protect private keys from being read?
- I'm guessing that they can only be "written" into memory using contacts on the card, and not retrieved. Just a guess.
- What makes a smart card so "secure"? Anti-tamper? Internal encryption?
- I.E. why couldn't I put leads on it or somehow read out the memory from the card if I was willing to slice it apart?
- What kind of calculations is the smart card performing?
- Are unique hash values being generated each time the card is used to digitally sign?
- How is the card utilized in the encryption process?
Just general curiousity! Seems like we'll all be living with them for a while now gratis our new credit cards.
Edit: As this question is now closed, I will write my answer here in the question body. If it is deemed a worthy answer I would appreciate the question being unlocked so that I can turn it into a self-answered Q&A style posting. Thank you!
Answer
My primary reference for this posting is The Smart Card Handbook. The edition being referenced was authored in 2010, so it is slightly out of date. That being said, most of the fundamental concepts have not changed.
This answer should serve as a broad overview which is more specific than the Wiki article and satisfies the original list of questions being asked.
Types of smart cards
Smart cards come in two primary flavors: Memory cards & Microprocessor cards (pg. 18). The very first smart cards were memory cards with re-write protected cells that could only be written to once (pg. 6). These were utilized as phone system cards in France and Germany in the late 1980’s to mid 1990’s (pg 3, 6.). As the value on the card was used the new, decremented value would be written into a memory cell through the memory controller on the card. Once written the value could not be changed, thereby saving the current balance of the card and preventing someone from “buffering” the card by adding more value (pg. 6). On a simple magnetic stripe card it was easy to read the encoded balance and add more; with these smart memory cards that was no longer possible.
Smart Card Processors
Smart cards evolved further beyond this into the microprocessor variant. In the beginning microprocessor cards used 8 bit processors that could address a maximum of 65,535 bits of memory. As processor technology evolved so did the processors being utilized within Smart Cards. New 16 and eventually 32 bit processors were utilized, allowing for the addition of more and more address space within the memory of the card. Modern smart cards tend to use RISC processors, often based on the ARM architecture. They operate at a clock speed which depends both upon the amount of voltage being provided, the terminal’s clock speed and multipliers within the hardware of the smart card that can be utilized by software on the card. The Renesas AE551 (http://www2.renesas.eu/_pdf/20-100C.PDF) has a clock speed of 1-10mhz depending upon the voltage and external clock speed of the terminal. The maximum internal clock speed of the microcontroller is 12mhz at 3v. This particular microcontroller was new in 2010, so newer microcontrollers may operate at even faster speeds. For the purpose of power savings some smart cards are able to dynamically modify their internal clock multiplier, increasing or decreasing their speed while increasing or decreasing their current draw. This means that the internal clock can be modified for demanding encryption tasks and modified again when the demand is gone. For battery operated smart card terminals it is desirable to manage the amount of electricity being drawn at any given time. (Pg 83)
Microprocessor Smart Card Memory
Microprocessor smart cards store their base operating systems in ROM as ROM requires much less physical space for an equivalent amount of data as stored on other mediums (EEPROM, Flash memory) (pg 71.). Additional code for applications on the smart card can be installed into non-volatile memory on the microcontroller, thereby allowing the card to adapt to various roles and different systems (I.E. an electronic purse vs. an authentication mechanism).
At the time of the writing, the “Smart Card Handbook” mentions that few smart cards had integrated “Memory Management Units”. An MMU is designed to monitor applications running on the card and prevent those applications from reaching beyond the scope of their pre-defined memory address space. Instead, as of 2010, applications were independently verified to be secure prior to being installed onto the platform (pg 84). The authors note that this is not an effective solution to the problem.
Application development & security
An older text about installing java applications onto smart cards touches more deeply on the topic: Smart Card Application Development Using Java - 2002, 2nd edition. Pg 259, section 15.2.2 discusses security when installing applications on a smart card. The original smart card manufacturer imprints a security certificate on the card. A developer trying to install a new application on the card must provide an appropriate installation script that they have received from the "security domain" (the issuer of the security certificate on the card) before being able to execute the application installation. This extends a trust relationship from the card issuer to the developer and, hypothetically, prevents unwanted software from being installed onto the card.
Encryption & Decryption
To rapidly perform encryption and decryption tasks, dedicated hardware components are put in place for these algorithms. At the time of writing the Smart Card Handbook mentions that hardware support for DES was still present in smart cards and a coprocessor operating at 3.5mhz could complete a 3DES operation in as little as 150 microseconds. Coprocessors are also added for asymmetric encryption algorithms such as RSA and ECC with architectures as wide as 140 bits. Apparently, these dedicated coprocessors are so effective at their designed task that they can outperform desktop PCs (at least at the time of writing) (Pg. 88)
By performing encryption / decryption on the card itself and not utilizing the terminal this prevents malicious software on the terminal from being able to access the memory space of the encryption processes. Properly coded smart card applications will keep sensitive memory space away from all other applications and prevent private keys from being accessible to outside processes.
Java Card
Java Card has become a pervasive platform for the utilization of varied smart card architectures. By writing java programs and using the java virtual machine on the smart card hardware it becomes possible to create applications that can be applied broadly across many smart card types. The disadvantage of this is the requirement to interpret machine code from the java each time an application is run, however this is significantly outweighed by ever increasing processor speeds and the massive reduction in development work required to create applications (pg 87). To help resolve the run time drawbacks some smart cards are directly incorporating hardware that can execute java bytecode and elements of the Java Virtual Machine are being incorporated directly into the microcontroller’s hardware. This also has drawbacks in the form of additional space requirements, but the performance boost is worth the trade (pg 88).
Summary
So, basically, Smart Cards can be either memory cards or Microprocessor cards. Memory cards control how their memory is written to and read from, Microprocessor cards run approved applications that have been coded in a secure manner as to prevent outside applications from accessing their memory space. Processor types vary widely, but more commonly now we are seeing ARM and MIPS based 32 bit RISC architectures microcontrollers that natively support the use of Java Virtual Machine to enable easy application development. Encryption and decryption tasks can be passed through the card itself and handled outside of the terminal system that is utilizing the card. This gives a physical and software layer of separation and utilizes a “trusted” hardware space to perform sensitive tasking, making it even more difficult for bad actors to retrieve sensitive data.
References:
Smart Card Application Development Using Java
(final edit for addition of edit purpose to post).
