E-Book, Englisch, 392 Seiten
Mayes / Markantonakis Smart Cards, Tokens, Security and Applications
1. Auflage 2007
ISBN: 978-0-387-72198-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 392 Seiten
ISBN: 978-0-387-72198-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Providing a broad overview of the many card systems and solutions in practical use today, this state-of-the art work is written by contributing authors who are active researchers and acknowledged experts in their field. A single book cannot be found to match both the breadth and depth of content. The book combines a cross-discipline overview of smart cards, tokens and related security and applications plus a technical reference to support further research and study. A step-by-step approach educates the reader and by the end of the book the reader should be able to play an educated role in a smart card related project.
Autoren/Hrsg.
Weitere Infos & Material
1;Founders Message;6
2;Foreword;7
3;Preface;9
3.1;Structure of the book;9
4;Acknowledgements;12
5;Contents;13
6;List of Figures;21
7;List of Tables;25
8;List of Contributors;27
9;List of Reviewers;32
10;An Introduction to Smart Cards;33
10.1;1.1 Introduction;33
10.2;1.2 What is a Smart Card?;34
10.2.1;1.2.1 Magnetic Stripe Cards;34
10.2.2;1.2.2 Chip Cards;37
10.2.3;1.2.3 Microprocessor Chip Cards;38
10.2.4;1.2.4 Contact-less Smart Cards and RFIDs;38
10.2.5;1.2.5 Smart Tokens;39
10.3;1.3 Smart Card Chips;40
10.4;1.4 Tamper Resistance;43
10.5;1.5 Smart Card Characteristics;44
10.6;1.6 Issuer Control;45
10.7;1.7 Current Applications for Smart Cards;46
10.7.1;1.7.1 Mobile Telephony;47
10.7.2;1.7.2 Banking;49
10.7.3;1.7.3 Transport;49
10.7.4;1.7.4 Identity and Passports;50
10.7.5;1.7.5 Entitlement and Health;50
10.7.6;1.7.6 Physical and IT Access Control;51
10.7.7;1.7.7 Satellite TV;52
10.8;1.8 Smart Card Application Development;52
10.9;1.9 Development, Roll-Out and Lifecycle Management Issues;54
10.10;1.10 In Conclusion;55
10.11;Acknowledgement;56
10.12;References;56
11;Smart Card Production Environment;58
11.1;2.1 Introduction;58
11.2;2.2 Smart Card Production Steps ;60
11.2.1;2.2.1 Overview;60
11.2.2;2.2.2 Card Body Manufacturing;60
11.2.3;2.2.3 Personalization and related Services;66
11.2.4;2.2.4 Security and Quality;75
11.2.5;2.2.5 Current Trends;77
11.3;2.3 In Conclusion;79
11.4;Useful Websites;79
11.5;Glossary;80
11.6;References;81
12;Multi Application Smart Card Platforms and Operating Systems;82
12.1;3.1 Introduction;82
12.1.1;3.1.1 Smart card Platform Evolution;83
12.2;3.2 Java Card;86
12.2.1;3.2.1 Java Card Forum;86
12.2.2;3.2.2 Java Card Technology;87
12.3;3.3 GlobalPlatform;95
12.3.1;3.3.1 The GlobalPlatform Association;95
12.3.2;3.3.2 The GlobalPlatform Card Specification;96
12.4;3.4 Multos;103
12.4.1;3.4.1 The MULTOS Consortium;103
12.4.2;3.4.2 MULTOS Specification;104
12.4.3;3.4.3 The Multos Card Architecture;104
12.4.4;3.4.4 Multos Executable Language (MEL);104
12.4.5;3.4.5 The Application Abstract Machine;106
12.4.6;3.4.6 Application Loading and Deletion;106
12.4.7;3.4.7 Communicating with a Multos Smart Card;107
12.4.8;3.4.8 Multos Files;107
12.4.9;3.4.9 Multos Security Features;107
12.5;3.5 Smartcard.NET Card;108
12.6;3.6 BasicCard;109
12.7;3.7 WfSC;109
12.8;3.8 Conclusions;110
12.9;Acknowledgement;111
12.10;References;111
13;Smart Cards for Mobile Communications;115
13.1;4.1 Introduction;115
13.2;4.2 SIM/USIM Standards;117
13.3;4.3 Subscriber Identity and Authentication;119
13.3.1;4.3.1 So how does SIM Authentication Work?;121
13.3.2;4.3.2 3G/USIM Authentication/Ciphering;122
13.3.3;4.3.3 SIM/USIM Authentication Algorithms;126
13.4;4.4 General Added Features;127
13.4.1;4.4.1 Phone Book;127
13.4.2;4.4.2 Roaming list;128
13.4.3;4.4.3 SMS Settings and Storage;128
13.4.4;4.4.4 Last Dialled numbers;129
13.4.5;4.4.5 Access Control Class;129
13.4.6;4.4.6 GPRS Authentication and encryption files;129
13.5;4.5 File Types;129
13.6;4.6 SIMs and USIMs Some Practical Comparisons;130
13.7;4.7 (U)SIM Value Added Services;133
13.8;4.8 The (U)SIM as a Handset Security Module;137
13.9;4.9 The Future Evolution of the (U)SIM;138
13.10;4.10 Conclusions;141
13.11;References;142
14;Smart cards for Banking and Finance;144
14.1;5.1 Introduction;144
14.2;5.2 Payment Card Technologies;145
14.2.1;5.2.1 Magnetic Stripe Cards;147
14.3;5.3 Smart Cards and EMV;149
14.3.1;5.3.1 Card Authentication;150
14.4;5.4 Cardholder Not Present Transactions;154
14.4.1;5.4.1 Purchase from a Genuine Merchant Using Someone Else’s Payment Details;155
14.4.2;5.4.2 Genuine Purchaser Buying from a Rogue Merchant;155
14.4.3;5.4.3 Third Party Attacker;156
14.5;5.5 Dynamic Passcode Authentication;157
14.6;5.6 Could a Mobile Phone be a Token Reader?;160
14.7;5.7 Token Authentication Examples;161
14.8;5.8 E-Commerce Solutions;162
14.8.1;5.8.1 3D-Secure;162
14.8.2;5.8.2 Thoughts on 3D Secure;165
14.9;5.9 Just Wave Your Card to Pay;165
14.10;5.10 Concluding Remarks;166
14.11;References;166
15;Security For Video Broadcasting;168
15.1;6.1 Introduction;168
15.2;6.2 Digital Video Basics;170
15.3;6.3 Scrambling;171
15.4;6.4 Synchronisation;172
15.5;6.5 Key Delivery;173
15.6;6.6 Access Requirements;174
15.7;6.7 Key Hierarchy;175
15.8;6.8 Implementation;176
15.9;6.9 In Conclusion;181
15.10;References;182
16;Introduction to the TPM;184
16.1;7.1 Introduction;184
16.2;7.2 Trusted Platforms;185
16.2.1;7.2.1 Fundamental Features of a Trusted Platform;186
16.2.2;7.2.2 Additional Features;188
16.3;7.3 TPM Features;189
16.3.1;7.3.1 TPM Components;189
16.3.2;7.3.2 I/O Block;189
16.3.3;7.3.3 Non-Volatile Storage;190
16.3.4;7.3.4 Attestation Identity Keys;191
16.3.5;7.3.5 Platform Configuration Registers;192
16.3.6;7.3.6 Programme Code;192
16.3.7;7.3.7 Execution Engine;192
16.3.8;7.3.8 Random Number Generator;193
16.3.9;7.3.9 SHA-1 Engine;193
16.3.10;7.3.10 RSA Key Generation;193
16.3.11;7.3.11 RSA Engine;194
16.3.12;7.3.12 Opt-In;194
16.3.13;7.3.13 Other Features;196
16.4;7.4 TPM Services;196
16.4.1;7.4.1 Roots of Trust;196
16.4.2;7.4.2 Boot Process;197
16.4.3;7.4.3 Secure Storage;197
16.4.4;7.4.4 Attestation;198
16.5;7.5 In Conclusion;200
16.6;References;200
17;Common Criteria;202
17.1;8.1 Introduction;202
17.2;8.2 Evolution of National and International Standards;203
17.2.1;8.2.1 International Recognition;204
17.2.2;8.2.2 The need for security benchmarks;205
17.3;8.3 Evaluation Practicalities;206
17.3.1;8.3.1 Types of evaluation;207
17.3.2;8.3.2 Evaluation Assurance Levels;208
17.3.3;8.3.3 Augmentation of Assurance Levels;208
17.4;8.4 Evaluation Roles;209
17.4.1;8.4.1 Performing Evaluations;210
17.5;8.5 Developing Protection Profiles and Security Targets;211
17.5.1;8.5.1 Establish the security environment;211
17.5.2;8.5.2 Establish Security Objectives;212
17.5.3;8.5.3 Establish Security Requirements;212
17.5.4;8.5.4 Establish TOE Summary Specification;213
17.5.5;8.5.5 Establish Rationale;213
17.5.6;8.5.6 Claiming Compliance with Protection Profiles;214
17.6;8.6 An Example;214
17.6.1;8.6.1 Establish the Security Environment;215
17.6.2;8.6.2 Establish security objectives;215
17.6.3;8.6.3 Establish Security Requirements;216
17.6.4;8.6.4 Establish TOE summary specification;217
17.6.5;8.6.5 Establish Rationale;218
17.7;8.7 Deliverables;218
17.8;8.8 Evaluation Composition;219
17.9;8.9 In Conclusion;221
17.10;Useful Websites;221
17.11;Glossary;222
17.12;References;222
18;Smart Card Security;224
18.1;9.1 Introduction;224
18.2;9.2 Cryptographic Algorithms;226
18.2.1;9.2.1 Data Encryption Standard;226
18.2.2;9.2.2 RSA;228
18.3;9.3 Smart Card Security Features;231
18.3.1;9.3.1 Communication;231
18.3.2;9.3.2 Cryptographic Coprocessors;232
18.3.3;9.3.3 Random Number Generators;233
18.3.4;9.3.4 Anomaly Sensors;234
18.3.5;9.3.5 Chip Features;234
18.4;9.4 Side Channel Analysis;236
18.4.1;9.4.1 Timing Analysis;236
18.4.2;9.4.2 Power Analysis;237
18.4.3;9.4.3 Electromagnetic Analysis;242
18.4.4;9.4.4 Countermeasures;243
18.5;9.5 Fault Analysis;245
18.5.1;9.5.1 Fault Injection Mechanisms;246
18.5.2;9.5.2 Modelling the Effect of a Fault;247
18.5.3;9.5.3 Faults in Cryptographic Algorithms;247
18.5.4;9.5.4 Countermeasures;250
18.6;9.6 Embedded Software Design;251
18.6.1;9.6.1 PIN Verification;251
18.6.2;9.6.2 File Access;253
18.7;9.7 In Conclusion;254
18.8;References;254
19;Application Development Environments for Java and SIM Toolkit;258
19.1;10.1 Introduction;258
19.1.1;10.2.1 Limitations;260
19.2;10.2 Smart Cards Characteristics;259
19.3;10.3 SIM Cards;261
19.4;10.4 Java Card;262
19.4.1;10.4.1 The Java Card Framework;264
19.5;10.5 Java SIM;267
19.5.1;10.5.1 sim.toolkit;268
19.5.2;10.5.2 sim.access;271
19.6;10.6 Application Development Tools;272
19.6.1;10.6.1 Compilers & Integrated Development Environments;272
19.6.2;10.6.2 Simulators;273
19.6.3;10.6.3 Protocol Analysis (Spy) Tools;274
19.6.4;10.6.4 Utilities;275
19.7;10.7 Mobile Phone Applications and the (U)SIM;276
19.7.1;10.7.1 SATSA;277
19.7.2;10.7.2 A Word on Testing;279
19.7.3;10.7.3 SIM Dongle Example;280
19.8;10.8 Looking To The Future;282
19.9;10.9 Concluding Remarks;282
19.10;References;283
20;OTA and Secure SIM Lifecycle Management;285
20.1;11.1 Introduction;286
20.2;11.2 The SIM Card As A Managed Platform;286
20.2.1;11.2.1 Common Stored and Managed Data;287
20.2.2;11.2.2 SIM Application Toolkit Interface SAT;288
20.2.3;11.2.3 Main Differences Between a SIM and a UICC/USIM Card;292
20.3;11.3 OTA - Over-The-Air Management;293
20.3.1;11.3.1 OTA Server Capabilities;295
20.4;11.4 Limitations and Improvements;296
20.4.1;11.4.1 Customer Managed Applications;298
20.5;11.5 SIM Lifecycle Management;299
20.6;11.6 In Conclusion;302
20.7;References;303
21;Smart Card Reader APIS;304
21.1;12.1 Terminology: Smart Card Reader, IFD, CAD and Terminal;304
21.2;12.2 OCF: OpenCard Framework;306
21.2.1;12.2.1 Overview;306
21.2.2;12.2.2 Example;308
21.3;12.3 PC/SC;309
21.3.1;12.3.1 Overview;309
21.3.2;12.3.2 Architecture;309
21.3.3;12.3.3 Various Implementations;312
21.3.4;12.3.4 Wrappers;315
21.3.5;12.3.5 Examples;316
21.4;12.4 STIP;318
21.5;12.5 In Conclusion;318
21.6;Acknowledgement;319
21.7;References;319
22;RFID and Contactless Technology;321
22.1;13.1 Introduction;321
22.2;13.2 Contactless Technology;322
22.2.1;13.2.1 Applications;325
22.3;13.3 Radio Frequency Interface;327
22.3.1;13.3.1 Communication Theory;328
22.3.2;13.3.2 Inductive Coupling;331
22.4;13.4 Standards;337
22.4.1;13.4.1 ISO 14443;337
22.4.2;13.4.2 ISO 15693;343
22.4.3;13.4.3 ISO 18000;345
22.4.4;13.4.4 ISO 18092/NFC;346
22.5;13.5 Conclusion;347
22.6;References;347
23;ID CARDS AND PASSPORTS;349
23.1;14.1 Introduction;349
23.2;14.2 ID Cards;350
23.2.1;14.2.1 Requirements and Constituents of Modern National ID Cards;350
23.2.2;14.2.2 International Standards for ID Cards;357
23.2.3;14.2.3 Optical Personalisation of ID Cards;359
23.2.4;14.2.4 Countries and Their ID Cards;363
23.3;14.3 E-Passports ;365
23.3.1;14.3.1 Introduction;365
23.3.2;14.3.2 Constituents of Passports;367
23.3.3;14.3.3 EU and ICAO Requirements;369
23.3.4;14.3.4 Security Protocols;370
23.4;14.4 Conclusion;371
23.5;References;371
24;Smart Card Technology Trends;372
24.1;15.1 Trends In Smart Card Technology – Today And The Future;372
24.1.1;15.1.1 History;373
24.1.2;15.1.2 Technology Choices;376
24.1.3;15.1.3 Technology Drivers;380
24.1.4;15.1.4 Technology Trends;389
24.1.5;15.1.5 Emerging Applications;395
24.2;15.2 Conclusions;401
24.3;References;402
25;Source Code for Chapter 12;405
25.1;A.1 C Language;405
25.2;A.2 Perl Language;409
26;Index;411
