2020年4月6日星期一

Smart Card Security Mechanism and Its Defense Strategy

0 Preface

With the development of information identification technology and the increasing social requirements for information security, smart cards have emerged as a new type of information storage media. The development and application of smart cards involves microelectronics, computer technology, and information security technologies. They are widely used in industry management, network communications, medical and health care, social insurance, public utilities, financial securities, and e-commerce. The degree of modernization of people’s lives and work has become one of the symbols of measuring a country’s level of technological development. A smart card is a card made by inserting an integrated circuit chip having storage, encryption, and data processing capabilities on a plastic substrate, and has temporary or permanent data storage capabilities. The data content can be processed internally, judged, or read externally; logically Mathematical processing power, used for the processing needs of the chip itself, as well as identifying and responding to externally provided information, is similar in appearance to a credit card made of an ordinary magnetic card, but slightly thicker. The hardware of the smart card mainly includes two parts: a microprocessor and a memory. The logical structure is shown in Figure 1.

The microprocessor inside the smart card generally uses an 8-bit word length CPU, and of course, higher-level microprocessors are also beginning to be used. The main function of the microprocessor is to accept the commands sent by the external device, analyze it, and control the access to the memory as needed. During the access, the microprocessor provides the memory with the address of the data unit to be accessed and the necessary parameters. The memory transfers the corresponding data to the microprocessor according to the address. Finally, the microprocessor processes the data. In addition, various operations (such as cryptographic operations) performed by the smart card are also performed by the microprocessor. It is the smart card operating system COS that controls and implements the above process. The memory capacity in a card is generally not very large, and the memory is usually composed of a read-only memory ROM, a random-access memory RAM, and an electrically erasable programmable memory EEPROM. Among them, the ROM is cured by the operating system code, its capacity depends on the microprocessor used; RAM is used to store operating data, the capacity is usually not more than 1KB; EEPROM is stored various information of the smart card, such as encrypted data and Application files, etc., usually have a capacity of between 2KB and 32KB. This part of the storage resources is available for users to use.

Smart card hardware structure

Figure 1 The hardware structure of the smart card

1 Smart Card Security Mechanism

The advantages of smart cards are mainly reflected in the vast storage space and reliable security mechanisms. The security mechanism can be summarized as follows: authentication operation, access control and data encryption.

1.1.1 Authentication Operation

The authentication operation includes cardholder's authentication, card authentication and terminal authentication. The cardholder's authentication generally adopts the method of submitting a password, that is, the cardholder enters only a special character string known by the user through the input device, and then the operating system checks it. The authentication of the card and the authentication of the terminal mostly adopt an encryption algorithm, and the authenticated party encrypts the random number with a pre-agreed password, and the authentication party decrypts and then checks the random number.

1.1.2 Access Control

Access rights control mainly limits the rights of operations involving protected storage areas, including reviewing and restricting user qualifications and rights, preventing unauthorized users from accessing data, or allowing unauthorized users to access data. Each protected memory area is provided with read, write, and erase operation access authority values. When the user operates the memory area, the operating system checks the validity of the operation. If this operation is allowed, the user operates normally; otherwise, if this operation is restricted, the user is required to provide relevant parameters. When the user cannot provide the correct parameters, this operation is aborted.

In smart card systems, the organization of information storage is in the form of documents. Each file has a file header. The main contents of the file header include the file identifier, file length, file start address, file hierarchy membership, and access permission value. The access permission value indicates the operation supported by this file. .

In practical applications, the information transmitted between all smart cards and terminal devices such as card readers is encrypted to avoid theft and tampering on the communication line. Currently widely-available encryption algorithms include symmetric encryption algorithms and asymmetric encryption algorithms. Theory proves that when the key length used by the symmetric encryption algorithm is 64 bits, if the key algorithm is used to decrypt the encryption algorithm, it takes tens of thousands of years to use a general processor; however, it takes a huge amount of time to shorten the time. Financial and material resources. At the same time, in order to ensure security, people also adopt a method of limiting the number of trials to the key. If a correct password cannot be input during a given number of key input processes, the card will enter a deadlock state and will not respond to any user. Operations can only be resumed by publishers, which prevents illegal users from trying out passwords using brute-force or guesswork.

2 Data Encryption Technology

Encryption technology is a technical measure adopted to improve the security and confidentiality of information systems and communication data, and to prevent confidential data from being broken down externally. With the development of information technology, information security has increasingly attracted people's attention. At present, in addition to strengthening the security protection of data and information in laws and management, various countries also take measures in hardware and software in terms of technology to promote the continuous development of physical prevention technologies and data encryption technologies. Data encryption technology can be classified into two types: symmetric encryption (DES) algorithm and asymmetric encryption (RSA) algorithm according to whether the key is public or not.

In a symmetric encryption algorithm, the encryption key and the decryption key are the same, and for the sake of security, the key is periodically changed. Symmetric encryption algorithms are fast, so they are widely used in applications where large amounts of data are processed. The key to this technology is to ensure the security of the keys. Symmetric encryption system is by far the most widely used and most secure encryption system, and it is also a typical representative of traditional block cryptography. In the design of symmetric encryption algorithms, people use spreading and chaos to conceal information, select replacement, shift, and modulo-2 addition to form the basic unit of the algorithm, and thus the encryption algorithm can be implemented on any ordinary computer. The most noticeable aspect of the symmetric encryption algorithm is that its algorithm and data are fully disclosed. With the characteristics of the DES algorithm, the use of the brute force method can theoretically be used to find the used key. However, the current computer processing speed and cost cannot Do it. In addition, in the past 20 years since the publication of DES, countless professionals have done a lot of research on the security of DES. To date, no one is convinced that it can be defeated. However, a worrying issue with DES is that it is easy to intercept when transmitting keys, which poses a threat to security.

In asymmetric encryption algorithms, there are a public key and a private key, respectively, and the public key is disclosed and the private key is kept secret. There is a one-to-one relationship between public and private keys. Data encrypted with public keys can only be decrypted with a private key, which is less efficient than symmetric encryption algorithms. The data sender uses its own private key to encrypt the data, and the recipient uses the sender's public key to decrypt the private key. Because of the strict correspondence between the private key and the public key, one key can be decrypted only with another key. It ensures that the sender cannot deny sending data and completely simulates the real-life signature. Asymmetric cryptographic algorithms arise from a well-known mathematical problem, that is, it is easy to find the product of two large prime numbers, and it is difficult to decompose the products of two large prime numbers. It is an NPI class problem and there is no effective solution yet.

The RSA algorithm itself is conceptually very simple. It treats plaintext as a number and performs specific exponential operations. Encryption and decryption can be performed in any order, and multiple encryptions and decryptions can be exchanged. These characteristics make it a very ideal. The algorithm. However, when this algorithm is used to compute 200-decimal digits and large-value data with 200-decimal digits as exponents, ordinary computers are difficult to handle. Therefore, RSA applications are rare. Nevertheless, its more reliable and effective security provides the basis for the development of data encryption technology.

One of the above two encryption algorithms can be used for mutual authentication and data encryption between the cardholder, the card and the terminal device.

3 smart card protection strategy

Although smart cards have greater information storage capacity and higher information security, some actors may adopt multiple methods to implement internal attacks on smart card security systems for political fanaticism, economic interests, or intellectual challenges. External attack. These attacks can be manifested as: Cardholders may try those systems do not give them permission to act, or use programs that designers ignore; malicious or lack of integrity cardholders to obtain and analyze system stored information by breaking encryption algorithm In order to extract huge profits, employees of the smart card issuing department or program operators look for opportunities to copy, analyze or steal data and hardware, or give special rights and benefits to those with whom they are associated; fake card criminal gangs may use analytical systems to obtain Right, or use a computer system to create false accounts or make false transactions; zealous hackers are keen to destroy the system, which is the most dangerous attack in all attacks, but only the government or the national financial system may suffer such attacks. As long as the motivation is strong enough, plus enough resources and time, there is always an opportunity for successful attack. Even the best encryption system will be subject to the "big game" type of adventurous attack, which will bring smart card system operators and users. huge loss.

In order to further improve the smart card's resistance to various attacks, the following strategies are needed to ensure its security:

(1) When manufacturing smart cards and card cores, the safety of the manufacturing process must be emphasized. The physical safety of the plant requires careful control. The manufacturer's identification number and serial number should be written into one-time programmable memory to latch data. In addition, when leaving the production floor, the smart card needs to be tested, and the safety registration mark is added after the test passes.

(2) The security of smart card systems is also reflected in software design. It is necessary to regulate the development of smart card software security standards against existing international and domestic standards, fully analyze and utilize the security features of the development platform, establish a full-featured smart card security function module library, and construct an efficient smart card security integration system to meet the high requirements. The application requirements of security requirements provide various aspects of information security protection. The security mechanisms of the software system include: the introduction of a security administrator mechanism, responsible for network security management, and collaborative management of resource access with the system administrator; using high-strength encryption algorithms and one-time passwords to ensure the security of communication transmission; Provide digital signature function, check data integrity, ensure non-repudiation; add audit monitoring function, give a warning to illegal access behavior.

(3) Data security is based on key security. Key management is an important method to ensure data security. Key management includes key generation and key transmission. An advanced key management system should securely generate various keys required for smart card reading, writing, and authentication operations, and ensure the security and consistency of key generation and transmission, and implement centralized key management. At the same time, it must also be accompanied by strict management rules and regulations.

(4) Biometrics technology is the most convenient and safe personal identification technology that uses human physiological and behavioral characteristics such as face, fingerprint, voiceprint, iris scan, and dynamic signature to identify individuals. Biometrics technology includes feature extraction, model training, and pattern recognition. Depositing the user's feature pattern in the smart card can greatly improve its security. When the smart card is authenticated, the computer can accurately determine the cardholder and the card. The matching degree of the storage mode can effectively enhance the anti-counterfeiting capability of the smart card.

(Text / Criminal Science and Technology Department, China Criminal Police College, Feng Qingzhi, Wang Zhiqun)

Set Bags

Kids Luggage Sets,Spinner Luggage Sets,Hard Shell Luggage Sets,Hard Shell Luggage Sets

Guangzhou Jerryan Leather Co.,Ltd , https://www.jerryanbag.com

没有评论:

发表评论