EMV application protection on smart cards

Unlike a normal personal computer, loading a program into memory and then executing it is not the main task for a smart card. Security mechanisms do not allow unauthorized program launches. In particular, you may need to authenticate the terminal for a specific application. In addition, the program code must be protected by at least a MAC address authentication code or a digital signature. Some smart card operating systems perform mutual isolation of memory areas of individual applications using software or hardware, so that the applications in the smart card cannot affect each other.

With strict compliance with security measures, computer applications that were inadvertently loaded during the operation of the card will not be able to distort the functionality and reduce the security of applications. In application information and control systems, the possibility of using falsified smart cards can never be completely excluded, regardless of how well these systems are protected from attacks. As a real example of the use of smart cards, we can cite the project of ACS (access control and management systems) implemented this month for the warehouse, which offers construction materials and tools on the market, and the implemented smart card system includes effective mechanisms for protecting users (company employees) by blocking fake and lost smart cards throughout the system. The procedures used for these purposes are highly dependent on the application in question and the system structure, but they can all be reduced to a few basic methods.

In a potentially insecure environment, there are certain risks of data intrusion between the smart card and the terminal. Since the transmission of information between the contactless smart card and the terminal is carried out over a radio frequency channel, eavesdropping is the most common threat to users of contactless smart cards. To protect against passive intruders engaged in data interception, encryption of the transmitted data between the card and the reader is used.

The security of applications on smart cards can be significantly enhanced by the smart card’s ability to implement a number of authentication procedures. These procedures include:
-user’s smart card authentication;

  • smart card authentication of a PC-based application;
  • authentication of the user (cardholder) by a remote object, usually by the server; authentication of the smart card by the application.

To prevent the use of fake or lost smart cards, it is necessary to maintain so-called “black lists”, which indicate the blocked smart cards. For example, if in a system with 10 million smart cards with 8-byte numbers, the number of blocked cards is one percent of the total number, the blacklist will contain data totaling 800 KB. However, if such a system requires blocking much more than one percent of smart cards due to attacks or losses, the size of the blacklist becomes impractical.

Smart cards can be checked against these lists in real time by on-line systems. In systems that operate partially or completely independently, the “black” or ” red ” lists should be updated and transmitted to the terminals as often as possible. This should happen at least on a daily basis, because otherwise the defense mechanisms based on blocking lists become ineffective.

Application of biometric identification methods for smart cards

The use of the PIN code is associated with another not obvious, but important problem. In many cases, entering and checking the PIN code not only identifies the user and confirms the legal ownership of this smart card. These operations can also be considered as a declaration of the intentions of the user, who, by entering the PIN code, declares his consent to a certain action. Unlike the PIN code, the use of biometric identification methods does not necessarily mean that the user declares his intention, since biometric features can be checked without the explicit permission of this person.

It should be noted that there is a growing interest in the use of biometric identification methods for smart cards. In some applications, these methods may be more secure and user-friendly than entering a PIN. In addition, biometric attributes cannot be transferred to another person as easily as a PIN code. As an example, we can point out the project of a distributed access control system (access control system) implemented by our specialists last quarter for one of the companies that integrated smart cards and a biometric fingerprint verification module. This module scans the fingerprints of the company’s employees and compares them with those stored in the card’s memory, and then sends the encrypted data to the terminal.

In a potentially insecure environment, there are certain risks of data intrusion. For contactless smart card users, eavesdropping is the most common threat. Since the transmission of information is not carried out through direct contact between the smart card and the terminal, but through a radio frequency channel, an intruder can easily intercept and eavesdrop on the transmission without the knowledge of the legitimate user or the terminal. This may lead to unwanted disclosure of information stored on the card that the user would not want to make public.

A specific example of an eavesdropping threat is a situation where a user confirms their identity to a smart card by entering a PIN code from a keyboard attached to the terminal. To prevent this type of attack, you need to protect the transmitted messages. To protect against passive intruders engaged in data interception, encryption of the transmitted data between the smart card and the reader is used. In particular, the PIN value sent from the terminal to the card to verify the authenticity of a legitimate user must be encrypted.