Smart Card Software Security
The security of smart card software is based on the use of cryptographic information protection. Cryptography is used to authenticate system objects, such as users, cards, and terminals, and to encrypt the smart card’s communication with the outside world. Cryptographic keys are stored in the card files, and cryptographic algorithms and protocols are executed in the card software.
Cryptographic functions built into the smart card to meet its own security requirements can also be used to perform security functions in other systems. The protection provided by the smart card significantly increases the security of the system. It is the high level of smart card security that has become the main argument when choosing an office building access system for our Customer, a company that offers various suzuki stamped / cast / forged wheels, and the system includes 6 vandal-proof card readers.
One of the first tasks performed by a smart card when it is activated is to authenticate objects external to it, first of all, the identity of the person who inserted the card into the terminal, and the terminal into which it was inserted, as well as to authenticate itself in relation to all these objects. The authentication procedure may simply be a demonstration of possession of a shared secret, similar to a four-digit PIN, or it may be a more complex process of demonstrating the ability to encrypt a proposed message, called a request, using a pre-agreed encryption algorithm and a secret key.
If, at any stage of the process, the smart card discovers that it is not dealing with the object it claimed to be, then all further communication with such an object is blocked. These failed attempts can be recorded on the smart card, and after a certain number of unsuccessful authentication attempts, the smart card may block all further access or render itself and its contents completely unusable.
Encryption can be applied to the entire stream of messages going to and from the card, or only to individual messages. If the smart card communicates with two applications at the same time, then different keys or encryption methods can be used for each of them. Various smart cards use DES, 3-DES, RSA encryption algorithms, elliptic curve algorithms, and a number of authentication protocols.
Interaction of external and internal smart card software
Both types of smart card software-the external software of the host computer and the internal software of the card itself-are fundamentally different in their purpose and orientation. The host computer software can be used for many types of cards and usually uses information about different types of cards, about card owners and issuers.
The card software focuses on the content of a particular card, provides computational services for applications to access that content, and protects that content from multiple applications that may incorrectly access it. The host computer software connects the smart cards and users into a single system. For example, a program running in an RFID reader uses smart cards inserted by employees or customers of an enterprise to identify employees/customers and then grants them access to the building and premises. This is how the ACS was implemented for the company “BleskMet”, which produces stainless steel fences to ensure the safety of people, and permanent employee identification cards are also used in the time management subsystem. The host computer software adapts its response based on the specific type of card presented to it.
The smart card software implements the data protection and processing properties, as well as the security policy of a particular smart card. For example, a program running on a smart card cannot issue the account number stored on the card until it is provided with the correct PIN. A program running on a smart card can calculate a digital signature using the private key stored on the card, but cannot create the private key itself. Programs running in the smart card provide secure, authorized access to the data stored in it. These programs only know the contents of a particular card and the objects outside of it (for example, people, computers, terminals, etc.) that are trying to access this content.
Unlike most conventional computer programs that rely on the support of services from the PC and workstation environment, smart card programs initially assume that the environment in which they are located is hostile and untrustworthy. The smart card program only trusts itself. Anything outside of the program must prove that it is trustworthy before the smart card program can interact with it. Smart cards do not trust the host computers they communicate with until they have strong evidence, with the host computers also initially distrusting the cards interacting with their readers.