1. Field of the Invention
The invention generally relates to a system for testing, and verifying legitimacy of smart card or the like and for storing data therein. In particular, the system includes a hand-held, battery-operated, free-standing device for in-situ interrogating and/or programming smart cards by means of a card slot.
2. Description of the Related Art
Smart cards are expected to be a part of the information infrastructure of the future for everything from banking to telecommunications to retail. For example, worldwide, millions of smart cards are issues by the satellite television industry for conditional access and security. More than 210,000 contact-less smart cards called SmarTrip® have been issued to Metro® subway and commuter train riders in the Washington, D.C. and Northern Virginia area, each of which can store up to $200 value. The riders simply wave the cards, or the wallets/pockets containing the cards within 10 centimeters of the front side of a turnstile reader.
Smart cards are generally referred as a class of credit card-sized devices with varying capabilities, such as stored-value cards, contact-less cards, and integrated circuit cards (ICC). The circuitry in a smart card derives power from a smart card reader after the card is inserted into the reader. It includes pay-TV smart cards, prepayment meter tokens, remote locking devices for cars and mobile phone SIM cards. For example, Access Cards issued by Satellite TV distribution for providing certain programming to certain households has memory stored with data which determines what programs can be de-scrambled, and what programs cannot. The card is technically known as a Conditional Access Module (CAM). Data communication between a smart card and an application running on a computer is performed over a half-duplex serial interface managed by the smart card reader and its associated device driver. Smart card readers are either connected to a computer or communicating with the computer wirelessly.
The physical structure of a smart card is specified by the International Standards Organization (ISO) 7810, 7816/1, 7816/2 and 7812/3 which includes a printed circuit and an integrated circuit chip embedded a plastic card (dimensions of 85.60 mm×53.98 mm×0.80 mm). The capability of the smart card is decided by the integrated circuit chip which consists of a microprocessor, read only memory (ROM), non-static random access memory (RAM) and electrically erasable programmable read only memory (EEPROM). EEPROM stores the secret of the cryptographic algorithm, the keys stored, and the access control inside the smart card such that it becomes the targets of attackers. A physical interface allows data exchange between the integrated circuit chip and the card acceptor device (CAD). All the data exchanges are under the control of the central processing unit in the integrated circuit chip.
The confidentiality and integrity of all information stored on a smart card shall be ensured to protect the privacy of the cardholders and the business interests of the card issuers against fraud perpetrated by malicious cardholders, card thief, and commercial pirates. So far, commercial pirates have cost digital TV industry hundreds of millions of dollars. Smart cards in general are vulnerable to a variety of attacks, such as attacks via a terminal against a cardholder or attacks by a cardholder against a card issuer.
To combat attacks by a terminal against a cardholder, systems use software-only solutions, such as interactive logon, client authentication, and remote logon to verify smart cards. This approach requires signal transition to a remote computer, which is subject to interception.
The attacks by a cardholder, including a commercial pirate, against a card issuer may be classified into two categories: invasive attacks (physical attacks) and non-invasive attacks. Physical attacks, such as microprobing, access the chip surface directly to observe, manipulate, and interfere with the IC. For example, the circuit chip is tempered by removing its circuitry from the plastic card by a knife to cut away the plastic behind the chip module until the epoxy resin becomes visible, dissolving the resin by a few drops of fuming nitric acid, washing the acid and the away by acetone until the silicon surface is fully exposed. To read out EEPROM contents, microprobe techniques or circuitry reverse engineer can be applied. The security lock bit is erased by focusing UV light on the EEPROM, probing the operation of the circuit with microprobing needles, or using laser cutter microscopes to explore the chip. The techniques described above have been successfully applied by amateur pay-TV hackers, students and others with limited resources. Some of the techniques available in professionally equipped semiconductor laboratories.
Non-invasive attacks are custom-prepared for a specific processor type and software version to reproduce the information within seconds on another card of the same type. The attacked card is not physically harmed and the equipment used in the attack is usually disguised as a normal smart card reader. There are a lot of non-invasive attacks on particular designs, such as raising the supply voltage above its design limit, cutting the supply voltage below its design limit, exploiting design weaknesses in the hardware (including the manufacturer supplied ROM code), exploiting misfeatures in the EEPROM code, or their combinations. These non-invasive attacks are categorized in three groups, as disclosed in an article by Siu-cheung Charles Chan: 1. Logical attacks on the communication interface of the processor by exploiting security vulnerabilities found in the protocols, cryptographic algorithms, or their implementation. 2. Monitoring information with high time resolution to figure out the analog characteristics, such as power, current, of all supply and interface connections and any other electromagnetic radiation produced by the processor during normal operation. 3. Glitching by generating malfunction or confusion in the processor to provide additional access.
Non-invasive attacks are particularly dangerous in some applications because the owner of the compromised card might not notice that the cryptographic keys have been stolen, therefore it is unlikely that the compromised keys will be revoked before any abuse. On the other hand, invasive techniques require very little initial knowledge and usually work with a similar set of techniques on a wide range of products. Attacks therefore often start with invasive reverse engineering, the results of which then help to develop cheaper and faster non-invasive attacks.
In addition to the attacks on satellite TV, there have been a number of attacks on banking systems, telephone systems, and prepayment electricity meter systems. Most of the attacks documented there resulted from similarly opportunistic exploitation of design and operational errors, and some of the target systems were based on smart cards. As a consultant to some high-tech companies, the inventor has witnessed numerous successful attacks based on smart cards by commercial pirates on pay-TV systems via intentional clock and power supply glitches, which can often cause the execution of incorrect instructions by the smart card and offer access to data.
A microprocessor is basically a set of a few thousand flip-flops (registers, latches, etc.) that define its current state, and additional combinatorial logic that calculates from the current state the next state during every clock cycle. Some analog effects in such a system can be glitched. Power and clock transients are used in some processors to affect the decoding and execution of individual instructions. Glitching is basically momentarily dropping the electrical voltage being applied to the card at some point to bypass certain security areas on the card designed for keeping the EEPROM or ROM code secure. In a glitch attack, a malfunction is deliberately generated to cause the wrong state such that a single critical machine instruction is replaced with an arbitrary instruction. A glitch increases the program counter as usual but transforms either the conditional jump or the loop variable decrement into something else. Conditional jumps create windows of vulnerability in the processing stages of many security applications that often allows the pirates to bypass sophisticated cryptographic barriers by simply preventing the authentication execution of the code. Glitches can also aim to corrupt data values as they are transferred between registers and memory.
A clock glitch or a power glitch will affect only certain transistors in the chip. Since the pirates do not know in advance which glitch will cause wrong instructions in a specific chip, they have to find the information by a systematic search (trial-and-error) with a computer and other equipment. With the timing information, they then can reprogram legitimate digital satellite TV access cards with an ISO-7816 card programmer to allow the cards to “test” all channels available. There are a several websites marketing the tempered cards or equipment to temper legitimate access cards.
A card issuer in the digital TV industry can randomly launch an electronic countermeasure (ECM), i.e., an electronic signal sent down from the satellite to shut down or damage access cards such that the tempered cards can no longer authorize all channels. ECM's are type or brand specific, i.e., targeted against a particular type or brand of card. ECM's are usually based from a software analysis of the tempered cards and then the weaknesses are exploited in an ECM.
During a field investigation, fraudulent and legitimate smart cards are found and confiscated. These cards require interrogation to determine their legitimacy. In some cases, only limited access to evidence is allowed. A tool for easy and fast identification, verification of legitimacy, collection and storage of data is required.
Most hand-held smart card readers or authentication devices have limited memory and processing resources such that they have to be connected or wirelessly communicating with a computer or other external equipment to operate. For example, it may require a device to provide and supply operation or user data information. These limitations may degrade the security of the device in some circumstances as the external elements are unavailable, un-trusted or precarious. U.S. Pat. No. 5,682,027 shows a system and method for performing transactions and a portable intelligent device therefore. This patent also shows a portable ISO 7816 compliant device that has backup RAM and a display (FIG. 1; abstract). In addition, the system provides different access restriction levels. U.S. Pat. No. 5,748,737 shows a multimedia electronic wallet and generic card. This patent also shows a handheld, ISO 7816 compliant device (abstract).
Currently, there is a demand for a hand-held, battery-operated, free-standing smart card authentication device for in-situ interrogating and/or programming smart cards by means of a card slot.