A smart card is also called an integrated circuit card, that is, an integrated circuit card. Depending on the integrated circuit used in the card, it can be divided into a memory card, a logical encryption card, and a CPU card. Since the CPU card integrates the CPU, memory and chip operating system (COS) to form a complete computer system with independent data processing capability, the security is greatly enhanced, and thus it has been widely used. Become a mainstream product in IC cards. This article focuses on CPU cards for discussion. COS is built on hardware such as CPU and memory. It is an operating system that manages chip resources and implements security and confidentiality. Its main functions are: Control the exchange of information between the smart card and the outside world, manage the memory in the smart card, and complete the processing of various commands inside the card.
1 Security system
According to the international standard ISO7816-4 of the contact integrated circuit (IC) card, the smart card security system consists of three parts: Security Status, Security Attributes, and Security Mechanisms. The security status refers to the security level at which the smart card is currently located, that is, the value of the current security status register. Security attributes, also known as access rights, are what the value of the security status register is required to perform an operation. In a broad sense, the security mechanism is a variety of security modes supported by the card. In a narrow sense, it is the method and means used to achieve the transfer of the security state. A security state is transferred to another state through the above security mechanism, and the security state is compared with a security attribute. If they are consistent, it indicates that the command corresponding to the attribute can be executed; if not, the related command cannot be executed. Thereby achieving the purpose of safety control. This is the basic working principle of the smart card security system, as shown in Figure 1.
.jpg)
The security mechanism is the key to the security system. The generalized security mechanism mainly involves three major functional modules: file operation, authentication system, and encryption/decryption.
2 file operations
2. 1 basic file structure
The file system is the basic module of COS, which is responsible for organizing, managing, and maintaining all data stored in the IC card. According to ISO7816-4, the file types supported by COS are: Master File (MF), Dedicated File (DF), and Elementary File (EF). The main file MF is the root of the file system, and there may be multiple directory files DF and basic files EF below. The directory file DF is divided into two types: DDF and ADF. The DDF can contain a subordinate directory ADF, and the ADF cannot contain subordinate directory files.
The main file MF is unique in the IC card and must exist. DDF refers to a DF containing multiple applications, and one ADF represents an application, and any DF is physically and logically independent. The basic file EF is used to store keys or user data, and is divided into a key file and a working basic file.
2. 2 file access control
The file access control can take the authentication register mode and the state machine mode. Here, the authentication register mode is taken as an example. Two four-bit registers are used to indicate the safety status: one register is called the MF's safety status register and the other is the current DF's safety status register. The initial value of each register is 0, the value of the security state security state circle execution command meets the command requirements of the security attribute key command to reject the security mechanism and then the dizzy smart card security system range is a value between 0 and F. The file has two different access control rights AC0, AC1. AC0 is the usage right, and AC1 is the modification permission, which is represented by one byte. When the value of the current security status register is greater than the lower nibble of the AC byte is less than its upper nibble, the corresponding read and write permissions of the file are satisfied in the safe state, and the related operations can be performed. The COS specifies the values ​​of AC0 and AC1 when setting up the file to set the access rights of the file. The password verification and external authentication can change the value of the security status register, thereby implementing the access control of the file by using the security mechanism. .
3 certification system
3. 1 User authentication
User authentication (also known as password verification) refers to the verification of the legality of the smart card to its holder to reduce the possibility of fraudulent use by illegal users. In a specific implementation, the user presents the password PIN that only the person knows to the smart card, and the smart card judges the correctness of the password. If it is correct, the verification is passed, and the current security status of the smart card is changed to the subsequent status of the PIN, so that the user obtains the corresponding usage right; if not, the value of the error counter is decremented by 1. If the number of error attempts reaches the upper limit of the error counter, the card will automatically locking.
3. 2 Internal and external certification
Internal Authentication refers to the verification of the legality of the smart card by the reading and writing device. External Authentication refers to the verification of the legality of the reading and writing device by the smart card. The principle of internal and external authentication is that the legal read/write device and the smart card should have corresponding internal and external authentication keys, and the forged read/write device or smart card cannot obtain the corresponding key. In the specific implementation, the read and write device and the card simultaneously use a symmetric encryption algorithm to encrypt a random number, and then judge the consistency of the two operation results or decrypt the other party by encrypting the other party to achieve the purpose of authentication. Similar to password verification, after the external authentication is passed, the value of the current security status register becomes the subsequent status of the external authentication key.
3. 3 secure messaging
In order to ensure the security of the information transmitted between the card and the outside world, in addition to transmitting data in clear text, COS provides a secure message transmission mode, the purpose of which is to ensure the reliability, integrity and authentication of the sender. Data integrity and authentication to the sender are achieved by using the Message Authentication Code (MAC). The reliability of the data is guaranteed by the encryption of the data domain.
The MAC is an explicit function of the message content and the secret key, and its output is a fixed length short block: MAC = C( M, K) . Where M is the message content, K is the secret key shared by both communicating parties, and C is the algorithm for generating the MAC value. Algorithm C requires that M1 and C(M1, K) be known, and M2 that satisfies C(M2, K) = C(M1, K) cannot be constructed, so the MAC can uniquely identify the original message. COS supports the following two methods of secure messaging:
(1) Line authentication method. The terminal calculates the MAC value for the entire command to be sent to the card, and appends it to the end of the transmitted command data, that is, A→B: M‖ C( M, K). After receiving the command, the card receives the key with the secret key K. M seeks the MAC value and compares it with C(M, K) to verify the correctness of the MAC value. Only the correct data is received. If the card has the response data returned to the terminal, it also uses the line authentication method. send. If M is tampered with, the MAC value calculated by the receiver is different from the correct value transmitted by the sender; if there is a fake illegal sender sending a message, since it cannot get the secret key K, it cannot get the correct MAC. value. Therefore, this method can guarantee the integrity of the transmitted data and the authenticity of the sender.
(2) Line encryption authentication method. The terminal encrypts the command data field to be sent to the card, and then calculates the MAC value for the entire command (including the command header and the encrypted command data field) and appends it to the end of the encrypted command data, ie, A→B. : E( M, K2 ) ‖C( E( M, K2 ) , K1 ) , after receiving the command, the card first uses K1 to verify the correctness of the MAC value, and then uses K2 to decrypt the DATA field data of the command to restore the command data field. Plaintext; if the card has response data returned to the terminal, it is also sent in line encryption authentication. Since the encrypted ciphertext is transmitted, only the receiving and sending parties share K2, so the line encryption authentication method not only provides the advantages of the line authentication method, but also ensures the reliability of the data.
4 add / decrypt
4. 1 Key Management
Key management for COS involves the generation, distribution, storage, and use of keys. According to the key classification principle, the keys involved in the smart card are divided into three levels: a master key, a secondary key, and a primary key. The advanced key generates a low-level key. The low-level key is controlled by advanced key management, which can reduce the number of directly secreted keys, simplify key management, and ensure key security. The master key is generated and maintained by the application management authority. The secondary key is distributed by the master key to each IC card through an algorithm. The process key is generated by the data specifically involved in each transaction.
According to the full security principle, security management runs through the process of generating, distributing, storing and using keys.
The master key is a truly random sequence generated by the authority in the case of security. According to the principle of separation of duties, a key is a full-time function, so according to the types of services involved in the COS application, a corresponding number of master keys should be generated. The subkey, that is, the secondary key, is generated by encrypting the unique application serial number of each user card by the corresponding master key. The process key, the primary key, is generated by encrypting certain specific data for each transaction by the secondary key.
The master key is manually assigned to ensure high security. The subkey is generated by the master key in the authority and downloaded to each card. The process key is generated in the card, and the “one time, one secret†method is adopted, and only the current transaction is valid, and the sensitive data of the transaction is protected.
The master key is stored in the management organization, has a long life cycle, and has the highest security requirements, and is stored in a highly secure dedicated cryptographic device. The subkey is stored in the key file under MF or DF and is valid during the establishment or deletion of the entire MF or DF. Since the process key is valid only for one specific transaction, the life cycle is short, dynamically generated during use, stored in the memory of the card, and destroyed after use. The subkey and process key are stored in the card in a non-visible form, and the card cannot be ejected at any time and cannot be explicitly read. The COS sets the security conditions for each key, and the key can only be used or modified if it meets a specific security status. When certain keys (such as personal PINs) are illegally attacked, they can also be automatically locked to ensure the key is resistant to attack.
4. 2 cryptographic algorithms and applications
4. 2. 1 symmetric cryptographic algorithm
DES, 3DES, AES are commonly used symmetric cryptographic algorithms. Symmetric cryptographic algorithms are used in COS involving internal and external authentication, security messages, and generation process keys. Figure 2 illustrates the generation process of the MAC based DES algorithm in secure messaging. Where D represents the eight-byte data block into which the encrypted data is divided, Ä« indicates XOR, and the resulting eight-byte result takes the left four bytes as the MAC value.
4. 2. 2 asymmetric cryptographic algorithm
Digital signatures are convenient and secure with public key ciphers. If COS supports public key cryptography, IC cards can be used as a secure carrier for digital signatures because of their independent data processing capabilities and good security. The private key used for signing is saved on the card and cannot be read under any circumstances. The process of signing is done in the card, which is more secure than signing with a private key on the host. The asymmetric algorithms currently available for COS are RSA, ECC, etc. For security and speed reasons, it is generally not the direct signature of the data, but the hash value is signed.
5 Financial smart card COS security
The financial smart card operating system is a COS that integrates banking applications based on the general COS. Electronic passbooks and e-wallets are the two most important financial applications. They can support five types of inventory, circle, consumption, cash withdrawal and modification overdraft limit. Types of transactions, which can be used to replace cash and checks in the circulation field, become a convenient carrier for electronic money in the field of money, so the safety requirements are higher. As a specific application of the general COS, the financial COS relies on the security system of the general COS in the transaction process, as well as the unique security measures of the financial transaction. The following is a detailed description of the financial COS transaction process and application security in conjunction with JETCOS.
5. 1 transaction process
A circle is a transaction in which funds on a bank account are transferred to an electronic passbook or wallet; a circle is a transaction in which funds in an electronic passbook are transferred to a bank account; consumption is consumed on a bank POS using an electronic wallet or an electronic passbook Transaction; cash withdrawal is the transaction of withdrawing cash on the bank terminal using an electronic passbook; modifying the overdraft limit is a transaction that modifies the electronic passbook overdraft limit. The following is an example of JETCOS's electronic passbook transaction as an example of the process of secure transactions (Figure 3).
.jpg)
.jpg)
(1) The terminal initiates a circle transaction in accordance with the format of the Application Protocol Data Unit (APDU) to the IC card: CLA INS P1 P2 Lc DATA Le80 50 00 01 0B Key Identifier + Transaction Amount + Terminal number 10 is specified by CLA, INS, P1, P2. The command is the initialization of the electronic passbook, Lc indicates the length of DATA, and Le indicates the length of the data that is expected to be returned after the command is completed.
(2) The IC card is initialized. First, the transaction amount in the DATA field is added to the balance of the passbook to check whether the excess limit of the deposit is exceeded. If it overflows, the error code "6985" is returned (the amount overflows), otherwise it continues; then according to the key in the DATA field The identifier finds the circled key in the card, and uses the generated pseudo-random number, online transaction serial number and "8000" to generate the process key; and then uses the process key to generate information such as transaction amount and terminal number. MAC1, and sends MAC1 and MAC1 to the host for the host to verify the legality of the IC card. Since the pseudo-random number and transaction number of each transaction are different, the process key is also different. The “one time and one secret†approach ensures the security of sensitive data for the transaction. The response message field returned after successful execution of the queue initialization command is: DATA SW1 SW2 original balance + online transaction serial number + key version number + algorithm identification + pseudo random number + MAC1 90 00 where DATA field is the data passed to the host, SW is the return code, and "9000" means the command was successfully executed.
(3) The host performs the loop processing on the host side. Since the host has already loaded the circled master key, the host can calculate the card's circled subkey according to the application serial number of the card, and then the DATA generation process key and corresponding MAC value transmitted by the IC card are compared with MAC1. If it is not the same, it will return error code "9302" (MAC error), otherwise it will continue to execute, thus ensuring the integrity of the data transmitted by the IC card and the authentication of the IC card identity by the host. After the confirmation is valid, the host deducts the amount of the deposit from the bank account, and generates the message authentication code MAC2, which is used for the authentication of the host by the IC card.
(4) The terminal sends a main process command to the IC card, where the DATA field data is generated by the host side transaction: CLA INS P1 P2 Lc DATA Le
80 52 00 00 0B Trading Date + Trading Hours + MAC2 04
(5) The IC card performs the main process of the deposit. The MAC value is generated by using the process key of the current transaction and the related item of the host passing DATA, thereby verifying whether the MAC2 is valid. After the confirmation is valid, the substantive transaction is completed: the transaction amount is added to the balance, the online transaction serial number is updated, the transaction details file is updated, and the TAC key is used to generate the relevant information according to the transaction, the new balance, the transaction serial number, and the transaction time. Transaction Authentication Code (TAC) is used to verify the success of the IC card end-circle transaction. The response message field returned after the successful execution of the circle command is: DATA SW1 SW2TAC 90 00
(6) The IC card passes the TAC to the terminal, which can be used by the host to verify the success of the transaction later.
5. 2 Application Security
(1) Transaction state machine. A complete financial transaction consists of the transaction initialization and transaction master process, and the initialization and main process must be the same type of transaction. The status of the card is: idle state, circled state, circled state, consumed/cashed state, and modified state. The main transaction process of the same type can only be carried out when the transaction is initialized and enters the corresponding transaction status. Use the lower five bits of the word PSW in the memory system area to mark five states. For example, the initial state of the card is an idle state, and after the execution of the buffer initialization, the b1 bit of the PSW is set to 1, that is, the transaction state is a circular state. When performing the main process, check whether the bit is 1 or not. If yes, execute the main process of the circle. After the execution is successful, set the PSW back to idle state; if not, return the error code "6901" (invalid status), circle The saver process is not executed. Table 1 illustrates the various changes of the transaction state machine: The transaction initialization can be executed in any state, and the transaction state changes to initialize the corresponding state after execution; the transaction main process must be executed in the corresponding transaction state, and return to the idle state after execution; If the type of the main transaction process and the transaction status do not match, the main process is not executed. The balance and transaction authentication can be performed in any state without affecting the current transaction status.
Table 1 Change in trading status
.jpg)
(2) PIN verification. Universal COS user authentication refers to the COS authentication of the user identity and can change the current security status, but user authentication is not required. The PIN verification here is the verification of the user identity required by the specific financial transaction type. In addition to the e-wallet consumption does not need to verify the PIN, all other transaction types must submit a personal password (PIN), here also by checking the PSW value to check whether the PIN has been verified. The b9 bit of the PSW is used as the PINVer_OK flag. When the user enters a valid personal password from the financial terminal, the password is verified and the bit is set to 1. Check whether the bit is 1 when the transaction is initialized. If yes, continue execution, otherwise return error code "6982" (safety status is not satisfied).
(3) CRC check. When the transaction is initialized, the relevant information is read from the passbook/wallet file. When the transaction process is updated, the passbook/wallet file needs to read and write the FLASH memory, and then check the CRC before reading, recalculate the CRC after the update and write the relevant file in the FLASH. The header is checked for the next time, thus ensuring the security of the physical process of reading and writing and the integrity of the file.
(4) Backup write. Smart cards are able to maintain data integrity during transaction processing, including card pull or power loss, which requires that all updates to each transaction be completed in one go. For this reason, the FL_RESTOREBUF area is opened in FLASH as a write buffer in JETCOS. Each transaction needs to update the FLASH update data not directly, but first writes to the FL_RESTOREBUF area, and the concatenation flag FL_RESTORETAG is 0. When the transaction is processed, Call the RestoreData subroutine to check that FL_RESTORETAG is 0 at this time, and then update to the corresponding address of FLASH from the FL_RESTOREBUF area. If the update is successful, the reset flag FL_RESTORETAG is 1. If you encounter a card pull or power failure during the process of updating the FLASH, COS will call Restore-Data again during initialization. If the first RestoreData is not successful, the FL_RESTORETAG is 0, then the corresponding address of the FLASH is re-updated; if the first RestoreData succeeds, the FL_RESTORETAG is 1, so there is no need to restore the data again. This mechanism guarantees the consistency of the updated data when the card is pulled or powered down.
6 Conclusion
The security of COS is based on software security. The security of IC card system also needs to deal with hardware attacks, analysis attacks, application attacks and system attacks. Smart cards, especially financial IC cards, have not been widely used in the financial system. It is necessary to strengthen the anti-attack capability from hardware, stability and use environment. COS must also strengthen the ability of anti-debugging and tracking.
(Wen/Computer College, Wuhan University, Yang Fan, Zhang Huanguo)
Power Bank Display Stand,Power Bank Rack,Power Bank Display Floor Stand Unit,Power Bank Product Display Unit
Dongguan Display Leader Co., Ltd , https://www.displayonestop.com