Cryptographic Application of Programmable Smart Cards

Berta István Zsolt <istvan.berta@ebizlab.hit.bme.hu>

Budapesti Műszaki Egyetem Üzleti Adatbiztonság Lab

Mann Zoltán Ádám <zoltan.mann@ebizlab.hit.bme.hu>

Budapesti Műszaki és Gazdaságtudományi Egyetem

Smart cards have been utilized excessively during the last couple of decades. In recent years though, a new generation of smart cards evolved: programmable smart cards. The distinguishing characteristic of these cards is not merely the presence of a CPU, but rather the ability to load and run separate programs.

In a complex, smart card based system this feature turns smart cards from passive data-storage devices into active computational units. In fact they contain a tamper resistant secure one-chip microcomputer able to execute various cryptographic functions. Moreover, their potential can be extended after the issuance of the card by uploading various new applications. However, the limited resources of the card (e. g. 4Mhz 8-bit processor, 8 kilobytes of storage capacity) require special programming methods and restrictions.

The authors had the opportunity at E-BizLab to develop security-oriented applications on different programmable smart cards of different vendors and architecture. Microsoft Smart Card for Windows Professional and Bull Odyssey 1.2, cards designed by two concurrent manufacturers on the market, were studied.

The first card examined more closely was Microsoft Smart Card for Windows Professional., which is still in beta. This fact had some negative consequences: incomplete and inconsistent documentation, some not implemented functions, bugs etc. However, this card possesses a cryptographic coprocessor that supports DES (Data Encryption Standard), a standardized encryption mechanism. The following features were implemented : encryption and decryption using ECB and CBC, message authentication (MAC) and card authentication. The results suggested that all major cryptographic schemes can be safely implemented in a smart card environment; the most crucial factor is speed.

Since any algorithm could be implemented on the card, the issuer would have wider possibilities than those the manufacturer planned for it. A smart card is a device designed to hide and protect data. An intelligent smart card extends the traditional one by containing not only data but also the operations on it. The data (e.g. a cryptographic key) is stored on the card, but cannot be accessed directly, only through pre-defined gateways: operations. These operations are provided by the applications running on the card thus improving the flexibility of the secure system.

From the results of their research the authors conclude that programmable smart cards do have a great potential in cryptographic computations. These new possibilities will most probably reshape the smart card world and sensitive applications in particular.