Introduction To The Smart Card Information Technology Essay
A smart card is a card with embedded integrated circuits which can process data. This implies that it can receive input data which is processed and delivered as an output. There are two types of smart cards: memory cards and microprocessor card. Memory cards contain only memory storage components for example to store some data in the card. Microprocessor cards contain memory components and microprocessor components. The smart card is made of plastic, generally PVC, like the older credit cards with magnetic strip and its size is similar to the older credit cards.
There are two technologies to use the smart cards: contact smart card and contactless smart card. Contact smart cards transmit the data with the metal conductors or pins of the card. Contactless smart card transmits the data through radio frequencies and for example, they are used in electronic passports. The smart cards help to make easier the routine actions like user identification, user authentication, data storage, because they are devices with a small size and they can be carried in a simple wallet. An example of usage of a smart card is the user authentication in a large companies or instutions to sign-on or access in restricted areas.
To work with the contact smart card, the card has to be inserted in the smart card reader and when the communication is done between the reader and the contact pads of the card, so it is no necessary add a battery in the smart card because the energy is supplied by the reader to the card. The smart cards are defined in the standards The ISO/IEC 7816 and ISO/IEC 7810. The standards define the physical characteristic of the card, the communication protocol used, basic functionality…
Command APDU
The message structure used to transmit data between the smart card and the smart card reader is the Application Protocol Data Unit, or commonly called, APDU. The structure of an APDU is defined by the ISO/IEC 7816 standards and the concept of the command APDU is similar to the TCP/IP protocol in networks.
A command APDU is composed with a header and with a command body. The header consists of four bytes: Class (CLA), Instruction (INS), Parameter 1 (P1) and Parameter 2 (P2). The class byte indicates the standard which the command is executed, the instruction byte defines the command to execute and the two parameters (P1 and P2) are used to transmit extra information to the command.
The command body is composed with a maximum of three elements: Lc (length command), Le (length expected) and the data field. The length command defines the length of the data in the data field of the command APDU and the length expected contains the length of the data requested from the smart card, which is returned in the data field of the response APDU. The data field is the part where the data is sent to the smart card and it has a maximum length of 256 Bytes.
A command APDU has four different combinations, and in the next image each combination is called a case. The case 1 does not contain any command body, the case 2 contains the byte “Length command” from the data field, the case 3 is similar than the case 2 but in this case there are transmitted in the data field and the case 4 is the full command APDU.
Structure of the command APDU
More information in the chapter “6.5.1 Structure of the command APDU” from Smart Card Handbook (2004), Wolfgang Rankl and Wolfgang Effing.
Response APDU
The response APDU is the reply of a command APDU and it is composed of the status word and the data field. The status word (SW1 and SW2) informs about the processing status of the command execution and it is composed of two bytes and the standard defines a serie of status word. The data filed contains the data returned from the smart card wich was processed into the smart card. The length of the data field can be specified in the byte Le of the previous command APDU and the data field has a maximum length of 256 Bytes.
There are two variants for a response APDU and they are related in the next image. The first variant is a reponse APDU without data field and the second variant returns data to the reader.
Structure of the response APDU
More information in the chapter “6.5.2 Structure of the response APDU” from Smart Card Handbook (2004), Wolfgang Rankl and Wolfgang Effing.
Transmission protocols
There are two transmission protocols to transmit the data between the smart card and the reader. The T=0 transmission protocol transmit the data per bytes and has a poor layer separation.
The T = 1 transmission protocol transmit the data per blocks and is an asynchronous half-duplex protocol for smart cards. It is an improvement of the previous protocol, because it has a strict layer separation. This protocol features strict layer separation, which means that data destined for higher layers, such as the application layer, can be processed completely transparently by the data link layer.
A block in the T = 1 tranmission protocol consists of a prologue field, an information field and a epilogue field. The only part that is optional to send is the information field, which is composed by the command or response APDU. The structure of a block is showed below.
The structure of a T = 1 transmission block
The prologue field consists in three bytes: node address (NAD), protocol byte (PCB) and length (LEN). The node addres contains the destination and source addresses for the block, the protocol control byte supervises the transmission protocol and the length indicates the length of the information field, in other words, the command or response APDU.
The information field contains the command APDU and his content is not analyzed or used in this layer. The epilogue field is used to detect errors in the transmission of the block.
More information about the T = 1 transmission protocol in the chapter 6.4.3 (p. 409) from Smart Card Handbook (2004), Wolfgang Rankl and Wolfgang Effing.
Communication with smart cards
PC/SC (Personal Computer/Smart Card) is specification to integrate smart cards in a computing environment, particulary Windows environments, needing a driver of the smart card reader compatible with this specification. PC/SC is implemented in almost all the Microsoft operating systems like Microsoft Windows 2000, XP. For other computing environments, like Mac OS X or Linux there is a free implementation called PC/SC lite.
This specification allows to the applications to work directly with the smart card and it is available in the most used programming languages like C, C++, Java and Basic.
MUSCLE (Movement for the Use of Smart Cards in a Linux Environment) is a project created to coordinate the development of drivers for smart card readers and a API to help the applications to communicate with the smart cards in a Linux environment.
At first, it was started because for a long time the drivers required for using smart card with Linux were not available, but they were appearing, it was necessary establish an interface in Linux to work with smart card, for example, for operations such as logging on.
With regard to its architecture, MUSCLE is strongly passed on PC/SC, but in contrast to PC/SC the source code is available under a GPL license.
Java Card Technology
Java Card is a technology to develop applications to run in Java compatible smart cards. This applications, or commonly called applets, are designed to run securely on smart cards, because they are executed with a Java Card Virtual Machine inside the smart card. The Java card applets are very portable, because they can be executed in any Java compatible smart card and the applets are executed securely because this technology offers data encapsulation, an applet firewall, cryptographic functions and the features of the Java language.
Java Card 3.0 is a new version of this technology and it has two editions. The Classic Edition is an evolution of the previous version of Java Card and supports the previous java card applets developed. The Connected Edition includes a new virtual machine and a new environment to execute applets with network-oriented features.
However, we cannot use this technology with our smart cards because they are incompatible.
Module scard
The smartcard.scard module is a library to communicate in C language with the smart card readers compatible with the PC/SC specification. The module is the lower layer of the pyscard framework and it is an application programming interface to work with the smart card and provides the next functions:
SCardAddReaderToGroup
SCardBeginTransaction
SCardCancel
SCardConnect
SCardControl
SCardDisconnect
SCardEndTransaction
SCardEstablishContext
SCardForgetCardType
SCardForgetReader
SCardForgetReaderGroup
SCardGetAttrib
SCardGetCardTypeProviderName
SCardGetErrorMessage
SCardGetStatusChange
SCardIntroduceCardType
SCardIntroduceReader
SCardIntroduceReaderGroup
SCardIsValidContext
SCardListInterfaces
SCardListCards
SCardListReaders
SCardListReaderGroups
SCardLocateCards
SCardReconnect
SCardReleaseContext
SCardRemoveReaderFromGroup
SCardSetAttrib
SCardStatus
SCardTransmit
Answer to reset (ATR)
The smart card sends an Answer to Reset (ATR) after the smart card is inserted in the smart card reader, in other words, after the supply voltage, clock signal and reset signal have been applied. The ATR is made up of a data string, which contains various parameters related to the transmission protocol and the characteristics of the smart card. This data string, which contains at most 33 bytes, is always sent with a divider value (clock rate conversion factor) of 372 in compliance with the ISO/IEC 7816-3 standard.
In the main code of the smart card, the ATR is sent at the first to send to the reader the information about the smart card, but this information is provided by the external library included in the code.
More information in the chapter “6.2 Answer to Reset (ATR)” (p. 377) from Smart Card Handbook (2004), Wolfgang Rankl and Wolfgang Effing.
Advanced Encryption Standard (AES)
The Advanced Encryption Standard is a symmetric-key encryption standard based in the principle known as a Substitution permutation network. AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, but the block and the key sizes can be any multiple lengths of 32 bits. The blocksize has a maximum of 256 bits, but the key size has not theorically any maximum.
This algorithm came up as improvement of the Data Encryption Standard (DES) and nowdays, it is used deeply and it has been analyzed extensibely and some attacks have been published. This algorithm can be executed in an 8-bit microcontroller, like the microcontroller incorporated in the smart card used and it is used in other environments successfully.
About the security of AES, in the Advanced Encryption Standard article in Wikipedia there is a section about this topic, for more details, consults the Bibliography.
Electronic codebook (ECB)
The electronic codebook is an encryption mode to encrypt data in the symmetric-key algorithms and it is the simplest mode. In the electronic codebook, the message is divided in blocks of the same length and they are encrypted or decrypted sperately, like appears in the below figure.
Electronic Codebook (ECB) mode encryption
Electronic Codebook (ECB) mode decryption
If the plain text is longer than the block length, it has to be separated in blocks of a determinate length and if the length is not multiple of the block length, in the last block has to be added padding. It is not recommended to encrypt big amounts of blocks with the same key, because this encryption mode always returns the same byte encrypted of a byte of plain text. For example, if the same block to encrypt appears more than once in the plain text, this block is always the same cipher text.
For lengthy messages, the ECB mode may not be secure. If the message is highly structured, it may be possible for a cryptanalyst to exploit these regularities. For example, if it is known that the message always start out with certain predefined fields, then the cryptanalyst may have a number of known plain text-cipher text pairs to work with. If the message has repetitive elements with a period of repetition a multiple of b bits, then these elements van be identified by the analyst. This may help in the analysis or may provide an opportunity for substituting or rearranging blocks. (Cryptography and Network Security: Principles and Practice, William Stallings, 2010, p. 200).
Original
Encrypted using ECB mode
Other modes than ECB results in pseudo-randomness
The first image corresponds to the original message, the next image is the message encrypted using ECB and the last image is the message encrypted with improved versions of ECB. In the original message appears some parts that are identical, like the colours, so these parts always produces the same cipher text and it is easily to identify the original image.
More information in the chapter “6.2 Electronic code book” (p. 198) from Cryptography and Network Security: Principles and Practice (2010), William Stallings.
AVR timers / counters
Timer / Counter 0
Timer0 is an 8 bit timer/counter which can count from 0 to 0xFF in the microcontroller ATmega163. The used registers are:
Timer registers
TCCR0 (Timer/Counter 0 Control Register)
TCNT0 (Timer/Counter 0 Value)
Interrupt registers
TIFR (Timer Interrupt Flag Register)
TIMSK (Timer Interrupt Mask Register)
GIMSK (General Interrupt Mask Register)
In the timer mode of operation, the timer is provided by an internal signal. After each clock cycle the value of the TCNT0 register is increased by one. The clock rate is x times the oscillator frequency. The factor x can have the following values: 1, 8, 64, 256 and 1024 (for example: 1024 – the timer is increased after 1024 cycles of the oscillator signal).
This prescaling is controlled by writing one of the following values into the register.
Initial value
Used frequency
1
ck
2
ck/8
3
ck/64
4
ck/256
5
ck/1024
Timer / Counter 1
In contrast to timer 0, timer 1 is a 16-bit timer/counter in the microcontroller ATmega163.It can be used for longer counting sequences and the counting extent is between 0x0000 and 0xFFFF. The used registers are:
Timer registers
TCCR1A (Timer/Counter Control Register A)
TCCR1B (Timer/Counter Control Register B)
TCCR1L (Timer/Counter Value Low Byte)
TCCR1H (Timer/Counter Value High Byte)
OCR1AL (Output Compare Register A Low Byte)
OCR1AH (Output Compare Register A High Byte)
OCR1BL (Output Compare Register B Low Byte)
OCR1BH (Output Compare Register B High Byte)
ICR1L (Input Capture Register Low Byte)
ICR1H (Input Capture Register High Byte)
Interrupt registers
TIFR (Timer Interrupt Flag Register)
TIMSK (Timer Interrupt Mask Register)
GIMSK (General Interrupt Mask Register)
In the timer mode of operation, the timer is supplied by an internal signal. After each clock cycle the meter reading is increased by 1. This signal is produced by n times the amount of the oscillator signal. The factor x can have the following result: 1, 8, 64, 256 and 1024 (for instance: 1024- only after 1024 cycles of the oscillators the timer is raised, the frequency is only fosc/1024). These results can be set with register TCCR1B.
The timer is adjusted through writing the following results into the register initial value used frequency.
Initial value
Used frequency
1
ck
2
ck/8
3
ck/64
4
ck/256
5
ck/1024
Materials and method
The smart cards used in the project were FunCard 5 (Atmel AT90S8515 microcontroller) and FunCard ATmega163 (Atmel ATmega163 microcontroller), which are Atmel cards with microcontrollers and programmable memory.
To connect the smart card with the PC, the PC Twin smart card reader was utilized with the USB connection. To program the smart card, the Dynamite +Plus Smartcard Programmer was used.
The software used to the development of the project has been AVR Studio 4, Eclipse and Cas Studio. The interface between the smart card and the PC was developed under Eclipse, the program of the smart card was developed under AVR Studio 4 and to upload the hex file obtained through the AVR Studio, Cas Studio was used.
AT90S8515
The AT90S8515 (FunCard5 card) is a low-power CMOS 8-bit microcontroller based on the AVR RISC architecture. The frequency of the microcontroller approximately is 1 MIPS per MHz, allowing optimizing power consumption versus processing speed.
The features of the AT90S8515 microcontroller are described below:
8K bytes of In-System Programmable Flash
512 bytes EEPROM
512 bytes SRAM
32 general-purpose I/O lines
32 general-purpose working registers, connected directly to the Arithmetic Logic Unit (ALU).
Flexible timer/counters with compare modes
Internal and external interrupts
A programmable serial UART, programmable Watchdog Timer with internal oscillator, an SPU serial port and two software-selectable power -saving modes.
The device is manufactured using Atmel’s high-density nonvolatile memory technology. The On-Chip In-System Programmable Flash allows the program memory to be reprogrammed In-System through an SPI serial interface or by a conventional nonvolatile memory programmer, in the project, Dynamite +Plus Programmer. By combining an enhanced RISC 8-bit CPU with In-System Programmable Flash on a monolithic chip, the Atmel AT90S8515 is a powerful microcontroller that provides a highly flexible and cost-effective solution to many embedded control applications.
More details about AT90S8515 microcontroller in the official document of Atmel, see Bibliography.
ATmega163
The ATmega163 is a low-power CMOS 8-bit microcontroller based on the AVR architecture. The frequency of the microcontroller approximately is 1 MIPS per MHz, allowing optimizing power consumption versus processing speed.
The features of the ATmega163 are described below:
16K bytes of In-System Self-Programmable Flash
512 bytes EEPROM
1024 bytes SRAM
32 general purpose I/O lines
32 general-purpose working registers, connected directly to the Arithmetic Logic Unit (ALU).
3 flexible Timer/Counters with compare modes
Internal and external interrupts
A byte oriented Two-wire Serial Interface, an 8-channel, 10-bit ADC, a programmable Watchdog Timer with internal Oscillator, a programmable serial UART, an SPI serial port, and four software selectable power saving modes.
The On-chip ISP Flash can be programmed through an SPI serial interface or a conventional programmer, in the project, Dynamite +Plus Programmer. By combining an 8-bit CPU with In-System Self-Programmable Flash on a monolithic chip, the Atmel ATmega163 is a powerful microcontroller that provides a highly flexible and cost effective solution to many embedded control applications.
More details about ATmega163 microcontroller in the official document of Atmel, see Bibliography.
PC Twin
PC Twin is a smart card reader developed by Gemalto which handles all types of ISO/IEC 7816 compatible smart cards. The main features of PC Twin are:
A transparent design to show the inserted card.
USB or Serial connection (simply by cable insertion). In the project case, an USB connection.
Modular concept with accessories: stand, floppy disk tray, to simplify logistics and inventory. Not used in the project.
Supports ISO/IEC 7816 Class A, B and C cards (5V, 3V and 1.8V).
Reads from and writes to all ISO/IEC 7816 microprocessor cards and supports the transmission protocol T=0 and T=1.
Supports memory cards using “Synchronous Card API”. Short circuit detection.
The human interface of the reader consists in a LED with one color (Green). The LED has 2 states: blinking (waiting card insertion), constant on (card reading / writing). The Cable USB reader has as maximum 1.5m long, USB 2.0 type A connector, power supply through USB port, maximum operating current: 100mA and operating voltage [4.4 – 5.5V].
The API to work with the reader is Microsoft PC/SC environment with associated drivers, CT-API and synchronous Card API for support of memory cards.
The operating systems supported are:
Windows 95OSR2, NT4.00 for PC Twin in serial mode
Windows 98, 98SE, Me, 2000, XP, Server 2003, x64 editions, Vista 32, 64 bits, Seven, Server 2008R2
Win CE 4.1, 4.2, 5.0, 6.0 (USB readers)
Linux Kernel 2.6 and higher
Mac OS X Panther, Tiger, Leopard 32 editions (USB readers)
Support for Solaris, XP embedded (USB readers)
The drivers can be downloaded from support.gemalto.com, and the guide installation for each system appears in the same website.
Dynamite +Plus Smartcard Programmer
The Dynamite +Plus is the evolution of the old Dynamite Programmer dated May 2005, developed by Duolabs. The new Dynamite +Plus is smart card programmer with a size similar as a packet of cigarettes. The Dynamite +Plus works with Cas Studio software.
The technical information about the device is described below:
Full speed USB Device at 46 MHz internal speed.
No need for external power supply. The energy is transmited by the USB cable connection.
USB 1.1/2.0 connection.
Multilanguage software.
Fully programmable flash firmware for future software updates.
The programmer supports smartcards up directly via USB. The list of OS cards supported is very long and keep on being updated and it appears in the latest version of Cas Interface Studio. The smart cards PrussianCard3/Funcard5 (AT90S8515 + 24C512) and FunCard ATmega163 (ATmega163 + 24C256) are included in the list of PIC and ATMEL AVR supported microcontrollers smartcards, but the list is very long to show and keep on being updated.
Cas Interface Studio
Cas Studio is a software specifically developed by Duolabs to use Dynamite +Plus programmer. Cas Studio can be executed in Windows 98/ME/2000/XP. The software is able to identify the smart card connected to the smart card programmer and to self-adapt to it by enabling/disabling the appropriate options.
The application needs to be connected to the smart card programmer to start to run, and when the programmer is connected, it display the serial number of the programmer. If a problem occurs or the device cannot be identified, the application displays an error code.
The applications is recognizing the device
The top panel of the window displays the menu that enables you to select the category of options you can enable. These are:
Smart card: It is enabled for the devices Cas Interface 3, Cas Interface 2 + Add-on and Dynamite +Plus. It contains the programming tools for smart cards.
Cam Module: It is enabled for the devices Cas Interface 3 and Cas Interface 2. It contains the programming options for CAMs.
Repair: It is enabled for the device Cas Interface 3 only. It contains the reparation options for CAMs.
Receiver: It is enabled for the devices Cas Interface 3 and Cas Interface 2.
Utilities: It is enabled for the devices Cas Interface 3, Cas Interface 2 + Add-on and Dynamite.
Main screen of the application
To program the PIC-based and AVR-based smart cards supported by Cas Studio, click on the button “Card Programmer”. The following dialog displays below.
There are available the operations “Read”, “Write” and “Erase” to the smart card. The smart card will be recognized automatically after inserting in the programmer.
Dialog of the Card Programmer
Upload a hex file into the smart card
At first, insert the card into the smart card connector of the Dynamite +Plus programmer and the dialog displayed has to be like the below. The smart card will be recognized automatically, if does not, click the button with the question mark to allow the smart card to be automatically identified.
Dialog of the Card Programmer with the card recognized
Select the files you wish to use for programming with the folder button, normally in the Flash memory. Click in the “Write” button. You can also specify in which part you wish to write, by clicking the side icon. In the next images appears the process of upload a hex file into the smart card.
Dialog of the Card Programmer with the file to write selected
Process of writing a file into the smart card
Process of upload a file into the smart card successfully
Installation guide
The installer file has to be downloaded from the website of Duolabs (http://www.duolabs.com) in the Download section.
Before starting the installation, the Dynamite +Plus programmer has not to be connected to the PC with a USB cable. The steps of the installation are the next.
Follow the instructions of the setup program.
Connect the Dynamite +Plus programmer with the USB cable to the PC.
Execute Cas Studio and if it is necessary, change the interface language.
Depending of the operating system, you will need to some extra actions to complete the installation:
Windows XP and older: Windows XP displays “Found New Hardware Wizard” window. Select “Install from a list or specific location”, click “Next”, select “Include this location in the search”, and then click “Browse” to open the “Browse for Folder” dialog. Search and select the c:ProgramsduolabsCas_Studioxxxdrivers folder you have created. Attention: this path may be different if you have specified a different folder during setup or if Windows is in other language. xxx stands for the release version of Cas Studio. Click OK, select “Next” and wait for the process to complete. Once the setup is completed, click “End”.
Windows Vista: The drivers are automatically recognized and installed, any action is needed.
AVR Studio 4
AVR Studio 4 is the Integrated Development Environment (IDE) for developing 8-bit AVR applications in Windows NT/2000/XP/Vista/7 environments.
AVR Studio 4 provides a complete set of features including debugger supporting run control including source and instruction-level stepping and breakpoints; registers, memory and I/O views; and target configuration and management as well as full programming support for standalone programmers.
The features of AVR Studio 4 are described below:
Integrated Assembler.
Integrated Simulator.
Integrates with GCC compiler plug-in.
Support for all Atmel tools that support the 8-bit AVR architecture, including the AVR ONE!, JTAGICE mkI, JTAGICE mkII, AVR Dragon, AVRISP, AVR ISPmkII, AVR Butterfly, STK500 and STK600.
AVR RTOS plug-in support.
AT90PWM1 and ATtiny40 support.
Command Line Interface tools updated with TPI support.
Online help.
The AVR Studio offers a source code editor, project manager, assembler/compiler interface and a debugger to develop the applications.
AVR libc
The AVR libc package is a standard library for the C language which can be used in Atmel AVR 8-bit RISC microcontroller. This library provides the basic functions to use in the C language which are necessary in the most applications, for example, to work with strings (stdio.h header file).
AVR libc can be freely used and redistributed, provided the license conditions detailed in the project web.
The list of the modules supported by the library is described below:
Bootloader support utilities.
#include <avr/io.h>
#include <avr/boot.h>
CRC computations.
#include <avr/crc16.h>
EEPROM handling
#include <avr/eeprom.h>
AVR device-specific IO definitions
#include <avr/sfr.defs.h>
Program space string utilities
#include <avr/io.h>
#include <avr/pgmspace.h>
Power management and sleep modes
#include <avr/sleep.h>
Watchdog timer handling
#include <avr/wdt.h>
Character operations
#include <ctype.h>
System errors (errno)
#include <errno.h>
Integer types
#include <inttypes.h>
Mathematics
#include <math.h>
Setjmp and Longjmp
Standard IO facilities
#include <stdio.h>
General utilities
#include <stdlib.h>
Strings
#include <string.h>
Interrupts and signals
#include <signal.h>
Special function registers
Eclipse
Eclipse is a multi-language integrated development environment with a useful extensible plug-in system. It is oriented to write Java source code, but it can be used to develop applications in other languages as C, C++, COBOL, Python, Perl, PHP,… and it offers a multiple tools with the plug-in available to install in Ecliplse.
Released under the terms of the Eclipse Public License, Eclipse is free and open source software.
Screen capture of Eclipse
Order Now