smart cards

by Scott Guthery
<gutherys@certco.com>

Scott Guthery leads the cryptographic device project at CertCo. He has published articles in number theory and programming languages, and is the co-author with Tim Jurgensen of Smart Card Developer's Kit.

Introduction

"This is the year smart cards take off." We've been hearing this for more than five years. Are smart cards like monorails ­ always in the future ­ or will they break out of their cloaked-in-secrecy backwaters and become another ubiquitous computing platform?

The initial application of smart cards was to add a second factor to credit and debit card authentication. Merely having the cardholder enter a PIN to activate the card reduced fraud by an order of magnitude and more than paid for the card and the infrastructure needed to support it. The use of the card as a portable data store with active and programmable security has since been extended to a host of loyalty, ticketing, network identity, expense accounting, personal preference, physical access, and electronic commerce applications. Today's off-the-shelf smart cards can generate and store symmetric and asymmetric keys, do cryptographic calculations, and be programmed in high-level languages. A smart card is an easy-to-carry, tamper-resistant computer without peripherals that has been largely overlooked as a general-purpose computing and application-delivery platform.

Smart Card Hardware

Smart cards were invented in 1967 by two German engineers, Jürgen Dethloff and Helmut Gröttrupp. Initial smart card chips were custom ICs, primarily memory-only devices, but as the need for general-purpose programmability emerged, the industry converted to smart card versions of commodity 8-bit microcontroller cores (e.g., the Motorola 6805, the Intel 8051, the Texas Instruments 370, and the Hitachi H8). Single-chip smart card processors based on these cores are made by almost all the large silicon foundries, including Siemens, Philips, Motorola, Texas Instruments, Hitachi, Toshiba, and SGS Thomson.

Eight-bit microcontroller cores have been popular because of their low price, reliability, and suitability for the task at hand. In addition to an 8-bit microcontroller, a middle-of-the-road smart card chip will contain 256 bytes of RAM, 8K bytes of nonvolatile memory (typically EEPROM), and 20K bytes of ROM. The real estate ratio for these three kinds of memory is roughly 1:4:8, so with a fixed die-size ­ 25 sq mm is the current maximum ­ many alternative memory configurations are available on the market. Furthermore, with the emerging need to do "bignum" cryptographic calculations, most manufacturers are offering chips with modular arithmetic co-processors that can both generate and compute with large cryptographic keys.

Smart card chips are used as capacity fillers on aging fab lines and as late-life kickers for proven, if dated, chip designs. Smart card chip design innovation has concentrated on security features rather than on more familiar speed, functionality, and capacity features. Hardware properties of smart card chips that contribute to their tamper resistance include non-linear memory layout, scrambled runs, dummy circuits, passivation layers, temperature, clock and voltage out-of-bounds sensors, fused test circuits, address lock-outs, and EEPROM bulk-erase detection.

The recent reconceptualization of the smart card as a general-purpose computing platform rather than as simply a secure counter keeper has caused some smart card chip manufacturers to put the smart card chip on a more classical processor evolution trajectory. One can expect to see smart card chips in experimental quantities with 32-bit processors, unified memory systems, memory management features, and full-duplex communication in the next 12 to 18 months. Multiple-chip smart cards are also being considered once again.

A smart card reader is necessary to do anything useful with a smart card. The inclusion of smart card support in the next releases of Windows will encourage the provision of a smart card reader as standard equipment on Wintel computers. Reader drivers for UNIX are harder to come by. A serial port smart card reader that can be used on any computer system retails for about $50. Smart card readers are being built into modems, keyboards, PCM/GSM cellular telephones, and WebTVs. A smart card industry specification for an operating system infrastructure for smart cards called PC/SC is available at <www.smartcardsys.com>.

The Smart Card Marketplace

For the last 30 years, smart card technology has at least to some extent been deliberately held off the general computer marketplace by European governments because of their "security through obscurity" security policies. While smart cards delivered stunning cost savings and fraud reductions to European telephone and banking systems, the restricted access to information and development tools kept them off the screens of free-market information technology businesses. One of the greatest, if irrational, fears of the smart card industry is that rogue cards which will erode the public's faith in the security (not to say sanctity) of the card will be created. Better to constrain the market to a small club of proven good guys than to open it up and have to deal with a loose cannon. Ross Anderson, among others, has noted that this policy could be interpreted as a tacit admission of weaknesses in existing systems and probably does more than the occasional hacker incident to slow the growth of trust in smart cards.

But just as the needs of the Web opened up public discussion of cryptography, so they also cause light to be shined into the secret corners of smart card technology. Furthermore, to develop a business case against magnetic stripe and high-capacity memory cards on one side and personal data devices such as pagers, cell phones, PDAs, and palm computers on the other, the smart card would have had to become a multiapplication platform with lots of available applications. This was not going to happen if the world's smart card programmers were locked in the basements of the smart card manufacturers and innovation was paced by government bureaucracies.

A smart card is a cheap, portable, tamper-resistant store of information with a modest, secure computing capability. Unlike a memory card, it can compute in private, and unlike a cell phone, you can carry five or six of them in your wallet or purse and even afford to lose one occasionally. We don't know whether the smart card's design point represents a viable and stable long-run computing platform plateau, whether its trade-off of features is taken up by the public at large, or whether its balance of requirements serves anything more than a niche of special applications. The designers of distributed computing systems have their work cut out for them as they push the network off the desktop and onto the street, and the smart card is at least as street-wise as its technology competitors.

Smart Card Software

It is useful to differentiate between software written to use a smart card (reader-side) and software written to run on a smart card (card-side). Both kinds of smart card software share a common attitude, however: by default, trust nobody. Much of smart card programming has to do with making sure the other party is who it claims to be and convincing the other party that you are who you claim to be. Beyond the management of bona fides, the actual data processing done by a smart card is relatively mundane.

Reader-side software integrates the capabilities of off-the-shelf and standards-conforming smart cards into larger distributed systems. Besides slightly more elaborate handshake and message protocols, dealing with a smart card is little different from the host side than dealing with any other network node. Card communication is master/slave so that a remote procedure call metaphor is a useful and familiar computational model for reader-side smart card programming. Things can get a little more interesting if one is dealing with multiple cards simultaneously and mediating card-to-card transactions, but this is actually little different than database-to-database traffic.

Card-side programming is a completely different kettle of fish and a strange world for programmers raised on computational resources whose measurements all start with "mega."

Perhaps the most challenging constraint is the limited amount of RAM ­ 128 bytes in low-end chips to 762 bytes in high-end chips. Years of training about information hiding and carefully taught aversions to aliasing have to be overcome to squeeze the last bit of functionality out of the chip while making sure that your volatiles aren't smashed by a routine you call or a routine it calls. The EQUIVALENCE and COMMON constructs of Fortran are alive and well in dealing with RAM in card-side software. Fortunately, the compilers and assemblers used in card-side programming offer considerable help in efficiently managing the RAM resource.

Other features of card-side programming that are unfamiliar to the point-and-click programmer are the facts that it takes a noticeable amount of time (3 to 10 ms) to write to nonvolatile memory, that smart card memory wears out (after 10,000 to 100,000 writes), and that power can be removed at any moment. This latter phenomenon is called tearing, and it happens when the cardholder removes the card from its life-support at the exact moment your program started to update the contents of the electronic purse. Interestingly, the state of the memory may be something completely different than the value either before or after your update when next your program runs, and you may discover that values you weren't updating have also changed. With regards to memory write time, keep in mind that your user is standing in the rain at an ATM machine or trying to check out during the Saturday morning rush at the grocery store. There is little patience available to wait for your program to inherit the banking system object.

Card-side software must be constructed to strengthen and enhance the overall security story of the smart card. This means programming to explicitly exclude certain behavior while explicitly enabling other behavior. Making sure a program does not do something turns out to be at least as difficult as ensuring it does do something else. Testing for the absence of a capability, for example, requires a different approach than testing for its presence.

Finally, those features of a smart card that make it tamper-resistant are exactly what have historically made it difficult to program; a hacker and a card-side program developer look an awfully lot alike to both the smart card and to the smart card industry. In 1996, MAOSCO and Schlumberger radically altered the card-side programming landscape by launching smart cards for which card-side software could be written in C and a Java dialect, respectively, and run in a secure multiapplication environment on the card.

Summary

Several marketplace forces are at work to open the smart card as a general-purpose computing platform. There are also forces at work to keep it closed and proprietary. Information is becoming more accessible, and it is now possible to seriously consider a smart card as a component in a distributed computing system. Books on smart card hardware, smart card software, and smart card business opportunities are availalble. Smart Card Developer's Kit, not incidentally by Tim Jurgensen and me, includes a smart card that can be used to familiarize yourself with this unique little pocket computer. More information is available at <www.scdk.com>.