karppinen - PStoPDF trial version. http:/www.adultpdf.com...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Attacks related to the smart card used in electronic payment and cash cards Lauri Karppinen Laboratory of Telecommunications Software and Multimedia Helsinki University of Technology lka@iki.fi Abstract A cash card is a small computer with a stored value representing cash or a set of digital cash units embedded into a small chip wrapped in plastic which is intended to be used like cash. In addition to traditional computer exploits these cards are also open for a wide range of new interesting attack possibilities against which there are no fully proof counter-measures. 1 Introduction Science fiction novels have for a long time intruduced us to the consept of cash chips and digital credit systems. Venerable physical cash has nevertheless endured to this day and is looking as strong as it did 500 years ago. Cash is simple, cash is universal and it works, which is a concept not very often appli- cable to computers. Achieving the same level of robustness, universality, anonymity and ultimately trust as cash is not an easy task but in order to replace cash smart cards must not only achieve this but also offer something that cash cannot. That something could be added convenience and lowered operating costs. This paper takes a quick peek at the robustness of current IC (Integrated Circuit)-cards, such as Mondex cards and cards used at Finnish universities and offers an overview on a range of attacks used against such card systems. 1.1 Terminology Smart card A smart card is a often credit-card sized plastic card embedded with an in- tegrated circuit chip which allows a vast amount of data to be stored on the card. An onboard microprocessor allows data to be accessed and processed on-chip. An internal module connects the IC chip into a card reader. Cardholder The cardholder is the person who physically has the smart card and the se- crets needed to use it. 1 PStoPDF trial version. http://www.adultpdf.com
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
HUT TML 2000 Tik-110.501 Seminar on Network Security Data owner is the entity (for example a bank or digital cash issuer) who owns the data embedded on the card. Terminal Terminal is the device used to access and manipulate the information on smart card eg. ATM machine, in-store digital cash register or a smart card reader equipped PC. Card issuer Card issuer originally issued the card and controls the OS running on the card as well as the initial data on the card. Electronic money Electronic money in this paper [18] refers to abstract units of tokens which represent single units of currency. They use cryptographic algorithms to en- sure uniqueness and to hamper cloning. Electronic money can be stored on a smart card but is not dependant on any physical media. 2 Benefits of cash/smard cards a.k.a. Why bother? Smart card technology offers numerous benefits all-around the information society. In the
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/02/2011 for the course SECURITY 2354 taught by Professor Morganjones during the Spring '11 term at Ucla Venezuela.

Page1 / 11

karppinen - PStoPDF trial version. http:/www.adultpdf.com...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online