Comparison of smart card security mechanisms (1) cardos

Since smart cards started to enter people's daily lives, everyone is optimistic about the security of smart cards, but there are also many differences in the implementation of security mechanisms of smart cards in different companies. For smart card application development and Smart Card cos designers, if they can learn more about the smart card security mechanisms of different companies, they will undoubtedly help their own development process. Here, we will gradually introduce the distinctive security mechanisms in some popular Smart Card Operating Systems. Whether these security mechanisms are superior or inferior doesn't matter, this security mechanism is sufficient to meet the security requirements of the system.

 

 

First, let's look at the early cardos. cardos was designed by Siemens based on its 44c40/80 series chip. The ram size of the series chip is 256 bytes,ProgramThe space is 8 K/16 K, the data space is 4 K/8 K, and the Siemens 8051 kernel is used. Cardos in 1995 launched the 1.2 version, the main APDU command is in line with the ISO7816-4 file read and write operations, the security mechanism adopted is very flexible, At the beginning it looks a bit complex, however, the actual principle is relatively simple. Although there are almost no cardos products in the Chinese market, it is helpful to understand the early-stage smart card security mechanism.

 

 

Cardos uses half-byte as the security status, except for 0 and F, there are 14 States from 1 to E, each status corresponds to a certain security authentication operation required to reach this status and different combinations of these authentication methods. These security certifications include validation pin or C/R (challenge/response) authentication (also known as external authentication). The combination of authentication methods includes "logic and" and "logic or ".

 

 

You can define different security states for file operations and key usage. You can perform file operations or key usage only after the defined security states are met. Both DF and EF have a set of three-byte security status control characters. Each half-byte serves as an access control status identifier, file Creation, deletion, addition, read, update, and other operations.

 

 

These security states and their required authentication or combinations are all stored in a special internal file stcf (Security Test Control File) Security Authentication control file, which is a TLV (Tag Length value) structure of the record file, where the first byte is one of the 14 States 1-E as a tag, length varies according to the authentication method, the first byte in the value indicates the authentication type, it can be seen that this authentication requires PIN authentication, C/R authentication, or a combination of logic and logic or logic in several authentication statuses. For PIN authentication, you can also specify the pin in which the pin file should be used. For C/R authentication, you can also specify the key in which the key file should be used. In the cardos system, there is a bit mask mark of the security status, which is verified with different data bits. In some cases, after DF is selected, the bit mask mark in the current DF authentication status will be cleared.

 

 

The logic and logic are also very simple. For example, the "03" status indicates to authenticate 3rd pins in 2nd pin files, and the "0b" status indicates to perform C/R authentication on 1st keys in 5th key files. Then, we can define the logic or combination of States "06" to "03" and "0b", and define the logic and combination of States "07" to "03" and "0b. Assume that there are two ef01 and ef02 files. ef01 read and write security statuses are "03" and "06", and ef02 read and write security statuses are "0b" and "07" respectively ". After verifying the 3rd pin in the 2nd pin files, you can read ef01 or write ef01. After the 5th keys in the first key file are authenticated by C/R, you can also write ef01. The write operations on ef02 must meet the two authentication statuses at the same time. For ef02 reading, you only need C/R to authenticate the 1st keys of the 5th key files.

 

 

In addition to the preceding security status control mechanism, cardos also defines line protection. During file creation, the lprotf field is defined as the line protection attribute, there are two line protection modes: mac mode and encryption mode, and also define the line protection direction, that is, from the card to the terminal and from the terminal to the card. The keys used for line protection can only be stored in the SKF (system key file) system key file.

 

 

Several default EF file identifiers are defined in cardos, which are: 0000 = recognition binary file, 0001 = stcf record file, and 0002 = pin record file, 0003 = SKF system key record file, 0004 = RSF random number seed binary file. Cardos supports a maximum of six layers of DF file structures. You can select files by file name, file ID, and file path.

Reprinted from [cattle blog]: http://smarticcard.blog.sohu.com/