IoT Security
Spring 2024
Karel Slavicek
Vaclav Oujezsky
Bacem Mbarek
Tomas Pitner
Outline
●
Smart cards
●
History
●
Protocols
●
Utilization
●
Hardware
Smart card types
●
Memory cards
●
Crypto cards
●
Contact cards
●
Contactless cards
Contact smart cards
●
SIM (Subscriber Identity Module)
●
Bank cards
●
Pre-payed telephone cards
Contact smart cards
●
Standards ISO/IEC 7816:
●
ISO 7816-1 - Physical characteristics: dimesions, thicness,
flexibility, ...
●
ISO 7816-2 – chip and contacts locations, …
●
ISO 7816-3 – Electrics parameters: volatage, current, …
●
ISO 7816-4 – communication protocol,
APDU, …
APDU
●
Application Protocol Data Unit
●
CLA – Instruction class: 0x00 standard, 0x08 proprietary
●
INS – Instruction code
●
P1, P2 – Instruction parameters
●
Lc – Instruction data length
●
Le – Expected response data length
●
DATA – Data
●
SW1, SW2 – Return codes
Contactless smart cards
●
ISO/IEC 14443:
●
ISO/IEC 14443-1:2018 Part 1: Physical characteristic
●
ISO/IEC 14443-2:2020 Part 2: Radio frequency power and
signal interface
●
ISO/IEC 14443-3:2018 Part 3: Initialization and anticollision
●
ISO/IEC 14443-4:2018 Part 4: Transmission protocol
●
ISO/IEC 15693 for longer distances
Contactless smart cards
●
RFID (Radio Frequency Identification)
●
Arbitrary frequency and distance
●
Low Frequency = 125 kHz – original RFID
●
High Frequency = 13.56 MHz – NFC - proximity
●
Ultra High Frequency = 868 MHz + 2.4 GHz – industrial
applications
Smart card – data organization
●
Sectors of 4 Blocks
●
Each block = 16 bytes
●
Number of blocks according to memory size
●
First block: Manufacturer data
●
4B / 7B UID
●
Rest of block proprietary
●
Read only
Smart card – data organization
Smart card – data organization
●
MIFARE Classic EV1:
●
read/write block
●
Value block
●
Value Block (1 and 2 in sector 0, 0-3 otherwise)
●
4 Byte value, stored 3 times, once complementary
●
Address 1-Byte, stored 4 times
Smart card – data organization
●
Trailer block
●
Access Bits:
Smart card – Memory operations
Operati
on
Description Block type
Read reads one memory block read/write, value,
and sector trailer
Write writes one memory block read/write, value,
and sector trailer
Increment increments the contents of a block and stores
the result in the internal Transfer Buffer
value
Decrement increments the contents of a block and stores
the result in the internal Transfer Buffer
value
Transfer writes the contents of the internal
Transfer Buffer to a block
read/write, value
Restore reads the contents of a block into the value
Hardware
●
Main smart cards manufacturer: NXP
●
MIFARE
●
NTAG213/215/216
●
Main card readers manufacturer: NXP
●
RC522 (MFRC522)
●
PN532
MIFARE
●
MIFARE Classic - Proprietary protocol compliant with ISO/IEC 14443 1-3 Type A, NXP proprietary security
protocol Crypto1
Subtypes: MIFARE Classic EV1
●
MIFARE Plus - Replacement for MIFARE Classic with cAES-128 based security, backwards compatible with
MIFARE Classic.
Subtypes: MIFARE Plus S, MIFARE Plus X, MIFARE Plus SE and MIFARE Plus EV2.
●
MIFARE Ultralight - Low-cost solution for high volume applications (public transport, loyalty cards, event
ticketing)
Subtypes: MIFARE Ultralight C, MIFARE Ultralight EV1, MIFARE Ultralight Nano and MIFARE Ultralight AES.
●
MIFARE DESFire - Compliant with parts 3 and 4 of ISO/IEC 14443-4 Type A. Mask-ROM operating system from
NXP.
Subtypes: MIFARE DESFire EV1, MIFARE DESFire EV2, MIFARE DESFire EV3 and MIFARE DESFire Light.
MIFARE Competitors
●
HID Global :
●
iCLASS
●
MIFARE DESFire EV3
●
HITAG
●
SONY :
●
FeliCa – mainly in Japan
Thank for your attention!
Questions and comments?