University of London

Small Navigation Menu

Primary Menu

Smart cards/tokens security and applications

IYM012

This module will provide an overview of smart cards/tokens and their properties.

This module will:

  • Introduce various applications that exploit smart cards/tokens
  • Examine benefits, threats and attacks
  • Consider systems for the development, manufacture and management of smart cards/tokens
  • Review smart card standards and security evaluation methodologies.

Topics covered

  • An introduction to smart cards
  • Smart Cards Trusted Production Environment
  • Introduction to IoT (Internet of Things)
  • An Overview of Multi-Application Smart Card Operating Systems and Platforms
  • Smart Cards for Secure Banking and Finance
  • Applications & Security for Mobile Communications, USIM/SIM and Services
  • ID Cards and Passports
  • RFID/NFCs Explained
  • Advances in Chipcard Technology
  • Security For Video Broadcasting
  • Evaluating Smart Card Security with the Common Criteria
  • Security Attacks, Countermeasures and Testing for Smart Cards
  • Application Development Environments for Multos
  • Overview of Trusted Platform
  • Introduction to TEE and Related Processors

Learning outcomes

If you complete the course successfully, you should be able to:

  • Identify constituent components, analyse strengths and weaknesses and identify new applications of smart cards
  • Identify the steps in the manufacturing/personalisation processes, analyse and evaluate potential risks and compare security safeguards
  • Identify and compare the systems in use, analyse the strengths and weaknesses and evaluate interoperability and security issues
  • Analyse the range of capabilities of SIM/USIM cards and RFID tokens, and apply them to new service ideas, evaluate the possible range of services and security measures
  • Understand the main standards and applications of smart cards for banking and finance, compare with earlier card solutions and analyse strengths and weaknesses of approaches
  • Analyse the key role of the smart card for passports, IDs and satellite TV, evaluate the security measures that have protected past and current cards
  • Identify and describe "new" technologies, including Trusted Platform Modules (TPMs), Trusted Execution Environments (TEE), Host Card Emulation (HCE), Internet-of-Things (IoT) and apply them to new applications and evaluate the likely suitability/success of approach
  • Explain how Common Criteria may affect smart card design/development, analyse the different approaches and compare with less formal methods
  • Identify and describe the classes of attack and notable methods within each class, analyse countermeasures and evaluate practicality of attacks
  • Identify, compare and evaluate different methods of developing applications for smart cards, and understand the development cycle and the use of practical tools for different technologies like Java Card, Multos, etc.
  • Analyse the issues concerning smart card lifestyle management, and evaluate and compare methods of local and remote card management
  • Analyse the differences and similarities of the main multi-application smart card platforms and operating systems.

Assessment

This module is assessed by a two hour unseen written examination.

Essential reading

  • Smart Cards, Tokens, Security and Applications (K.Mayes, K.Markantonakis) Springer, Science & Business Media-2008