Smart cards/tokens security and applications

IYM012

This module will provide an overview of smart cards/tokens and their properties.

This module will:

  • introduce various applications that exploit smart cards/tokens.
  • examine benefits, threats and attacks.
  • consider systems for the development, manufacture and management of smart cards/tokens.
  • review smart card standards and security evaluation methodologies.

Topics covered:

  • An introduction to smart cards
  • Smart Cards Trusted Production Environment
  • Introduction to IoT (Internet of Things)
  • An Overview of Multi-Application Smart Card Operating Systems and Platforms
  • Smart Cards for Secure Banking and Finance
  • Applications & Security for Mobile Communications, USIM/SIM and Services
  • ID Cards and Passports
  • RFID/NFCs Explained
  • Advances in Chipcard Technology
  • Security For Video Broadcasting
  • Evaluating Smart Card Security with the Common Criteria
  • Security Attacks, Countermeasures and Testing for Smart Cards
  • Application Development Environments for Multos
  • Overview of Trusted Platform
  • Introduction to TEE and Related Processors

Learning outcomes:

If you complete the module successfully, you should be able to:

  • identify constituent components, analyse strengths and weaknesses and identify new applications of smart cards.
  • identify the steps in the manufacturing/personalisation processes, analyse and evaluate potential risks and compare security safeguards.
  • identify and compare the systems in use, analyse the strengths and weaknesses and evaluate interoperability and security issues.
  • analyse the range of capabilities of SIM/USIM cards and RFID tokens, and apply them to new service ideas, evaluate the possible range of services and security measures.
  • understand the main standards and applications of smart cards for banking and finance, compare with earlier card solutions and analyse strengths and weaknesses of approaches.
  • analyse the key role of the smart card for passports, IDs and satellite TV, evaluate the security measures that have protected past and current cards.
  • identify and describe "new" technologies, including Trusted Platform Modules (TPMs), Trusted Execution Environments (TEE), Host Card Emulation (HCE), Internet-of-Things (IoT) and apply them to new applications and evaluate the likely suitability/success of approach.
  • explain how Common Criteria may affect smart card design/development, analyse the different approaches and compare with less formal methods.
  • identify and describe the classes of attack and notable methods within each class, analyse countermeasures and evaluate practicality of attacks.
  • identify, compare and evaluate different methods of developing applications for smart cards, and understand the development cycle and the use of practical tools for different technologies like Java Card, Multos, etc.
  • analyse the issues concerning smart card lifestyle management, and evaluate and compare methods of local and remote card management.
  • analyse the differences and similarities of the main multi-application smart card platforms and operating systems.

Assessment

This module is assessed by a two-hour unseen written examination.

Essential reading

  • Smart Cards, Tokens, Security and Applications (K.Mayes, K.Markantonakis) Springer, Science & Business Media-2008