5
1
9783319844121
Introduction 1
What is a Smart Card? 2
Magnetic Stripe Cards 2
Chip Cards 5
Microprocessor Chip Cards 6
Contact-less Smart Cards and RFIDs 6
Smart Tokens 7
Smart Card Chips 8
Tamper Resistance 11
Smart Card Characteristics 12
Issuer Control 13
Current Applications for Smart Cards 14
Mobile Telephony 15
Banking 17
Transport 17
Identity and Passports 18
Entitlement and Health 18
Physical and IT Access Control 19
Satellite TV 20
Smart Card Application Development 20
Development, Roll-Out and Lifecycle Management Issues 22
In Conclusion 23
References 24
Smart Card Production Environment Claus Ebner 27
Introduction 27
Smart Card Production Steps 29
Overview 29
Card Body Manufacturing 29
Personalization andrelated Services 35
Security and Quality 44
Current Trends 46
In Conclusion 48
References 50
Multi Application Smart Card Platforms and Operating Systems Konstantinos Markantonakis 51
Introduction 51
Smart card Platform Evolution 52
Java Card 55
Java Card Forum 55
Java Card Technology 56
GlobalPlatform 64
The GlobalPlatform Association 64
The GlobalPlatform Card Specification 65
Multos 72
The MULTOS Consortium 72
MULTOS Specification 73
The Multos Card Architecture 73
Multos Executable Language (MEL) 73
The Application Abstract Machine 75
Application Loading and Deletion 75
Communicating with a Multos Smart Card 76
Multos Files 76
Multos Security Features 76
Smartcard.NET Card 77
BasicCard 78
WfSC 78
Conclusions 79
References 80
Smart Cards for Mobile Communications Keith Mayes Tim Evans 85
Introduction 85
SIM/USIM Standards 87
Subscriber Identity and Authentication 89
So how does SIM Authentication Work? 91
3G/USIM Authentication/Ciphering 92
SIM/USIM Authentication Algorithms 96
General Added Features 97
Phone Book 97
Roaming list 98
SMS Settings and Storage 98
Last Dialled numbers 99
Access Control Class 99
GPRS Authentication and encryption files 99
File Types 99
SIMs and USIMs Some Practical Comparisons 100
(U)SIM Value Added Services 103
The (U)SIM as a Handset Security Module 107
The Future Evolution of the (U)SIM 108
Conclusions 111
References 112
Smart cards for Banking and Finance Konstantinos Markantonakis Keith Mayes 115
Introduction 115
Payment Card Technologies 116
Magnetic Stripe Cards 118
Smart Cards and EMV 120
Card Authentication 121
Cardholder Not Present Transactions 125
Purchase from a Genuine Merchant Using Someone Else's Payment Details 126
Genuine Purchaser Buying from a Rogue Merchant 126
Third Party Attacker 127
Dynamic Passcode Authentication 128
Could a Mobile Phone be a Token Reader? 131
Token Authentication Examples 132
E-Commerce Solutions 133
3D-Secure 133
Thoughts on 3D Secure 136
Just Wave Your Card to Pay 136
Concluding Remarks 137
References 137
Security For Video Broadcasting Allan Tomlinson 139
Introduction 139
Digital Video Basics 141
Scrambling 142
Synchronisation 143
Key Delivery 144
Access Requirements 145
Key Hierarchy 146
Implementation 147
In Conclusion 152
References 153
Introduction to the TPM Allan Tomlinson 155
Introduction 155
Trusted Platforms 156
Fundamental Features of a Trusted Platform 157
Additional Features 159
TPM Features 160
TPM Components 160
I/O Block 160
Non-Volatile Storage 161
Attestation Identity Keys 162
Platform Configuration Registers 163
Programme Code 163
Execution Engine 163
Random Number Generator 164
SHA-1 Engine 164
RSA Key Generation 164
RSA Engine 165
Opt-In 165
Other Features 167
TPM Services 167
Roots of Trust 167
Boot Process 168
Secure Storage 168
Attestation 169
In Conclusion 171
References 171
Common Criteria John Tierney 173
Introduction 173
Evolution of National and International Standards 174
International Recognition 175
The need for security benchmarks 176
Evaluation Practicalities 177
Types of evaluation 178
Evaluation Assurance Levels 179
Augmentation of Assurance Levels 179
Evaluation Roles 180
Performing Evaluations 181
Developing Protection Profiles and Security Targets 182
Establish the security environment 182
Establish Security Objectives 183
Establish Security Requirements 183
Establish TOE Summary Specification 184
Establish Rationale 184
Claiming Compliance with Protection Profiles 185
An Example 185
Establish the Security Environment 186
Establish security objectives 186
Establish Security Requirements 187
Establish TOE summary specification 188
Establish Rationale 189
Deliverables 189
Evaluation Composition 190
In Conclusion 192
References 193
Smart Card Security Michael Tunstall 195
Introduction 195
Cryptographic Algorithms 197
Data Encryption Standard 197
RSA 199
Smart Card Security Features 202
Communication 202
Cryptographic Coprocessors 203
Random Number Generators 204
Anomaly Sensors 205
Chip Features 205
Side Channel Analysis 207
Timing Analysis 207
Power Analysis 208
Electromagnetic Analysis 213
Countermeasures 214
Fault Analysis 216
Fault Injection Mechanisms 217
Modelling the Effect of a Fault 218
Faults in Cryptographic Algorithms 218
Countermeasures 221
Embedded Software Design 222
PIN Verification 222
File Access 224
In Conclusion 225
References 225
Application Development Environments for Java and SIM Toolkit Gary Waite Keith Mayes 229
Introduction 229
Smart Cards Characteristics 230
Limitations 231
SIM Cards 232
Java Card 233
The Java Card Framework 235
Java SIM 238
sim.toolkit 239
sim.access 242
Application Development Tools 243
Compilers & Integrated Development Environments 243
Simulators 244
Protocol Analysis (Spy) Tools 245
Utilities 246
Mobile Phone Applications and the (U)SIM 247
SATSA 248
A Word on Testing 250
SIM Dongle Example 251
Looking To The Future 253
Concluding Remarks 253
References 254
OTA and Secure SIM Lifecycle Management Joos Cadonau 257
Introduction 258
The SIM Card As A Managed Platform 258
Common Stored and Managed Data 259
SIM Application Toolkit Interface SAT 260
Main Differences Between a SIM and a UICC/USIM Card 264
OTA - Over-The-Air Management 265
OTA Server Capabilities 267
Limitations and Improvements 268
Customer Managed Applications 270
SIM Lifecycle Management 271
In Conclusion 274
References 275
Smart Card Reader APIS Damien Sauveron 277
Terminology: Smart Card Reader, IFD, CAD and Terminal 277
OCF: OpenCard Framework 279
Overview 279
Example 281
PC/SC 282
Overview 282
Architecture 282
Various Implementations 285
Wrappers 288
Examples 289
STIP 291
In Conclusion 291
References 292
RFID and Contactless Technology Gerhard P. Hancke 295
Introduction 295
Contactless Technology 296
Applications 299
Radio Frequency Interface 301
Communication Theory 302
Inductive Coupling 305
Standards 311
ISO 14443 311
ISO 15693 317
ISO 18000 319
ISO 18092/NFC 320
Conclusion 321
References 321
ID CARDS AND PASSPORTS Ingo Liersch 323
Introduction 323
ID Cards 324
Requirements and Constituents of Modern National ID Cards 324
International Standards for ID Cards 331
Optical Personalisation of ID Cards 333
Countries and Their ID Cards 337
E-Passports 339
Introduction 339
Constituents of Passports 341
EU and ICAO Requirements 343
Security Protocols 344
Conclusion 345
References 345
Smart Card Technology Trends Chris Shire 347
Trends In Smart Card Technology - Today And The Future 347
History 348
Technology Choices 351
Technology Drivers 355
Technology Trends 364
Emerging Applications 370
Conclusions 376
References 377
Source Code for Chapter 12 381
C Language 381
Perl Language 385
Index 387
Smart Cards, Tokens, Security and Applications / Edition 2 available in Hardcover, Paperback, eBook
Smart Cards, Tokens, Security and Applications / Edition 2
by Keith Mayes, Konstantinos Markantonakis
Keith Mayes
- ISBN-10:
- 3319844121
- ISBN-13:
- 9783319844121
- Pub. Date:
- 07/27/2018
- Publisher:
- Springer International Publishing
- ISBN-10:
- 3319844121
- ISBN-13:
- 9783319844121
- Pub. Date:
- 07/27/2018
- Publisher:
- Springer International Publishing
Smart Cards, Tokens, Security and Applications / Edition 2
by Keith Mayes, Konstantinos Markantonakis
Keith Mayes
$89.99
Current price is , Original price is $89.99. You
Buy New
$89.99
$89.99
89.99
In Stock
Overview
This book provides a broad overview of the many card systems and solutions that are in practical use today. This new edition adds content on RFIDs, embedded security, attacks and countermeasures, security evaluation, javacards, banking or payment cards, identity cards and passports, mobile systems security, and security management. A step-by-step approach educates the reader in card types, production, operating systems, commercial applications, new technologies, security design, attacks, application development, deployment and lifecycle management. By the end of the book the reader should be able to play an educated role in a smart card related project, even to programming a card application. This book is designed as a textbook for graduate level students in computer science. It is also as an invaluable post-graduate level reference for professionals and researchers. This volume offers insight into benefits and pitfalls of diverseindustry, government, financial and logistics aspects while providing a sufficient level of technical detail to support technologists, information security specialists, engineers and researchers.
Product Details
| ISBN-13: | 9783319844121 |
|---|---|
| Publisher: | Springer International Publishing |
| Publication date: | 07/27/2018 |
| Edition description: | Softcover reprint of the original 2nd ed. 2017 |
| Pages: | 531 |
| Product dimensions: | 6.10(w) x 9.25(h) x (d) |
About the Author
Prof. Keith Mayes, B.Sc., Ph.D. CEng FIET A. Inst. ISP is the Director of the Information Security Group (ISG), and Head of the School of Mathematics and Information Security at Royal Holloway, University of London, which has been pioneering information/cybersecurity research and education since 1990. He is an active researcher/author with 100+ publications in numerous conferences, books and journals. His current research interests are diverse, including mobile communications, Near-Field Communication (NFC), mobile platform security, smart cards, Radio Frequency IDs (RFIDS), the Internet of Things, transport ticketing/system security, embedded systems and e-commerce. Keith joined the ISG in 2002, originally as the founder Director of the ISG Smart Card Centre, following a career in industry working for Pye TVT, Honeywell Aerospace and Defence, Racal Research and Vodafone. Keith is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology, a Founder Associate Member of the Institute of Information Security Professionals, a Member of the Licensing Executives Society and an experienced company director and consultant.
Prof. Konstantinos Markantonakis B.Sc., M.Sc., MBA, Ph.D. (London) received his B.Sc. in Computer Science from Lancaster University in 1995, his M.Sc. in Information Security in 1996, his Ph.D. in 2000 and his MBA in International Management in 2005 from Royal Holloway, University of London. He is currently a Professor of Information Security in the Information Security Group in Royal Holloway, University of London. He is also the Director of the Information Security Group Smart Card Centre (SCC). His main research interests include smart card security and applications, secure cryptographic prool design, key management, embedded system security and trusted execution environments, mobile phone operating systems/platform security, NFC/RFID/HCE security, grouping proofs, electronic voting prools. He has published more than 140 papers in international conferences and journals. Since completing his Ph.D., he has worked as an independent consultant in a number of information security and smart card related projects. He has worked as multiapplication smart card manager in VISA International EU and as a Senior Information Security Consultant for Steer Davies Gleave. He is a member of the IFIP Working Group 8.8 on Smart Cards. Since June 2014, he is the vice-chair of IFIP WG 11.2 Pervasive Systems Security. He continues to act as a consultant on a variety of topics including smart card security, key management, information security prools, mobile devices, smart card migration program planning/project management for financial institutions, transport operators and technology integrators.
Prof. Konstantinos Markantonakis B.Sc., M.Sc., MBA, Ph.D. (London) received his B.Sc. in Computer Science from Lancaster University in 1995, his M.Sc. in Information Security in 1996, his Ph.D. in 2000 and his MBA in International Management in 2005 from Royal Holloway, University of London. He is currently a Professor of Information Security in the Information Security Group in Royal Holloway, University of London. He is also the Director of the Information Security Group Smart Card Centre (SCC). His main research interests include smart card security and applications, secure cryptographic prool design, key management, embedded system security and trusted execution environments, mobile phone operating systems/platform security, NFC/RFID/HCE security, grouping proofs, electronic voting prools. He has published more than 140 papers in international conferences and journals. Since completing his Ph.D., he has worked as an independent consultant in a number of information security and smart card related projects. He has worked as multiapplication smart card manager in VISA International EU and as a Senior Information Security Consultant for Steer Davies Gleave. He is a member of the IFIP Working Group 8.8 on Smart Cards. Since June 2014, he is the vice-chair of IFIP WG 11.2 Pervasive Systems Security. He continues to act as a consultant on a variety of topics including smart card security, key management, information security prools, mobile devices, smart card migration program planning/project management for financial institutions, transport operators and technology integrators.
Table of Contents
An Introduction to Smart Cards Keith Mayes 1Introduction 1
What is a Smart Card? 2
Magnetic Stripe Cards 2
Chip Cards 5
Microprocessor Chip Cards 6
Contact-less Smart Cards and RFIDs 6
Smart Tokens 7
Smart Card Chips 8
Tamper Resistance 11
Smart Card Characteristics 12
Issuer Control 13
Current Applications for Smart Cards 14
Mobile Telephony 15
Banking 17
Transport 17
Identity and Passports 18
Entitlement and Health 18
Physical and IT Access Control 19
Satellite TV 20
Smart Card Application Development 20
Development, Roll-Out and Lifecycle Management Issues 22
In Conclusion 23
References 24
Smart Card Production Environment Claus Ebner 27
Introduction 27
Smart Card Production Steps 29
Overview 29
Card Body Manufacturing 29
Personalization andrelated Services 35
Security and Quality 44
Current Trends 46
In Conclusion 48
References 50
Multi Application Smart Card Platforms and Operating Systems Konstantinos Markantonakis 51
Introduction 51
Smart card Platform Evolution 52
Java Card 55
Java Card Forum 55
Java Card Technology 56
GlobalPlatform 64
The GlobalPlatform Association 64
The GlobalPlatform Card Specification 65
Multos 72
The MULTOS Consortium 72
MULTOS Specification 73
The Multos Card Architecture 73
Multos Executable Language (MEL) 73
The Application Abstract Machine 75
Application Loading and Deletion 75
Communicating with a Multos Smart Card 76
Multos Files 76
Multos Security Features 76
Smartcard.NET Card 77
BasicCard 78
WfSC 78
Conclusions 79
References 80
Smart Cards for Mobile Communications Keith Mayes Tim Evans 85
Introduction 85
SIM/USIM Standards 87
Subscriber Identity and Authentication 89
So how does SIM Authentication Work? 91
3G/USIM Authentication/Ciphering 92
SIM/USIM Authentication Algorithms 96
General Added Features 97
Phone Book 97
Roaming list 98
SMS Settings and Storage 98
Last Dialled numbers 99
Access Control Class 99
GPRS Authentication and encryption files 99
File Types 99
SIMs and USIMs Some Practical Comparisons 100
(U)SIM Value Added Services 103
The (U)SIM as a Handset Security Module 107
The Future Evolution of the (U)SIM 108
Conclusions 111
References 112
Smart cards for Banking and Finance Konstantinos Markantonakis Keith Mayes 115
Introduction 115
Payment Card Technologies 116
Magnetic Stripe Cards 118
Smart Cards and EMV 120
Card Authentication 121
Cardholder Not Present Transactions 125
Purchase from a Genuine Merchant Using Someone Else's Payment Details 126
Genuine Purchaser Buying from a Rogue Merchant 126
Third Party Attacker 127
Dynamic Passcode Authentication 128
Could a Mobile Phone be a Token Reader? 131
Token Authentication Examples 132
E-Commerce Solutions 133
3D-Secure 133
Thoughts on 3D Secure 136
Just Wave Your Card to Pay 136
Concluding Remarks 137
References 137
Security For Video Broadcasting Allan Tomlinson 139
Introduction 139
Digital Video Basics 141
Scrambling 142
Synchronisation 143
Key Delivery 144
Access Requirements 145
Key Hierarchy 146
Implementation 147
In Conclusion 152
References 153
Introduction to the TPM Allan Tomlinson 155
Introduction 155
Trusted Platforms 156
Fundamental Features of a Trusted Platform 157
Additional Features 159
TPM Features 160
TPM Components 160
I/O Block 160
Non-Volatile Storage 161
Attestation Identity Keys 162
Platform Configuration Registers 163
Programme Code 163
Execution Engine 163
Random Number Generator 164
SHA-1 Engine 164
RSA Key Generation 164
RSA Engine 165
Opt-In 165
Other Features 167
TPM Services 167
Roots of Trust 167
Boot Process 168
Secure Storage 168
Attestation 169
In Conclusion 171
References 171
Common Criteria John Tierney 173
Introduction 173
Evolution of National and International Standards 174
International Recognition 175
The need for security benchmarks 176
Evaluation Practicalities 177
Types of evaluation 178
Evaluation Assurance Levels 179
Augmentation of Assurance Levels 179
Evaluation Roles 180
Performing Evaluations 181
Developing Protection Profiles and Security Targets 182
Establish the security environment 182
Establish Security Objectives 183
Establish Security Requirements 183
Establish TOE Summary Specification 184
Establish Rationale 184
Claiming Compliance with Protection Profiles 185
An Example 185
Establish the Security Environment 186
Establish security objectives 186
Establish Security Requirements 187
Establish TOE summary specification 188
Establish Rationale 189
Deliverables 189
Evaluation Composition 190
In Conclusion 192
References 193
Smart Card Security Michael Tunstall 195
Introduction 195
Cryptographic Algorithms 197
Data Encryption Standard 197
RSA 199
Smart Card Security Features 202
Communication 202
Cryptographic Coprocessors 203
Random Number Generators 204
Anomaly Sensors 205
Chip Features 205
Side Channel Analysis 207
Timing Analysis 207
Power Analysis 208
Electromagnetic Analysis 213
Countermeasures 214
Fault Analysis 216
Fault Injection Mechanisms 217
Modelling the Effect of a Fault 218
Faults in Cryptographic Algorithms 218
Countermeasures 221
Embedded Software Design 222
PIN Verification 222
File Access 224
In Conclusion 225
References 225
Application Development Environments for Java and SIM Toolkit Gary Waite Keith Mayes 229
Introduction 229
Smart Cards Characteristics 230
Limitations 231
SIM Cards 232
Java Card 233
The Java Card Framework 235
Java SIM 238
sim.toolkit 239
sim.access 242
Application Development Tools 243
Compilers & Integrated Development Environments 243
Simulators 244
Protocol Analysis (Spy) Tools 245
Utilities 246
Mobile Phone Applications and the (U)SIM 247
SATSA 248
A Word on Testing 250
SIM Dongle Example 251
Looking To The Future 253
Concluding Remarks 253
References 254
OTA and Secure SIM Lifecycle Management Joos Cadonau 257
Introduction 258
The SIM Card As A Managed Platform 258
Common Stored and Managed Data 259
SIM Application Toolkit Interface SAT 260
Main Differences Between a SIM and a UICC/USIM Card 264
OTA - Over-The-Air Management 265
OTA Server Capabilities 267
Limitations and Improvements 268
Customer Managed Applications 270
SIM Lifecycle Management 271
In Conclusion 274
References 275
Smart Card Reader APIS Damien Sauveron 277
Terminology: Smart Card Reader, IFD, CAD and Terminal 277
OCF: OpenCard Framework 279
Overview 279
Example 281
PC/SC 282
Overview 282
Architecture 282
Various Implementations 285
Wrappers 288
Examples 289
STIP 291
In Conclusion 291
References 292
RFID and Contactless Technology Gerhard P. Hancke 295
Introduction 295
Contactless Technology 296
Applications 299
Radio Frequency Interface 301
Communication Theory 302
Inductive Coupling 305
Standards 311
ISO 14443 311
ISO 15693 317
ISO 18000 319
ISO 18092/NFC 320
Conclusion 321
References 321
ID CARDS AND PASSPORTS Ingo Liersch 323
Introduction 323
ID Cards 324
Requirements and Constituents of Modern National ID Cards 324
International Standards for ID Cards 331
Optical Personalisation of ID Cards 333
Countries and Their ID Cards 337
E-Passports 339
Introduction 339
Constituents of Passports 341
EU and ICAO Requirements 343
Security Protocols 344
Conclusion 345
References 345
Smart Card Technology Trends Chris Shire 347
Trends In Smart Card Technology - Today And The Future 347
History 348
Technology Choices 351
Technology Drivers 355
Technology Trends 364
Emerging Applications 370
Conclusions 376
References 377
Source Code for Chapter 12 381
C Language 381
Perl Language 385
Index 387
From the B&N Reads Blog
Page 1 of