Category: smartcard world

smartcard world

What we know about ISD AID

admin

In the context of JavaCard technology, ISD AID refers to the Issuer Security Domain Application Identifier.

Key Concepts:

  1. JavaCard:
    • JavaCard is a technology that allows Java-based applications (applets) to run on smart cards and similar secure devices. It provides a secure environment where applets can be executed securely, and it typically includes functionalities like cryptographic operations, secure storage, and communication protocols.
  2. AID (Application Identifier):
    • An AID is a unique identifier used to distinguish different applications (or applets) on a smart card. It's a sequence of bytes that uniquely identifies an applet on the JavaCard platform.
  3. ISD (Issuer Security Domain):
    • The Issuer Security Domain is a special applet on a JavaCard that acts as the security anchor for the card issuer. It is responsible for managing keys, loading and managing applets, and securing communications. The ISD essentially represents the card issuer's control over the card.
  4. ISD AID:
    • The ISD AID is the Application Identifier specifically assigned to the Issuer Security Domain. This AID uniquely identifies the ISD on the card and is used to route commands and manage applets securely within the JavaCard environment.

Functions of the ISD:

  • App Management: The ISD manages the lifecycle of applets on the JavaCard, including their installation, deletion, and personalization.
  • Security Management: The ISD handles the security operations of the card, such as cryptographic key management, secure messaging, and access control.
  • Communication Gateway: The ISD facilitates secure communication between the card issuer and the JavaCard, ensuring that commands are authenticated and authorized.

Importance of ISD AID:

The ISD AID is crucial because it's how the card issuer and external systems can interact with and manage the JavaCard's security domain. When deploying or managing applets, the ISD AID is used to target the ISD for specific commands, ensuring that only authorized operations are performed.

In summary, the ISD AID in JavaCard technology is the unique identifier of the Issuer Security Domain, which is central to managing the security and application lifecycle on the card.

Read More
smartcard worldUncategorized

difference between Infineon SLE 36 and SLE 78

admin

The Infineon SLE 36 and SLE 78 series are both families of security microcontrollers designed for secure applications such as smart cards, secure identification, and access control systems. However, they differ in several key aspects:

Security Features

  • SLE 78: This series is known for its advanced security features like Integrity Guard, which provides full encryption of data paths and offers various countermeasures against physical and logical attacks.
  • SLE 36: Generally has basic security features and may not offer the advanced countermeasures against attacks that the SLE 78 series provides.

Cryptographic Support

  • SLE 78: Supports a wide range of cryptographic algorithms including RSA, ECC, DES, and AES.
  • SLE 36: Typically supports basic cryptographic algorithms like DES and 3DES but lacks the extensive cryptographic capabilities of the SLE 78 series.

Security Certification

  • SLE 78: Often certified to higher Common Criteria levels, such as CC EAL 6+, making it suitable for high-security applications.
  • SLE 36: May have some level of security certification but usually not as high as the SLE 78 series.

Processing Speed and Memory

  • SLE 78: Generally offers higher processing speeds and more memory, suitable for applications that require fast data processing and more storage.
  • SLE 36: Typically has less memory and may operate at lower speeds.

Use Cases

  • SLE 78: Because of its advanced features, it's used in high-security applications like electronic passports, secure elements in mobile devices, and secure identification cards.
  • SLE 36: More suited for lower-security applications where cost-effectiveness is a priority but some level of security is still required.

Given your background in security research, understanding these differences could be vital, especially if you're evaluating the security of systems that utilize these microcontrollers. You may find it interesting to examine the trade-offs between security features and performance or cost in these two series.

Read More
smartcard world

APDU Lc and Le encoding

admin

Standard ISO_IEC_7816-4-2020

https://www.iso.org/obp/ui/#iso:std:iso-iec:7816:-4:ed-4:v1:en

What we want:

  • we want to test 2 byte Le fields, that means the Lc field should give us already the info that the c r apdu pair is extended. means Lc = 00 and 2 bytes of lenght info.
  • then data, means command data,
  • then 2 bytes of Le encoded

eg. extended length apdu

00CB3FFF
04
5C02DF40
09

eg. normal length apdu

00CB3FFF
000004
5C02DF40
0009

https://stackoverflow.com/questions/40663460/use-apdu-commands-to-get-some-information-for-a-card

Read More
smartcard world

smartcard steps

admin

creating objects AMR cmd

  • DataAccessRightTemplate
  • creating All enum values for reducing lines of code
  • object with several keys
  • diff data
  • selection of different levels gd and ad
  • exception catcher for not implemented parts
  • authentication squence more or less unclear
  • changing access rights for according hex tag hex hex

steps contd

  • remove try catch blocks
  • remove pragma directives
Read More
smartcard world

smart card encryption FAQs

admin

see a task, pick it, and start by step 0:

IFD

ICC Reader Device (IFD)

http://pcscworkgroup.com/Download/Specifications/pcsc4_v2.01.01.pdf

general authenticate

The GENERAL AUTHENTICATE command is used to establish a Secure Channel session, according to Secure Channel Protocol '03' described in GPCS Amendment D [Amd D].

symmetric key

ISO/IEC 11770-2:2018
https://www.iso.org/standard/73207.html

apdu

https://en.wikipedia.org/wiki/Smart_card_application_protocol_data_unit

RND

RND.IFD and RND.ICC are each 16 Bytes

A.IFD

A.IFD = RND.IFD || RND.ICC etc

Read More