Newsletters  |  Buy Print
Sections
Features
Essentials
Print Edition
Current IssuePast Issues

The security factor

Published : Aug 12, 2005 00:00 IST

R. RAMACHANDRAN

MICROPROCESSOR-BASED smart cards are the most secure devices for small amounts of data. Technologically, the microprocessor makes it possible to impose desired security conditions/rules for accessing the desired information. In a microprocessor-based smart card, the chip can implement an operating system (OS) with a secure file-system, and the OS has the capability to compute cryptographic functions. Since a microprocessor has an in-built central preserving unit (CPU), the domains of input data and stored data are different. The CPU performs a cryptographic transformation function (through an internal key algorithm) on the input data and stores it securely. That is, the key to the stored data is internal to the microprocessor itself.

Key-based authentication is the biggest security strength of the smart card, because of which these are more secure devices as compared to magnetic or optical storage devices where the input and stored domains are the same. The latter devices have no capacity to process and transform the data domain. Keys in smart cards typically use strong on-chip algorithms like 3DES or RSA. Through challenge-response mechanisms and encryption-decryption through the corresponding keys, two secure devices can communicate to authenticate each other.

And this is the methodology through which a person proves his identity by possessing one of the keys, securely stored in his or her card. The authentication process can be based on symmetric keys (master key-key) or asymmetric keys (public key-private key).

Smart card technology provides security against direct access to keys and makes it possible that all kinds of security operations are performed internally on the chip without sending keys out of the card. The smart card microprocessor is strong enough to run various security-related complex algorithms using keys internally.

It is for this reason that the Apex Committee had recommended the use of microprocessor technology. It said:

"Microprocessor technology provides a technology which is much more secured and can have in-built function which can help provide effective security to the stored data. The memory-based cards, where the security functions are not embedded in the card and are handled through an external device, thus splitting the security elements in the chain, makes it more vulnerable as compared to the microprocessor-based smart cards ... Thus the microprocessor-based smart cards with contacts can best suit the needs of DL and RC application in the transport sector ...

"Microprocessor-based smart cards can provide secure authentication mechanisms and duplication security up to a great extent by using symmetric dynamic authentication techniques."

You have exhausted your free article limit.
Get a free trial and read Frontline FREE for 15 days
ACTIVATE FREE TRIAL
If you're already a subscriber
Signup and read this article for FREE
SIGN UP
If you're already a subscriber
Get Frontline App on
Get Frontline App on

More stories from this issue

Get unlimited access to premium articles, issues, and all-time archives