Smart Solution – smart card and database security Cis600 final project report Anli He & Zhijun Zhan email@example.com@syr.edu
Cyberflex Simera What is a smart card???
Exploded view of a smart card ---Do you know smart card has another name of IC card? Integrated Circuit Company brand, stamps…etc. You can print anything you like on the plastic card even your photos! PlasticCard SmartCard
Different kinds of smartcard… Micro Module 8 or 6 Contacts Contact Smart Card • There are 2 types of smart card 1. Contact Card Microprocessor card : a card that is embedded with a microprocessor and a memory chip. Memory card: a card that is embedded with only a memory chip with non-programmable logic. 2. Contactless card Do not need a reader to be accessed Chip withantenna Contactless Smart Card
How to access a contact card? • PC can access a smart card through a reader.
ROM : Operating System EEPROM (Electrically Erasable Programmable RO Memory) : ROM, Operating system EEPROM, Application Memory CPU RAM : Scratch Pad What we use is ---Microprocessor Card Clock Reset Input / Output a microprocessor card can be compared to a computer !!
Where to put our security application?----EEPROM(Electrically Erasable Programmable ROM) • Application memory • Specific file architecture • Data information • Data OS • 1 up to 64 K bytes • The serial number of each card (made by plant) is in EEPROM
Access control of specific files in the EEPROM • There are several access right for different files: * read & write * read only * add only * update only * no access available
What is a Java Card and application • A Java Card is a • Microprocessor smart card • with a built-in Java Virtual Machine • capable of running applications written first in Java Java applications on the Java Card are applets • like Java applets on a web page • The applets are stored in some files of EEPROM • The applets can be used to to some special things such as data encryption and decryption Cyberflex
The Very Big Bank NET Rich Wealthy Smart card with special application We designed an Java application in Java card and a special software for database security
The main properties of our database… • There is a reader connected to every database server and every client • There is a special file in the database system which has all the serial numbers of smart cards. • The data stored in database is encrypted with DES algorithm • To access our database everyone should have a smart card • Supervisor and common user have different smart card and different access right
Supervisor Card & User Card • They have different card serial number which can be recognized by database software • Both of them have decryption algorithm and Key • The decryption algorithm is made by a Java application stored in EEPROM • The Key is stored in a read only file in EEPROM
Smart Database Authority Anli He 1234 5678 9012 3456 The procedure for database accessing • Insert your card into the card reader • The card reader read your card and see whether it is a valid card and what kind of user you are through the card serial number 3a. If it’s not a valid user card. The process will be stopped. 3b. If it is a valid user card the system will ask you to input your PIN to verify you identity. If you input the wrong PIN for 3 times the process will stop.
After verify your card and PIN…. 4a. If you are a supervisor the software tool bar will be completed with all the operations and functions to use and manage the database for example: Then you can see all the decrypted data and can do anything you like to the database! (add, delete, search, modify, print report….) The procedure for database accessing (cont.)
After verify your card and PIN…. 4b. If you are a common user there will be only a part of the tool bar with some of the operations and functions to use and manage the database. While the others will be disabled. for example: Then you can only see some decrypted data and do something towards these data! (Maybe only the records of yourself ) The procedure for database accessing (cont.)
The necessity of this system • Storing information securely has been one of the most important applications of computer systems since their introduction • As the Networks development, secure storage is now even more important
The necessity of this system • This system is a good countermeasure to theft of secrets • Why ? • This system encrypts the secrets with an encryption key, and protect the key
The secure advantage of this system • This system does not rely on user chosen passwards to provide encryption keys, making dictionary attack impossible • The number of passwards a user can remember is very limited, but the smart card can remember much more
The secure advantage of this system • Since the data in the database are encrypted and the key is in the card. No one can read the data without a valid card. • Only the card user knows the PIN of his card so others can not use his card • The user right is defined by card.
The secure advantage of this system • The fewer files are encrypted under a single key, much better than one key for all files in Cryptographic File System(CFS). • No card, you can not see the data, • Even you get card, it is useless without PIN • Got PIN, but no card, useless
The disadvantage … • Too expensive… the cost of card($6 each) the cost of card reader and reader driver($30 at least) the cost of interface software by card supplier(who knows how much?) • Slower process since it need to read the card and decrypt the data
End ... The END Thank you !