Smart Cards: RFID, Security, and Implementation
This is an MSc examination paper for the course 'Smart Cards, Tokens, Security and Applications' at the University of London. The paper includes questions related to identity cards, RFID technology, and security protection capabilities.
38 Pages8487 Words390 Views
Added on 2023-06-15
About This Document
This study material covers topics such as RFID, security, and implementation of smart cards. It includes questions and answers related to passive and active RFIDs, symmetric and asymmetric algorithms, and TPM. The material also discusses the implementation of ID card systems and new developments in contactless payment cards.
Smart Cards: RFID, Security, and Implementation
This is an MSc examination paper for the course 'Smart Cards, Tokens, Security and Applications' at the University of London. The paper includes questions related to identity cards, RFID technology, and security protection capabilities.
Added on 2023-06-15
ShareRelated Documents
Running head: SMART CARDS
Smart Cards
[Name of the Student]
[Name of the University]
[Author note]
Smart Cards
[Name of the Student]
[Name of the University]
[Author note]
1SMART CARDS
Table of Contents
2013.................................................................................................................................................2
2014.................................................................................................................................................8
2015...............................................................................................................................................15
2016...............................................................................................................................................18
2017...............................................................................................................................................25
Table of Contents
2013.................................................................................................................................................2
2014.................................................................................................................................................8
2015...............................................................................................................................................15
2016...............................................................................................................................................18
2017...............................................................................................................................................25
2SMART CARDS
2013
Question 1
(a)(i)What is the literal definition of an RFID and does it imply any security protection
capabilities?
Ans: RFID or Radio Frequency Identification generally refers to the automated technology for
identification by making use of the radio frequency electromagnetic fields. The objects can be
identified by making use of tags when the tags comes closer to a reader. There are three parts in a
RFID and this includes one scanning antenna, a transceiver, and a transponder. RFID implies
various types of protection capabilities as well. Some of this includes tracking of the goods
inside a large store, tracking of animals in a farm and many more.
(a)(ii)Explain the main difference between an ID card based on a secured memory chip and
one based on an unsecured memory chip, and how this would affect the resistance to card
cloning.
Ans: ID Cards on secured memory chips provides higher security including electrically erasable
programmable read-only-memory unlike the unsecured ones. Card cloning gets resistance
through comprehensive data protection and mutual authentication between host and device.
(a)(iii)The data held in a printed 2-D bar-code could be encrypted and/or have a Message
Authentication Code (MAC). What would be the point of these measures when a bar-code
is easily read and copied?
Ans: The main reason for using of 2-D barcode despite of being easily read and copied is
because of it is having a strong focus on the consumers and are free to use. Along with this type
of barcodes are flexible in size and have a high fault tolerance. This codes have high readability
2013
Question 1
(a)(i)What is the literal definition of an RFID and does it imply any security protection
capabilities?
Ans: RFID or Radio Frequency Identification generally refers to the automated technology for
identification by making use of the radio frequency electromagnetic fields. The objects can be
identified by making use of tags when the tags comes closer to a reader. There are three parts in a
RFID and this includes one scanning antenna, a transceiver, and a transponder. RFID implies
various types of protection capabilities as well. Some of this includes tracking of the goods
inside a large store, tracking of animals in a farm and many more.
(a)(ii)Explain the main difference between an ID card based on a secured memory chip and
one based on an unsecured memory chip, and how this would affect the resistance to card
cloning.
Ans: ID Cards on secured memory chips provides higher security including electrically erasable
programmable read-only-memory unlike the unsecured ones. Card cloning gets resistance
through comprehensive data protection and mutual authentication between host and device.
(a)(iii)The data held in a printed 2-D bar-code could be encrypted and/or have a Message
Authentication Code (MAC). What would be the point of these measures when a bar-code
is easily read and copied?
Ans: The main reason for using of 2-D barcode despite of being easily read and copied is
because of it is having a strong focus on the consumers and are free to use. Along with this type
of barcodes are flexible in size and have a high fault tolerance. This codes have high readability
3SMART CARDS
and supports different types of data. This type of barcodes remain legible even when they are
printed at a small size or etched into a product.
(b)(i) Describe the levels, and the equipment required to complete verification.
Ans: The various levels are the hardware and software levels. In the former level, inputs are
synthesized to generate a transistor constituting a chip. Software-level represent view of the card
on which programmer has written the software.
The first equipment needed is the bit-true model where computed results are compared according
to every bit that produces the hardware, The next tool is the cycle-accurate model where outcome
or change in output signals are generated exactly with the similar speed of hardware.
(b)(ii) For each verification level, describe two anti-counterfeit measures.
Ans: For hardware-level with various high-level description languages bear structural similarity
with hardware. Thus as a result it is slow and complex. In case of software-model, software
developers at many cases are unaware of the details dealing with pipeline. Thus this execution of
instruction result a change for stable architectural state to new one. Thus as an anti-counterfeit
measure parallel execution whose execution includes various cycles are involved.
(c) Implementation of ID card system
(i) Ans: For this Supplier A must be chosen using Banker’s Algorithm. This is because it is a
deadlock avoidance and resource allocation algorithm. It is helpful to check whether allocation
of any resource might result in deadlock or not. It also analyzes whether it is safe to allocate
resource to process and then it is allocated to that process. Finding a safe sequence ensures that
the system would not move to a deadlock. The data structures used are need matrix, allocation
matrix, max matrix and available vector.
and supports different types of data. This type of barcodes remain legible even when they are
printed at a small size or etched into a product.
(b)(i) Describe the levels, and the equipment required to complete verification.
Ans: The various levels are the hardware and software levels. In the former level, inputs are
synthesized to generate a transistor constituting a chip. Software-level represent view of the card
on which programmer has written the software.
The first equipment needed is the bit-true model where computed results are compared according
to every bit that produces the hardware, The next tool is the cycle-accurate model where outcome
or change in output signals are generated exactly with the similar speed of hardware.
(b)(ii) For each verification level, describe two anti-counterfeit measures.
Ans: For hardware-level with various high-level description languages bear structural similarity
with hardware. Thus as a result it is slow and complex. In case of software-model, software
developers at many cases are unaware of the details dealing with pipeline. Thus this execution of
instruction result a change for stable architectural state to new one. Thus as an anti-counterfeit
measure parallel execution whose execution includes various cycles are involved.
(c) Implementation of ID card system
(i) Ans: For this Supplier A must be chosen using Banker’s Algorithm. This is because it is a
deadlock avoidance and resource allocation algorithm. It is helpful to check whether allocation
of any resource might result in deadlock or not. It also analyzes whether it is safe to allocate
resource to process and then it is allocated to that process. Finding a safe sequence ensures that
the system would not move to a deadlock. The data structures used are need matrix, allocation
matrix, max matrix and available vector.
4SMART CARDS
(ii) Ans: PKI includes various set of roles, procedures and policies required to revoke, store, use,
distribute, manage and create digital certificates and control public-key encryption. Static data on
is proposed by the second consultant because here information never change after it gets
recorded. It comprises of a fixed data set. Unlike dynamic data, here data gets changed after it
gets recorded and needs to be updated continually.
The first one is more accurate advice since here user provides anyone with public key and
sender utilizes that to encrypt data. Next the owner uses through private key for decrypting that
data.
(ii) Ans: PKI includes various set of roles, procedures and policies required to revoke, store, use,
distribute, manage and create digital certificates and control public-key encryption. Static data on
is proposed by the second consultant because here information never change after it gets
recorded. It comprises of a fixed data set. Unlike dynamic data, here data gets changed after it
gets recorded and needs to be updated continually.
The first one is more accurate advice since here user provides anyone with public key and
sender utilizes that to encrypt data. Next the owner uses through private key for decrypting that
data.
5SMART CARDS
Question 2
(a)(i) Suggest one operational and one security benefit from using magnetic stripe cards
instead of simple paper tickets.
Ans: Magnetic strip cards are much more reliable and has been tested thoroughly over years. It
has a much more longevity than simple paper tickets. Magnetic strips are also responsible for
holding data. The data that are stored in the magnetic strip cards are not in the readable form
which initially provides an added security to the user.
(a)(ii) A chip card ticket could be based on a secure memory card or a secure
microprocessor card. Which do you think is the most likely considering cost and
performance issues?
Ans:
The first one is to be considered though it is cost expensive. However its performance is better
and more rugged than secure microprocessor card. It consists of high-capacity memory and
different portable devices.
(a)(iii) Explain why symmetric algorithms are more likely to be used than asymmetric
algorithms in existing smart ticket to reader protocols.
Ans: The primary disadvantage of symmetric algorithm is that every involved parties need to
exchange the key utilized to encrypt data prior they are decrypted. This perquisite to distribute
securely and control huge number of keys indicates most cryptographic services using other
kinds of encryption algorithms.
(b)(i) Compare these two options, giving an advantage and disadvantage for each, and
suggest which solution is most likely in practice.
Question 2
(a)(i) Suggest one operational and one security benefit from using magnetic stripe cards
instead of simple paper tickets.
Ans: Magnetic strip cards are much more reliable and has been tested thoroughly over years. It
has a much more longevity than simple paper tickets. Magnetic strips are also responsible for
holding data. The data that are stored in the magnetic strip cards are not in the readable form
which initially provides an added security to the user.
(a)(ii) A chip card ticket could be based on a secure memory card or a secure
microprocessor card. Which do you think is the most likely considering cost and
performance issues?
Ans:
The first one is to be considered though it is cost expensive. However its performance is better
and more rugged than secure microprocessor card. It consists of high-capacity memory and
different portable devices.
(a)(iii) Explain why symmetric algorithms are more likely to be used than asymmetric
algorithms in existing smart ticket to reader protocols.
Ans: The primary disadvantage of symmetric algorithm is that every involved parties need to
exchange the key utilized to encrypt data prior they are decrypted. This perquisite to distribute
securely and control huge number of keys indicates most cryptographic services using other
kinds of encryption algorithms.
(b)(i) Compare these two options, giving an advantage and disadvantage for each, and
suggest which solution is most likely in practice.
6SMART CARDS
Ans: Symmetric encryption utilizes single key unit requiring to get shared among people who
require getting message. Asymmetric algorithm on the other hand utilizes pair of private and
public key for encrypting and decrypting messages while making communication. Symmetric
encryption is a conventional technique whereas the asymmetric one is latest. Asymmetric
complements inherent problem of the requirement for sharing key in symmetric model. It
eliminates necessity to share keys through private and public keys. The symmetric one is more
suitable here because of the above reasons. Further it takes more time than symmetric
encryption.
(b)(ii) What is card key diversification and why is it important? Suggest a simple way of
creating diversified card keys from a master key.
Ans: Key diversification denotes to the process to derive keys from base key using unique
inputs. Every card gets distinct values for every key and as one key gets broken the vulnerability
is limited to that key instead of affecting the while system.
(b)(iii) Explain if you think it likely that the transport system readers will store the
diversified keys for all issued cards, or use some other mechanism.
Ans: Key diversification is generally utilized to work with smart cards. It is helpful to secure
interactions with population of cards.
(c) New developments.
(c)(i) Ans: Modern contactless payment card make system key management simpler through
various ways. First of all it is simple and quick to use along with reliable operation. It avoids
long queues and accesses every major debit and credit cards.
Ans: Symmetric encryption utilizes single key unit requiring to get shared among people who
require getting message. Asymmetric algorithm on the other hand utilizes pair of private and
public key for encrypting and decrypting messages while making communication. Symmetric
encryption is a conventional technique whereas the asymmetric one is latest. Asymmetric
complements inherent problem of the requirement for sharing key in symmetric model. It
eliminates necessity to share keys through private and public keys. The symmetric one is more
suitable here because of the above reasons. Further it takes more time than symmetric
encryption.
(b)(ii) What is card key diversification and why is it important? Suggest a simple way of
creating diversified card keys from a master key.
Ans: Key diversification denotes to the process to derive keys from base key using unique
inputs. Every card gets distinct values for every key and as one key gets broken the vulnerability
is limited to that key instead of affecting the while system.
(b)(iii) Explain if you think it likely that the transport system readers will store the
diversified keys for all issued cards, or use some other mechanism.
Ans: Key diversification is generally utilized to work with smart cards. It is helpful to secure
interactions with population of cards.
(c) New developments.
(c)(i) Ans: Modern contactless payment card make system key management simpler through
various ways. First of all it is simple and quick to use along with reliable operation. It avoids
long queues and accesses every major debit and credit cards.
7SMART CARDS
End of preview
Want to access all the pages? Upload your documents or become a member.