IY5606 Smart Cards, Tokens, Security and Applications Report- UoL
VerifiedAdded on 2023/06/15
|38
|8487
|390
Report
AI Summary
This report provides a detailed analysis of smart cards, tokens, security, and their applications, covering topics such as RFID technology, security modules, and various attack categories. It examines the differences between secured and unsecured memory chips, the benefits and drawbacks of magnetic stripe cards versus paper tickets, and the use of symmetric and asymmetric algorithms in smart ticket systems. The report also discusses key diversification, contactless payment cards, and the operational ranges of RFID tags. Furthermore, it explores anti-counterfeit measures and the implementation of ID card systems, referencing the Banker’s Algorithm and PKI. The document is available on Desklib, a platform offering study tools and solved assignments for students.
Running head: SMART CARDS
Smart Cards
[Name of the Student]
[Name of the University]
[Author note]
Smart Cards
[Name of the Student]
[Name of the University]
[Author note]
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1SMART CARDS
Table of Contents
2013.................................................................................................................................................2
2014.................................................................................................................................................8
2015...............................................................................................................................................15
2016...............................................................................................................................................18
2017...............................................................................................................................................25
Table of Contents
2013.................................................................................................................................................2
2014.................................................................................................................................................8
2015...............................................................................................................................................15
2016...............................................................................................................................................18
2017...............................................................................................................................................25
2SMART CARDS
2013
Question 1
(a)(i)What is the literal definition of an RFID and does it imply any security protection
capabilities?
Ans: RFID or Radio Frequency Identification generally refers to the automated technology for
identification by making use of the radio frequency electromagnetic fields. The objects can be
identified by making use of tags when the tags comes closer to a reader. There are three parts in a
RFID and this includes one scanning antenna, a transceiver, and a transponder. RFID implies
various types of protection capabilities as well. Some of this includes tracking of the goods
inside a large store, tracking of animals in a farm and many more.
(a)(ii)Explain the main difference between an ID card based on a secured memory chip and
one based on an unsecured memory chip, and how this would affect the resistance to card
cloning.
Ans: ID Cards on secured memory chips provides higher security including electrically erasable
programmable read-only-memory unlike the unsecured ones. Card cloning gets resistance
through comprehensive data protection and mutual authentication between host and device.
(a)(iii)The data held in a printed 2-D bar-code could be encrypted and/or have a Message
Authentication Code (MAC). What would be the point of these measures when a bar-code
is easily read and copied?
Ans: The main reason for using of 2-D barcode despite of being easily read and copied is
because of it is having a strong focus on the consumers and are free to use. Along with this type
of barcodes are flexible in size and have a high fault tolerance. This codes have high readability
2013
Question 1
(a)(i)What is the literal definition of an RFID and does it imply any security protection
capabilities?
Ans: RFID or Radio Frequency Identification generally refers to the automated technology for
identification by making use of the radio frequency electromagnetic fields. The objects can be
identified by making use of tags when the tags comes closer to a reader. There are three parts in a
RFID and this includes one scanning antenna, a transceiver, and a transponder. RFID implies
various types of protection capabilities as well. Some of this includes tracking of the goods
inside a large store, tracking of animals in a farm and many more.
(a)(ii)Explain the main difference between an ID card based on a secured memory chip and
one based on an unsecured memory chip, and how this would affect the resistance to card
cloning.
Ans: ID Cards on secured memory chips provides higher security including electrically erasable
programmable read-only-memory unlike the unsecured ones. Card cloning gets resistance
through comprehensive data protection and mutual authentication between host and device.
(a)(iii)The data held in a printed 2-D bar-code could be encrypted and/or have a Message
Authentication Code (MAC). What would be the point of these measures when a bar-code
is easily read and copied?
Ans: The main reason for using of 2-D barcode despite of being easily read and copied is
because of it is having a strong focus on the consumers and are free to use. Along with this type
of barcodes are flexible in size and have a high fault tolerance. This codes have high readability
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3SMART CARDS
and supports different types of data. This type of barcodes remain legible even when they are
printed at a small size or etched into a product.
(b)(i) Describe the levels, and the equipment required to complete verification.
Ans: The various levels are the hardware and software levels. In the former level, inputs are
synthesized to generate a transistor constituting a chip. Software-level represent view of the card
on which programmer has written the software.
The first equipment needed is the bit-true model where computed results are compared according
to every bit that produces the hardware, The next tool is the cycle-accurate model where outcome
or change in output signals are generated exactly with the similar speed of hardware.
(b)(ii) For each verification level, describe two anti-counterfeit measures.
Ans: For hardware-level with various high-level description languages bear structural similarity
with hardware. Thus as a result it is slow and complex. In case of software-model, software
developers at many cases are unaware of the details dealing with pipeline. Thus this execution of
instruction result a change for stable architectural state to new one. Thus as an anti-counterfeit
measure parallel execution whose execution includes various cycles are involved.
(c) Implementation of ID card system
(i) Ans: For this Supplier A must be chosen using Banker’s Algorithm. This is because it is a
deadlock avoidance and resource allocation algorithm. It is helpful to check whether allocation
of any resource might result in deadlock or not. It also analyzes whether it is safe to allocate
resource to process and then it is allocated to that process. Finding a safe sequence ensures that
the system would not move to a deadlock. The data structures used are need matrix, allocation
matrix, max matrix and available vector.
and supports different types of data. This type of barcodes remain legible even when they are
printed at a small size or etched into a product.
(b)(i) Describe the levels, and the equipment required to complete verification.
Ans: The various levels are the hardware and software levels. In the former level, inputs are
synthesized to generate a transistor constituting a chip. Software-level represent view of the card
on which programmer has written the software.
The first equipment needed is the bit-true model where computed results are compared according
to every bit that produces the hardware, The next tool is the cycle-accurate model where outcome
or change in output signals are generated exactly with the similar speed of hardware.
(b)(ii) For each verification level, describe two anti-counterfeit measures.
Ans: For hardware-level with various high-level description languages bear structural similarity
with hardware. Thus as a result it is slow and complex. In case of software-model, software
developers at many cases are unaware of the details dealing with pipeline. Thus this execution of
instruction result a change for stable architectural state to new one. Thus as an anti-counterfeit
measure parallel execution whose execution includes various cycles are involved.
(c) Implementation of ID card system
(i) Ans: For this Supplier A must be chosen using Banker’s Algorithm. This is because it is a
deadlock avoidance and resource allocation algorithm. It is helpful to check whether allocation
of any resource might result in deadlock or not. It also analyzes whether it is safe to allocate
resource to process and then it is allocated to that process. Finding a safe sequence ensures that
the system would not move to a deadlock. The data structures used are need matrix, allocation
matrix, max matrix and available vector.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4SMART CARDS
(ii) Ans: PKI includes various set of roles, procedures and policies required to revoke, store, use,
distribute, manage and create digital certificates and control public-key encryption. Static data on
is proposed by the second consultant because here information never change after it gets
recorded. It comprises of a fixed data set. Unlike dynamic data, here data gets changed after it
gets recorded and needs to be updated continually.
The first one is more accurate advice since here user provides anyone with public key and
sender utilizes that to encrypt data. Next the owner uses through private key for decrypting that
data.
(ii) Ans: PKI includes various set of roles, procedures and policies required to revoke, store, use,
distribute, manage and create digital certificates and control public-key encryption. Static data on
is proposed by the second consultant because here information never change after it gets
recorded. It comprises of a fixed data set. Unlike dynamic data, here data gets changed after it
gets recorded and needs to be updated continually.
The first one is more accurate advice since here user provides anyone with public key and
sender utilizes that to encrypt data. Next the owner uses through private key for decrypting that
data.
5SMART CARDS
Question 2
(a)(i) Suggest one operational and one security benefit from using magnetic stripe cards
instead of simple paper tickets.
Ans: Magnetic strip cards are much more reliable and has been tested thoroughly over years. It
has a much more longevity than simple paper tickets. Magnetic strips are also responsible for
holding data. The data that are stored in the magnetic strip cards are not in the readable form
which initially provides an added security to the user.
(a)(ii) A chip card ticket could be based on a secure memory card or a secure
microprocessor card. Which do you think is the most likely considering cost and
performance issues?
Ans:
The first one is to be considered though it is cost expensive. However its performance is better
and more rugged than secure microprocessor card. It consists of high-capacity memory and
different portable devices.
(a)(iii) Explain why symmetric algorithms are more likely to be used than asymmetric
algorithms in existing smart ticket to reader protocols.
Ans: The primary disadvantage of symmetric algorithm is that every involved parties need to
exchange the key utilized to encrypt data prior they are decrypted. This perquisite to distribute
securely and control huge number of keys indicates most cryptographic services using other
kinds of encryption algorithms.
(b)(i) Compare these two options, giving an advantage and disadvantage for each, and
suggest which solution is most likely in practice.
Question 2
(a)(i) Suggest one operational and one security benefit from using magnetic stripe cards
instead of simple paper tickets.
Ans: Magnetic strip cards are much more reliable and has been tested thoroughly over years. It
has a much more longevity than simple paper tickets. Magnetic strips are also responsible for
holding data. The data that are stored in the magnetic strip cards are not in the readable form
which initially provides an added security to the user.
(a)(ii) A chip card ticket could be based on a secure memory card or a secure
microprocessor card. Which do you think is the most likely considering cost and
performance issues?
Ans:
The first one is to be considered though it is cost expensive. However its performance is better
and more rugged than secure microprocessor card. It consists of high-capacity memory and
different portable devices.
(a)(iii) Explain why symmetric algorithms are more likely to be used than asymmetric
algorithms in existing smart ticket to reader protocols.
Ans: The primary disadvantage of symmetric algorithm is that every involved parties need to
exchange the key utilized to encrypt data prior they are decrypted. This perquisite to distribute
securely and control huge number of keys indicates most cryptographic services using other
kinds of encryption algorithms.
(b)(i) Compare these two options, giving an advantage and disadvantage for each, and
suggest which solution is most likely in practice.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6SMART CARDS
Ans: Symmetric encryption utilizes single key unit requiring to get shared among people who
require getting message. Asymmetric algorithm on the other hand utilizes pair of private and
public key for encrypting and decrypting messages while making communication. Symmetric
encryption is a conventional technique whereas the asymmetric one is latest. Asymmetric
complements inherent problem of the requirement for sharing key in symmetric model. It
eliminates necessity to share keys through private and public keys. The symmetric one is more
suitable here because of the above reasons. Further it takes more time than symmetric
encryption.
(b)(ii) What is card key diversification and why is it important? Suggest a simple way of
creating diversified card keys from a master key.
Ans: Key diversification denotes to the process to derive keys from base key using unique
inputs. Every card gets distinct values for every key and as one key gets broken the vulnerability
is limited to that key instead of affecting the while system.
(b)(iii) Explain if you think it likely that the transport system readers will store the
diversified keys for all issued cards, or use some other mechanism.
Ans: Key diversification is generally utilized to work with smart cards. It is helpful to secure
interactions with population of cards.
(c) New developments.
(c)(i) Ans: Modern contactless payment card make system key management simpler through
various ways. First of all it is simple and quick to use along with reliable operation. It avoids
long queues and accesses every major debit and credit cards.
Ans: Symmetric encryption utilizes single key unit requiring to get shared among people who
require getting message. Asymmetric algorithm on the other hand utilizes pair of private and
public key for encrypting and decrypting messages while making communication. Symmetric
encryption is a conventional technique whereas the asymmetric one is latest. Asymmetric
complements inherent problem of the requirement for sharing key in symmetric model. It
eliminates necessity to share keys through private and public keys. The symmetric one is more
suitable here because of the above reasons. Further it takes more time than symmetric
encryption.
(b)(ii) What is card key diversification and why is it important? Suggest a simple way of
creating diversified card keys from a master key.
Ans: Key diversification denotes to the process to derive keys from base key using unique
inputs. Every card gets distinct values for every key and as one key gets broken the vulnerability
is limited to that key instead of affecting the while system.
(b)(iii) Explain if you think it likely that the transport system readers will store the
diversified keys for all issued cards, or use some other mechanism.
Ans: Key diversification is generally utilized to work with smart cards. It is helpful to secure
interactions with population of cards.
(c) New developments.
(c)(i) Ans: Modern contactless payment card make system key management simpler through
various ways. First of all it is simple and quick to use along with reliable operation. It avoids
long queues and accesses every major debit and credit cards.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7SMART CARDS
8SMART CARDS
(c)(ii) How would the fare then be calculated and paid, and is there any change in the
certainty of receiving payment?
Ans: Fares can be calculated and then paid for customers through using near field
communication of NFC or RFID technology. Here the allowable quantity for contactless
transaction has been varying from country and bank. Yes, there is a certainty to receive
payments. They are developed using similar secure system. Hence one can be fully confident
while paying. There have been never any reports confirmed regarding money stolen from
contactless card still in possession of cardholder.
(c)(iii) Ans: Both of the card types uses distinct interface mechanisms and are automatically
distinguished through the very activity to read them. Contact based cards are accessed only
through contact technology reader and non-contact card should use RFID or any capacitive or
additional method on which the card is based. Thus the phone gets aware of what has been
interfaced with.
(c)(ii) How would the fare then be calculated and paid, and is there any change in the
certainty of receiving payment?
Ans: Fares can be calculated and then paid for customers through using near field
communication of NFC or RFID technology. Here the allowable quantity for contactless
transaction has been varying from country and bank. Yes, there is a certainty to receive
payments. They are developed using similar secure system. Hence one can be fully confident
while paying. There have been never any reports confirmed regarding money stolen from
contactless card still in possession of cardholder.
(c)(iii) Ans: Both of the card types uses distinct interface mechanisms and are automatically
distinguished through the very activity to read them. Contact based cards are accessed only
through contact technology reader and non-contact card should use RFID or any capacitive or
additional method on which the card is based. Thus the phone gets aware of what has been
interfaced with.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9SMART CARDS
2014
Question 1
(a)(i) Very briefly describe three main categories of attacks that may be used against
security modules.
Ans: The three main categories of attacks which may be against the security modules are listed
below:
• Insider Attack (Koeberl et al., 2014)
– Significant percentage of breaches
– Ex.: Run-on fraud, disgruntled employees
• Lunchtime Attack (Koeberl et al., 2014)
– Take place during a small window of opportunity
– Ex.: During a lunch or coffee break
• Focused Attack (Koeberl et al., 2014)
– Time, money, and resources not an issue
Question 4
(a)(i) What does RFID stand for?
And: RFID generally stands for Radio Frequency Identification.
(a)(ii) Describe passive and active RFIDs and give an example of each.
Ans: Passive RFID tags are those tags which do not have any internal power source. This are
generally powered by the electromagnetic energy that are transmitted by the RFID readers. This
types of tags are generally used for the tracking of files, controlling access, race timing and many
more (Ahson & Ilyas, 2017). They are having a shorter range.
2014
Question 1
(a)(i) Very briefly describe three main categories of attacks that may be used against
security modules.
Ans: The three main categories of attacks which may be against the security modules are listed
below:
• Insider Attack (Koeberl et al., 2014)
– Significant percentage of breaches
– Ex.: Run-on fraud, disgruntled employees
• Lunchtime Attack (Koeberl et al., 2014)
– Take place during a small window of opportunity
– Ex.: During a lunch or coffee break
• Focused Attack (Koeberl et al., 2014)
– Time, money, and resources not an issue
Question 4
(a)(i) What does RFID stand for?
And: RFID generally stands for Radio Frequency Identification.
(a)(ii) Describe passive and active RFIDs and give an example of each.
Ans: Passive RFID tags are those tags which do not have any internal power source. This are
generally powered by the electromagnetic energy that are transmitted by the RFID readers. This
types of tags are generally used for the tracking of files, controlling access, race timing and many
more (Ahson & Ilyas, 2017). They are having a shorter range.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10SMART CARDS
Active RFID tags are those tags which are powered by the battery and are associated with
continuous broadcasting of their signals. This are also known as “Beacons” and are associated
with accurate tracking if the real time locations of any type of assets (Zhong et al., 2013). They
are having a longer range than passive tags.
(a)(iii) Give a reasoned opinion of whether an RFID necessarily implies any security.
Ans: RFID is a shortwave communication technology that has the capability of identifying any
items that are within the range of the RFID reader. Therefore it can be stated that tracking of
items becomes very much easy with the use of RFID tags (Amendola et al., 2014). This initially
leads to elimination of threats related to stealing or theft.
(a)(iv) Comment on the shapes and operational ranges of RFIDs.
Ans: RFID system generally consists of an antenna or coil, a transceiver which consists of a
decoder and a transponder which is programmed with a unique information and this is the RFID
tag. RFID operates at various frequencies (Chae et al., 2013). The low frequency range is around
30 KHz to 500 KHz. And the highest frequency range is 850 MHz to 950 MHz and 2.4 GHz to
2.5 GHz.
(b)(i) Ranges of Generic RFID tags
Ans: The four ranges of generic RFID devices are 30 KHz-5.8 GHz which is the low frequency,
high frequency, ultrahigh frequency and lastly the microwave frequency. The frequency is
chosen according to the application, the tags size, and the ranges of the reader which is required.
The rate of data transfer or the throughput rates is faster when the frequency is high but the
system becomes more expensive with higher frequency (Hanwate & Thakare, 2015). The RFD
systems mainly operates in the low frequency having a long band ranging from 125 to 135 KHz.
The passive RFID tags makes use of the low frequency which are having a short read range. The
Active RFID tags are those tags which are powered by the battery and are associated with
continuous broadcasting of their signals. This are also known as “Beacons” and are associated
with accurate tracking if the real time locations of any type of assets (Zhong et al., 2013). They
are having a longer range than passive tags.
(a)(iii) Give a reasoned opinion of whether an RFID necessarily implies any security.
Ans: RFID is a shortwave communication technology that has the capability of identifying any
items that are within the range of the RFID reader. Therefore it can be stated that tracking of
items becomes very much easy with the use of RFID tags (Amendola et al., 2014). This initially
leads to elimination of threats related to stealing or theft.
(a)(iv) Comment on the shapes and operational ranges of RFIDs.
Ans: RFID system generally consists of an antenna or coil, a transceiver which consists of a
decoder and a transponder which is programmed with a unique information and this is the RFID
tag. RFID operates at various frequencies (Chae et al., 2013). The low frequency range is around
30 KHz to 500 KHz. And the highest frequency range is 850 MHz to 950 MHz and 2.4 GHz to
2.5 GHz.
(b)(i) Ranges of Generic RFID tags
Ans: The four ranges of generic RFID devices are 30 KHz-5.8 GHz which is the low frequency,
high frequency, ultrahigh frequency and lastly the microwave frequency. The frequency is
chosen according to the application, the tags size, and the ranges of the reader which is required.
The rate of data transfer or the throughput rates is faster when the frequency is high but the
system becomes more expensive with higher frequency (Hanwate & Thakare, 2015). The RFD
systems mainly operates in the low frequency having a long band ranging from 125 to 135 KHz.
The passive RFID tags makes use of the low frequency which are having a short read range. The
11SMART CARDS
high frequency ranges from 3MHz to 30 MHz but most of the high frequency RFID tags operate
at a range of 13.56 MHz. ultra-high frequency ranges from 300 MHz to 1000 MHz. the operating
range of the passive tags are 865-868 MHz in Europe and 902-928 MHz in the United States.
Whereas the operating range of active ultra-high frequency ranges from 315 MHz and 433 MHz.
the operating range of typical microwave frequency is 2.45 GHz or 5.8 GHz.
(b)(ii) What differences are there, if any, between a sophisticated RFID and a contact-less
smart card?
Ans: The contactless cards are much more advanced and secure than the RFID. The tracking
range of RFID is much more than the Smart contact-less cards as contact-less cards have a range
of about four to five inches so as to prevent the tracking and eavesdropping.
(b)(iii) What attacks may be possible against an RFID that are not possible against a smart
card with contacts?
Ans: RFID tags can be read by making use of any compatible reader whereas in case of contact
less cards this is not at all possible.
high frequency ranges from 3MHz to 30 MHz but most of the high frequency RFID tags operate
at a range of 13.56 MHz. ultra-high frequency ranges from 300 MHz to 1000 MHz. the operating
range of the passive tags are 865-868 MHz in Europe and 902-928 MHz in the United States.
Whereas the operating range of active ultra-high frequency ranges from 315 MHz and 433 MHz.
the operating range of typical microwave frequency is 2.45 GHz or 5.8 GHz.
(b)(ii) What differences are there, if any, between a sophisticated RFID and a contact-less
smart card?
Ans: The contactless cards are much more advanced and secure than the RFID. The tracking
range of RFID is much more than the Smart contact-less cards as contact-less cards have a range
of about four to five inches so as to prevent the tracking and eavesdropping.
(b)(iii) What attacks may be possible against an RFID that are not possible against a smart
card with contacts?
Ans: RFID tags can be read by making use of any compatible reader whereas in case of contact
less cards this is not at all possible.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 38
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.