Of all the advantages that smart cards have over magnetic-stripe cards, enhanced security is probably the greatest. Part of the security advantage stems from the difficulty that forgers face in cloning smart cards. The rest comes from smart cards’ ability to encrypt and decrypt text and data.
A cryptographic system based on smart cards is much like any other. It uses an encryption algorithm and an encryption key to convert an original message (plain text) into a coded message (cipher text) that can be decoded only by a decryption algorithm and a decryption key.
Crytographic schemes fall into two distinct groups—symmetric and asymmetric. Symmetric methods, including the Data Encryption Standard (DES) (Ref 1) use the same key for both encryption and decryption. DES breaks plain text into 64-bit blocks and then encrypts each block, using a 56-bit key, to produce 64-bit blocks of cypher text. Visa’s new smart cards use DES.
An asymmetric approach, on the other hand, requires a pair of keys. Each unique pair of keys must be generated according to a specific recipe. For example, the RSA algorithm—named with the initials of its inventors, Rivest, Shamir, and Adelman—describes a definite mathematical procedure for key generation (Ref 2).
Both symmetric and asymmetric encryption methods are complex; trying to break the code of either type would require years of computer time. However, because symmetric schemes depend on a common key for both encryption and decryption, that key must be shared by a message sender and a message receiver. But key sharing makes keys vulnerable to interception—and sensitive data vulnerable to anyone who gets possession of a key. Because asymmetric methods don’t require key sharing, they’re becoming the preferred approach for smart-card encryption.
With an asymmetric encryption method, either of the two keys can be used for encryption, with the other key then becoming the decryption key. For example, a message ciphered with key 1 can be deciphered only with key 2. Similarly, a message ciphered with key 2 is decipherable only with key 1.
Thus, with a unique pair of keys, you can make one key public and keep the other one secret. Anyone can use your public key to encrypt a message that only you, with your secret key, can decrypt. As long as you store your secret key in a safe place—in a smart card IC’s EEPROM, for example, which is physically and electrically inaccessible to potential snoopers—you can publish your public key without fear that a “snoop” will crack your encrypted communications.
Encryption schemes using both public and secret keys are ideally suited for use with smart cards. Consider, for example, how a system based on smart cards can perform anonymous and confidential data transfers. In this example, assume confidential transfer needs to occur between an automatic teller machine (ATM) and your bank.
Before a transfer occurs, your smart card sends your personal identification number (PIN) through a smart-card terminal to your bank’s computer. The computer uses your PIN to look up your public key. It then uses your public key to send your smart card an encrypted message. Your smart card decrypts the message with your secret key.
Your smart card now responds to the bank’s computer by sending an encrypted “digital signature,” which it generates by ciphering a message with your secret key. Only your public key—which the bank’s computer knows—can decrypt this signature. Simply because it is able to decrypt the signature, the computer knows that it is linked to the right smart card. Two-way encrypted communication can then begin. Each party encrypts messages to the other using the other’s public key.
Public-key ciphering and deciphering of a message, M, results in a cipher, C, according to the following formula:
In this formula, K is the key and can be either a secret key, Ks, or a public key, Kp. N is a large modulus number generated from prime numbers. Using large numbers for K and N, typically 512 bits, makes it nearly impossible to calculate a secret key from a public key.
Because encryption operations require modulo arithmetic, multiplication, and exponentiation, however, they severely strain a smart card’s resident µC. Consequently, most smart-card ICs that implement public-key encryption incorporate a separate on-chip crypto-coprocessor.