14-05-2013, 03:21 PM
Cipher for smart card using Unicode, length and position
Cipher for smart.pdf (Size: 1.39 MB / Downloads: 24)
Abstract
Smart cards have become a common thing today. Smart cards with various utilities are used today since they are easy to carry and relatively secured. But due to advancement of technologies, smart cards are becoming increasingly insecure. A paper from certain conference suggested a new encryption algorithm to keep the information secured in smart cards and to overcome forgery attacks. It claims that, on an average, even a supercomputer will take 101084 years to decrypt, which is much higher than the previous proposals. It makes use of the length of the PIN, and the position and the Unicode value of every character in the PIN along with a secret key to create cipher text. Also, final cipher text is formed by combining two different cipher texts, one from date and time and another from PIN and secret key. And only this final cipher text is saved on the smart card making this algorithm further more secured. But few anomalies were noticed in it. Firstly, the cipher text generated using proposed formula for encryption makes securing it using position problematic. Secondly, the formula given in actual paper misses an important step, without which decryption process gives wrong output. With proposed changes these problems are eradicated and the algorithm becomes more difficult to hack.
INTRODUCTION
Normal encryption using only English alphabets will have only 26! combinations and can be easily decrypted. Furthermore, even usage of any ASCII characters or special characters will have fewer combinations for brute force attack and can be decrypted within certain period of time. By using the relative frequency, it is common to decrypt. To avoid various attacks like dictionary attack, mathematical attack, timing attack etc., we need an efficient way to encrypt the PIN in smart cards [3].
HASH FUNCTION
Before stepping front, it is required to know about the basic working principle of hash function [2].
Working Principle
The input to the hash function can be of any length. But output length is fixed i.e. for hash function h(x) input of any length will give output of fixed length, say n. At times it has to undergo numerous iterations of operations to obtain the fixed length of hash value [4]. There are various steps involved to bring the hash value into reality and security.
Explanation
Initially the Date is retrieved from system date and the sum of date, month and year is calculated. Further, the Time value is also retrieved and hour, minutes and seconds are summed up. Then sum up both date and time. Now the obtained value is subjected to BASE 64 computation.
Original algorithm states that the value n should be taken from the result of above calculations. This is of no use as the summation always gives a 4 digit number and its BASE64 will always give an 8 character output. So the algorithm doesn’t really need to rely on this calculation for the value of n. It’s redundant.
Second part of the cipher text is obtained by subjecting Unicode values of P and K to above mentioned formula. Median of this cipher text is calculated and appended to cipher text after removing it from its position. This algorithm will take less time for encryption and takes more time for hackers to decrypt.
DEPLOYMENT IN SMART CARD
Once we generate a cipher text we need to insert it in smart card. Magnetic swipe cards have a magnetic strip at it back where data is stored. Magnetic swipe card writer is required to write data in it. A special will have to be made which can interact with this peripheral and writes our encrypted plain text. Currently, this algorithm has been implemented in JAVA swing. But to access smart card module it need to be implemented such that it is possible to interact with serial ports of a computer. This can be best done using JAVA libraries like javax.comm[6] or javax.smartcardio.
CONCLUSION
The explanation above shows that the originally proposed algorithm is not feasible to implement and with recommended changes it could provide effective service level security. Furthermore it is quite simple and suitable for high speed encryption applications. Non-uniformity is the backbone of its level of security.
Thus this cipher provides us with highly reliable, secure and fast option to store information in smart cards to tackle increasing forgery attacks.