| Abstract |
Contactless SmartCards represent particular type of SmartCards, with a very convenient usage, and it is expected that they will expand their application capabilities in a variety of different fields. The potential intrusion fields, could be Electronic-money, the Public Transportation, the Electronic Authentication, Health Care and more. Their entrance within these fields, will generate new and more improved services. However, this type of SmartCards are subject to several constraints, such as bandwidth availability, available memory space, and computational effort. This makes more difficult the execution of complicated procedures, such as processing data, under the prism of Public or Private Cryptography Schemes. Having in mind, the importance of the security in the Informatics area, not only data storage security, but also transmission security, together with the fact that Cryptography ensures the integrity and the protection of data, SmartCards, and their secure applications, implies a great interest. The solution to these matters is given by the usage of Elliptic Curves, which due to their unique capabilities, match perfectly to the constraints posed by Contactless SmartCard's and their applications. Their unique capabilities provide the strongest security per Binary digit, in comparison with other different Cryptosystems already proposed. This ability of the Elliptic Curves offers smaller sized keys, that need less computational effort and memory space usage. These aspects, provide Elliptic Curve Cryptosystems with higher computation speed and less hardware cost. This project mainly focuses on the implementation of Cryptographic services, by explaining the way that Elliptic Curves, and their proper use, can result in cost reduction and speed increase, in terms of secure application deployment and implementation in the Contactless SmartCard field. Throughout this project, we implement the use of optimized techniques in Elliptic Arithmetic, to avoid the use of a co-processor, to maintain the cost at a low level. Thus, we ensure the high levels of security, without increasing the cost. We also propose a Mutual Authentication Protocol, between two entities, (i.e a Contactless SmartCard and a Terminal), while at the same time a key agreement is established. The keys, are being published in a way so as to avoid a -man in the middle- attack, without the use of certificates. We are also securing the communication channel, since every transmitted quantity is being encrypted, using the agreed keys and a random number is created by the terminal for the cause of every transaction. Finally, we propose a mechanism to manage the SmartCard's non volatile memory, through which, we can account for to the lack of electrical power, invoked, either by the SmartCard's bad topology in the Magnetic Field, or from the interference by an unauthorized person who might want to obtain important information.
|
Χρήση Ελλειπτικών Καμπυλών για την Πιστοποίηση Ταυτότητας Και τη Συμφωνία Κλειδιών στις ΄Εξυπνες Κάρτες Χωρίς Επαφή Με Μηχανισμό Διαχείρισης της Μνήμης
