Smartcard Asic

Smartcard ASIC

ABSTRACT A secure contactless smartcard is presented. No batteries are required as device power is extracted from the RF field. With the exception of an inductive loop antenna, no external component is required. The transceiver adheres to the ISO14443 type B specification. This system -on-chip integrates the RF circuitry with a large digital circuit without benefit of external bypass capacitors. An isolation circuit is introduced that prevents coupling of digital noise into the receiver. A measured bit error rate of 3E10 is achieved. Security is also improved as the isolation circuits increases the required time for differential power analysis (DPA) attack by a factor of 222. Three -pass mutual authentication is presented and an algorithm for data restoration in the event of a tear as shown. This device is fabricated in a 0.6-micrometer double -poly triple-metal CMOS process. The chip is 2.8mm x 2.9mm and it requires 500uA or approx. 2.5mW of power. Index Terms -- Mixed analog -digital integrated circuits, transceivers, security, and smart card.

S.S.G.M.C.E., Shegaon.

Smartcard ASIC

INTRODUCTION Credit cards have become an indispensable part of our lives. As the all technologies, improvement can be made to make the use of credit card more convenient to the consumer. Magnetic stripe technology, used today, allows only one application, using a relatively small number of bits, to be placed into a single plastic card. Magnetic stripes suffer short lifetimes due to wear. The closely coupled magnetic stripe readers require mechanical maintenance and cleaning. Combining an integrated circuits and transformer technology with the plastic cards avoids these drawbacks. Generally, this integrated circuit will contain non-volatile memory and control circuitry capable of specifically directed commands. This memory is large enough to support multiple applications. Typical commands may include read and write of the non-volatile memory as well as host of commands necessary for authentication and handshaking. Arithmetic commands such as increment or decrement may also be supported. Smart card is useful for broad range of application. They are becoming especially prevalent in the transit and access application. In environments where multiple users wish to use their smartcard at the same time, for example a train station, the use of contactless interface with an anti -collision protocol allows multiple cards to be placed in front of one reader. However, the biggest advantage of smart card system is not in the card itself. Smartcard technology enables tremendous improvements in data gathering, data, tracking and financial services as a result of the inherent connectivity for the involved institutions. A common infrastructure enables the sharing of resources and ease reconciliation. In transit application, relatively easy coordination between transit authorities enables multiapplication use. Bus, train, taxi, subway, and toll system and newsstand can all accept the same card. The service provider also benefits from the cashless transactions that reduce theft. Consumer acceptance is still necessary and requires ease of use contactless operation provide this ease of use. The industry-wide goal for contactless full functionality is a range of 10 cm. This range enables simple swiping of the smart card in

S.S.G.M.C.E., Shegaon.

1

Smartcard ASIC the vicinity of the smartcard reader. Previously reported circuits have offered similar range capabilities. However, these circuits have greatly reduced functionality of a simple identification [2]-[4]. Power for the circuit is derived from the received RF signal. For manufacturing reasons, no external components other than a simple wire loop antenna are used. Since majority of smartcard application is financial or secure in nature, security is vital. The consumer and the service provider need to have confidence that they will not be victimized by theft and that private information will not be leaked. Therefore, authentication and encryption algorithms are very important to the design of a smartcard. Financial application also requires high reliability. Mechanisms must be in place to prevent the loss of important data due to accidental misuse or circuit aging. A particular concern in contactless operation is the premature termination of a transaction because the card has moved out of range. This event is called “tear”. For the reliability reasons, smartcard must be able to recover from a tear without loss of data even when the original data has been overwritten. This seminar will cover an application –specific integrated circuits (ASIC) that provides solution for the reliability and the security concern for a contactless smartcard. Section II will cover the circuits of the contactless RF modem and address the specific design problems encountered. Section III covers security circuits and algorithms. Section V will provide additional integrated circuit realization details, and Section VI will summarize the results.

S.S.G.M.C.E., Shegaon.

2

Smartcard ASIC

SMARTCARD BASICS A smart card resembles a credit card having one or more semiconductor devices attached to a modul embedded in the card's top left corner as shown in fig providing contacts to the out side world. Also referred to as an integrated circuit card or ICC reader, computer or any other appliances. The semiconductor device embedded in a true smart card is a microcontroller it 1s the microcontroller that makes a card smart card & capable at under taking a range of computational operation) protected storage & decision-making. Although the smart card microcontroller works like any microcontroller. It is fundamentally different while maintaining instruction set compatibility, it is designed with security in mind for example, the smart card & nonsmart card versions of the Motorola 68HC05 8 bit microcontroller display several, difference (1) Probably the most obvious is the single I/O of the microcontroller in the smart card, versus several 8 bit parts for a normal microcontroller. (2) A smart card devices has only five standard pin out I/O, clock power, ground & reset. where as other microcontroller usually have at least 16 pins & some times more than 50. (3) Memory configuration are different too, a smart card uses only on board memory with relatively large amount of non-volatile memory, usually EEPROM. The EE- PROM is programmed by an on chip charge pump controlled by the CPU & not accessible directly by external commands. (4) A fourth difference is that the device appears stripped down as compared with non smart card devices, since it contains one additional peripherals such as analog-to digital converters, pulse-width modulator & serial or parallel interfaces. A smart card is consist of microcontroller the block diagram of smart card is as shown in fig. (2). The microcontroller

used in smart card contains a

central

processing unit (CPU) & blocks of memory including RAM, ROM & non volatile memory-usually electrically erasable programmable ROM (EE-PROM), CPU. The

processing unit is nothing but

a microcontroller operating

system & application programs are loaded in to the micro controller. The operating

S.S.G.M.C.E., Shegaon.

3

Smartcard ASIC system takes care of initialization, transmission & receiving data the application program takes care of the type of application of smart card. The inclusion of a variety of memory types help suit the smart card microcontroller to a range of application for example RAM serves to calculate result & stack memory, ROM to store the operating system, fixed data, standard routines & lookup tables) the non volatile memory is the most versatile, EEPROM, for instance serves to store information that must not be lost when the card is not connected to a power source but that must also be alterable to accommodate data specific to individual card or any changes possible over their life times. This information might include a card identification numbers, a personal identification no. (PIN) authorization levels) cash balances & credit limit. The single-chip computer in a smart card is an off-the-shelf 8-bit microcontroller with added tamper-safe features. While most 8-bit microcontrollers can address at least 64 Kbytes of 8-bit memory, no popular smart cards contain this much. The size of a smart-card chip is constrained by the bending it must bear in a wallet or purse and thus is typically kept to around 25 mm2. This limited real estate together with the cost constraints of some large applications means that the typical smart card contains 4 to 20 Kbytes of memory. The memory space of the smart-card computer is divided into RAM, read/ write memory (EEPROM), and ROM. The RAM is used to hold temporary values when a program is running on the computer. The EEPROM holds cardholder data such as a bank account number or a private encryption key. The ROM holds the basic programs that run on the smart card. The memory is organized this way for several reasons. First, roughly speaking, a RAM location takes up eight times more space than a ROM location, and an EEPROM location takes up four times more space than a ROM location. Therefore, if you want to get lots of information on a smart card, you use ROM whenever you can, next you use EEPROM, and only as a last resort do you use RAM. Second, since a smart

S.S.G.M.C.E., Shegaon.

4

Smartcard ASIC card does not carry its own power supply and is only “on” when plugged into a terminal such as a PC, any permanent data on the smart card has to be in a type of memory that holds its data where there is no power. The single-chip smart-card computer is embedded in a chip carrier that is placed in an indentation in a plastic card and covered by contacts. There are several tamper-resistant and tamper-detection features in the chip itself and in the carrier and its surroundings. The particulars of these security features vary among chip manufacturers and are very hard to obtain. It is exactly these features that make smart cards so attractive, and it is fortunate that no details about them need to be known for application programmers to make effective and innovative use of smart cards.

S.S.G.M.C.E., Shegaon.

5

Smartcard ASIC

RF MODEM DESIGN This IC conforms to the ISO 14443, type B standard for contactless smartcards. As such, it provides a 10% amplitude shift key (ASK) signaling path from the smartcard reader to the smartcard at 106 kbit/s. In 10% ASK, the digital signal directly AM modulates the RF carrier with a modulation index of 10% (i.e., a "one" is 10% larger and a "zero" is 10% smaller than the nominal amplitude). Fig. 1 shows a physical representation of a contactless smartcard system. Together, the reader and the contactless smartcard antennas comprise a loosely coupled transformer. The RF carrier is injected onto the reader coil (antenna) and is used to create a magnetic field. When the smartcard is placed in the field, the energy that passes through the loop antenna of the card is received by the integrated circuit. By changing the intensity of the magnetic field as a function of time, data can he transferred between the card and & the reader.

The uses of 10% ASK places several difficult design challenges on the integrated circuit. The first of which is the shunt regulation. The chip must operate with the power received by the antenna. Power dissipation of the chip is only controlled by reader power, card distance, and card orientation, and not by the chip itself. The shunt S.S.G.M.C.E., Shegaon.

6

Smartcard ASIC regulator controls the voltage levels seen by the integrated circuit by adjusting the current drain. While maintaining a supply voltage large enough to power the device but small enough to avoid destruction of the integrated circuit, the shunt regulator must not destroy the received 10% ASK data signal that also exists on the supply. Voltage compliance must be maintained over two orders of magnitude of power variation. An often-overlooked specification is that the card must operate while moving in the magnetic field. This variation in power level, due to hand movements, must not be misrepresented as data. A second challenge is isolation between the receiver and the noisy digital circuitry. Since the received power is only dependent on card location, the I * V product for the smartcard is constant at a given instant in time and space. In other words, any change in current results directly in a change in voltage. Since the power signal and the received data signal are the same, the impulse currents generated by the digital circuits may greatly impact the quality of the received signal. The third challenge is that the received data is nonreturn-to-zero (NRZ) without any accompanying clock or fixed bit timing. The NRZ signal does not provide a direct reference for bit reception, so a reference must be derived from the received signal. Likewise, the lack of a reference clock requires continual bit timing adjustment on a word-by-word basis. A. Tuning and Rectification The first step in extracting power from the RF field is receiving the power. A resonant tank on the card is desired for optimum energy transfer. The input capacitance is sized to resonate with the wire loop antenna at the 13.56-MHz industry standard carrier frequency. Fig. 2 shows a schematic of the input network. Note that the diffused parasitic capacitances associated with the rectifiers are part of the resonant circuit and therefore must be accounted for when calculating the capacitance required for the resonant tank. Since very large currents flow in the tank circuit, resistance must be kept small. A series resistance as small as 3 ohms will reduce powering range for the smartcard by several centimeters. The use of multiple layers of wide metal for interconnect and liberal use of

S.S.G.M.C.E., Shegaon.

7

Smartcard ASIC

well ties for the PFETs in the rectifiers allowed the measured series resistance of the tank to be less than 0.5 ohms. Full wave rectification is accomplished using a PMOS bridge circuit. The PMOS bridge avoids the creation of latch-up inducing collector currents through the substrate during inevitable small forward biases of the drain-bulk junction. Three full wave bridges were used. For noise reasons, the receiver path is separated to enable ground independence for the received signal. The shunt device has a dedicated rectifier to reduce the load current on the analog power supply. This is necessary as power supply ripple is proportional to load current. B. Shunt Regulator The shunt regulator must maintain power supply voltage compliance over two orders of magnitude of power variation without degrading the 10% ASK data signal that also exists on the supply. Fig. 3 shows the main power regulation circuit. One of the more important characteristics of the shunt regulator is the bandwidth, which is the transconductance of input devices M2 and M3 divided by the load capacitance CL. For low-frequency power changes indicative of hand movement (less than 100 Hz), the difference amplifier, controls the gate of shunt device Mshunt, forcing Vdd to a fixed S.S.G.M.C.E., Shegaon.

8

Smartcard ASIC

multiple of Vref .Vref is generated by the bandgap voltage reference. The effective output impedance of the shunt regulator at these low frequencies is very small. As the frequency increases to the data rate, the negative feedback loop through the difference amplifier loses its gain and CL forces the gate of the shunt device to follow the data variations placed on the supply. Thus, the effective output impedance of the shunt regulator at data frequencies appears high, preventing the 106-kbit/s data signal from being attenuated. However, this high impedance at data frequencies also causes susceptibility to digital interference. Any change in supply current at high frequency results in a corresponding change in supply voltage. The switching activity of CMOS digital circuits generates a large amount of high-frequency noise. Since this noise will directly couple to the receiver via the voltage across the coil, it is necessary to reduce the noise generated by the digital interferers. C. Isolation Circuit An isolation circuit is used on the ASIC to prevent bit error rate (BER) degradation due to digital interference. This circuit also greatly enhances the security of the smartcard. Fig, 4 is the schematic of the isolator. MP1 operates as a current source. S.S.G.M.C.E., Shegaon.

9

Smartcard ASIC The value of the current source is completely independent of the activity or power requirements of the digital circuitry. Kirchoff's current law assures us that the return current in the ground path will also be independent of the digital circuitry. Of course, the finite γds and capacitive coupling from drain to gate of MP1 limit the extent of the isolation. The circuit was designed to have 66 dB of isolation. Measurements verified that this 2000 x amplitude reduction was achieved.

A transconductor circuit controls operation of the current source value. The current through MP1 is regulated to the average available current. The voltage on the analog supply increases with current to keep MP1 saturated. The maximum current of MP1 is limited to prevent excessive power supply ripple on the analog power supply. Since current is supplied to the analog supply only near the peaks of the received power signal, there is an inevitable droop between peaks. Large currents on the analog supply would lead to a requirement for a large bypass capacitor. This is undesirable from a cost standpoint. A separate digital voltage regulator is used to set the power supply voltage for the digital circuits to 3 V. This circuit is also necessary to guarantee voltage compliance for MP1. This noise-isolating circuit is also a bandwidth-limited shunt regulator. Therefore, it has the same bandwidth considerations as the shunt regulator. The regulation voltage of the isolator is less than the regulation voltage for the shunt regulator. As a result, initial regulation upon entering the field is done by the isolator. When the current S.S.G.M.C.E., Shegaon.

10

Smartcard ASIC limit for the isolator is reached, regulation is done by the shunt regulator. Fig. 5 shows the output impedance characteristics of the shunt regulator and the isolation circuit. Note that the isolator has higher impedance at low frequencies. This is due to the soft regulation characteristic of the isolator.

Fig. 5 Frequency characteristics of Regulator output impedance D. Receiver The analog part of the receiver is composed of two different circuits, an envelope detector and an edge-detecting receiver. The 13.56-MHz carrier signal is modulated by 106-kbit/s 10% ASK data and it appears across the input terminals AC1 and AC2 of the rectifier shown in Fig. 6.

S.S.G.M.C.E., Shegaon.

11

Smartcard ASIC The envelope detector is a conventional peak detector. The PMOS bridge circuit is used for rectification. Note that the received signal path is completely isolated from the ground. Because the receiver is required to instantaneously recover NRZ data, an edge-detecting receiver was used. The carrier filter reduces the carrier ripple noise seen by the receiver. The high-pass filter across the input of the comparator provides the edge detection. The comparator hysteresis level is set to approximately 50% of the received data edge amplitude. The dashed line shows the comparator hysteresis level. Fig. 7 shows the measured selectivity of the receiver.

Fig. 7 Receiver selectivity The isolator or shunt regulator along with the edge-detecting filter provides the selectivity. A BER of 3E-10 is achieved with the digital circuit operating. This high level of performance is due to the isolation circuit. The output of the comparator is sampled at 3.39 MHz by the digital part of the receiver. Majority voting determines the maximum-likelihood received bit. Since bit widths can vary and timing error can accumulate up to 1/4 bit width per 8-bit word, bit timing is reinitialized at each stop-to-start bit transition. A 16-bit CRC is used to verify message integrity.

S.S.G.M.C.E., Shegaon.

12

Smartcard ASIC E. Bandgap Voltage Reference A double-diode bandgap reference is used to generate the required reference voltages. The nominal output voltage is 2.35 V. The large reference value is required to accommodate the high-input common mode voltage of the two regulation circuits. Fig. 8 shows the bandgap circuit. Emitter followers are used at the opamp inputs to ensure common-mode voltage compliance.

Fig. 8

Bandgap Voltage Reference

F. Transmitter Transmission of data from the card to the reader is accomplished by capacitive load modulation as shown in Fig. 9. The modulation capacitors vary the resonance of the card's tuned tank. The smartcard reader can detect these changes in resonant frequency. During transmission, the capacitors are switched at an 847-kHz subcarrier frequency. This subcarrier is BPSK modulated to represent the desired data

S.S.G.M.C.E., Shegaon.

13

Smartcard ASIC

Fig. 9 Capacitive load modulation

S.S.G.M.C.E., Shegaon.

14

Smartcard ASIC

SECURITY This integrated circuit is designed to support multiple applications. Security is important because of the financial nature of the majority of the applications. Theft and privacy are issues of concern. Each application file must be separate and inaccessible by other applications. Since money can be stored onto the card, cloning is a major consideration. Card issuers do not want a large number of illegal copies of cards produced and used to secure services or cash. As a result of these concerns, security issues were a major motivation in the design. A. Authentication and Encryption Since transaction time is a large consideration for many different applications, the ASIC includes a custom-designed, integrated hardware Digital Encryption Standard (DES) engine that goes through a complete encryption cycle in 17 clocks or 5.3 µs. The more secure triple DES algorithm is executed in 49 clock cycles. Each restricted access memory file includes two secret 56-bit DES keys. During a transaction, security begins with three-pass mutual authentication as shown in Fig. 10,

Fig. 10 Authentication and Encryption methodology

S.S.G.M.C.E., Shegaon.

15

Smartcard ASIC Three-pass mutual authentication is the process by which the card verifies that the reader is a legitimate reader and the reader verifies that the card is a legitimate card [6]. A card, or reader, is legitimate if it knows the secret DES key. First, the smartcard challenges the reader with a 32-bit random number from the on-board random number generator. The reader encrypts this random number and transmits it back to the card. The card also encrypts the random number and compares it with the reader's response. A match between the two responses indicates to the card that the reader knows the key. Likewise, the reader challenges the card in the same fashion. In this manner, each can verify that the other knows the key value without the key itself ever being communicated. A unique session key is then generated for each transaction, preventing a replay attack (an attack where information from a previous transaction is replayed to the card). This session key is used to encrypt the remainder of the transaction. B. DPA Attack Of course, authentication and encryption are only as secure as the keys. A strong means of key attack is power analysis. Simple power analysis involves looking at the current signature of a device to determine what is going on inside a device. Averaging is performed to reduce noise and make small correlated signals stand out. This prevents simple masking through randomness. An even stronger means of attack than simple power analysis is differential power analysis. Differential power analysis uses two simple power analyses with a difference in only a single bit to identify exact functions at a precise time within a device. Differential power analysis is a large security threat. Contactless smartcards are especially susceptible to power analysis because the power signature of a transaction is actually broadcast in the air. Our isolation network (discussed in Section II-C) inhibits broadcast of the signature. The signature is reduced by a factor of 2000 or 66 dB. Although still present, the computation time to recover the digital signature will now be 222 times greater as the number of samples must be doubled for every 3dB of signal reduction. This increases the time to crack the card from I minute to 7+ years.

S.S.G.M.C.E., Shegaon.

16

Smartcard ASIC

MEMORY FEATURES This smartcard is targeted for transit and access. Transit applications need to support multiple transit authorities. Each transit agency wants their own secure memory to log loyalty points, connection information, etc. A separate secure memory allocation called a common purse is provided for cash storage. This cash can be used for purchase of services from any of the transit applications. This feature eliminates the burden of requiring a transit user to store separate money for each mode of transit. The access application has different constraints. Access can vary in memory requirements from a handful of bytes for an ID or PIN number, to several kilobytes of data required for biometrics data, such as a thumbprint. As one can appreciate, a level of versatility in the IC is required. To handle these diverse requirements, this IC supports a programmable file structure. There is a total of 8 kbit. or 1 kbyte of user memory available. Two encryption keys are associated with each application file. Key A, the lower security key, enables simple read and decrement functions. Key B enables write and increment functions. A common purse is supported, but only decrement functions are allowed without direct key access to the common purse sector. The hardware secure memory unit (SMU) controls access to the memory. It prevents access to unauthorized data, such as DES keys and nonauthorized sector access. For optimum memory usage, this ASIC supports two data types. Data blocks are simple unprotected information. They have no inherent formatting. Important data called a value block is stored in memory with a parity byte. The parity byte is used as a data integrity check. Value blocks may exist anywhere within the legal memory space. A key requirement of smartcards for financial applications, ticketing, loyalty, etc., is that data corruption not occur as a result of an incomplete transaction. A contactless smartcard must be especially robust in this regard as the power will be terminated and the transaction interrupted if the card is prematurely removed from the field. This occurrence is called a tear.

S.S.G.M.C.E., Shegaon.

17

Smartcard ASIC Data integrity in the event of a tear is preserved via the rollback logic. The rollback logic performs the functions shown in Fig. 11. By recovering the correct state of the card at power-up, the memory requirements for an application are lessened. A common rollback memory allocation is shared by all applications. Value Command RXed

Retrieve Addressed data (4 bytes + CRC) Verify CRC Write data, address and Rb flag =1 in rollback mem.

POR

Operate on Original data Check rb flag Result into Original Add.

0

1 Restore Card State

Acknowledge Command

Commit Command Rxed. Write Rb flag = 0 Acknowledge Commit Fig. 11 Rollback Flow diagram

CIRCUIT REALIZATION

S.S.G.M.C.E., Shegaon.

18

Smartcard ASIC This device was fabricated in a 0.6-µm double-poly, triplemetal CMOS process. The chip is 2.8 mm x 2.9 mm and it requires 500 µA or approximately 2.5 mW of power. A die photo is shown in Fig. 12. The upper right-hand corner is the analog part of our RF modem including all powering circuitry. Only two pins are required for normal operation. Both power and two-way communication use these two pins. Since data is limited to 106 kbit/s, it is necessary to provide additional test access. The pins on the top left and bottom right are used for probe tests. The EEPROM is on the right. The digital circuits are in the lower left-hand comer. The digital logic was synthesized from Verilog code and the layout of the digital circuitry was done with a place and route tool.

Fig. 12 Die Photo The digital architecture is shown in Fig. 13. The RX/TX block is the digital part of the transceiver. All data from or to this block must pass through the DES block. The command decoder interprets the received instruction and operation is

S.S.G.M.C.E., Shegaon.

19

Smartcard ASIC

Fig. 13 State machine system architecture controlled by the state machine. The state machine executes register moves and controls operation of the various peripherals. Peripherals include the DES block, an ALU, a data CRC block, and the EEPROM. Data moves on the 8-bit hybrid muxed tri-state bus.

S.S.G.M.C.E., Shegaon.

20

Smartcard ASIC

CONCLUSION This IC demonstrates that low cost and good performance can coexist and is enabled by system-on-a-chip technology. Measured performance of a receiver that provides excellent BER performance in the presence of digital switching noise has been presented. An isolation circuit that provides a measured 2000x improvement in protection against noninvasive power analysis attack has been introduced.

S.S.G.M.C.E., Shegaon.

21

Smartcard ASIC

REFERENCES 1] IEEE Journal Solid State Circuits, vol. 30, pp. 306 – 310, Mar. 1995. 2] IEEE Spectrum, vol. 34, pp. 47-53, Feb. 1997. 3] IEEE Journal of Solid State Circuits, vol. 36, no. 3, pp. 559-564 , March 2001. 4] www. IEEE.org 5] www.google.com 6] www.indiatimes.com

S.S.G.M.C.E., Shegaon.

22