Smart Cards and Thumb Drives

Part of 22C:169, Computer Security Notes
by Douglas W. Jones
THE UNIVERSITY OF IOWA Department of Computer Science

The Idea

Consider what you can do if you package a very small computer with just two peripheral interfaces, a serial interface port and a flash memory. The simplest application for such a device is the USB thumb drive. The processor in such drive serves the following functions:

  1. USB protocol support. The USB is a complex serial data protocol. All USB devices incorporate small processors in order to handle this protocol.

  2. Disk protocol support. USB disk drives add an applications layer protocol on top of the basic USB protocol in order to handle requests to read and write various disk sectors.

  3. Flash memory interface. Flash memory devices have interface requirements quite different from RAM or hard disk drives. There are special timing requirements on flash erase cycles, for example.

  4. Flash memory wear leveling. Flash memory devices have limits on the number of times each block of memory can be flash erased. Typical limits are from 100,000 to 10,000,000 erase cycles on any particular block. Therefore, to maximize the life of the flash drive, the "disk addresses" presented to the user of the thumb drive are not the same as the physical block addresses in the actual flash memory. Instead, the processor tries to level out the wear on each physical block of memory by rolling the data through the drive so each block is erased the same number of times as each other block.

The computers embedded in each flash drive is very small. Typically, they have only a few kilibytes of RAM, all on the same chip as the CPU itself. Depending on the vendor, the computer may execute code from the flash memory, it may execute code from a ROM on the same chip as the computer, or the computer chip may include its own small flash memory for code.

Smartcards include extremely similar hardware, except that the flash memory on the smartcard is even smaller, and typically integrated onto the same chip as the control processor. Chips used on a smartcard must either be so thin that they can flex with the flexing of the card, or they must be small enough that flexing is not a problem.

With a USB interface, a thumb drive has only 4 conductors to connect to the outside world: power, ground, and two data lines. Two bidirectional data lines are used in differential mode -- so that the transmitted data is represented by the difference between the lines. This allows greater immunity to electromagnetic noise than with data sent over a single line. For serial data transmission, the USB protocol requires that the USB device be able to time the data bits fairly precisely, so the processor must have a reasonably accurate clock.

With smart cards, there is no possibility of putting an accurate clock on the card, so the clock needed to operate the processor is typically provided by the smart-card connector. The TDK 73S8009, as an example, can be clocked at 20MHz. In addition to power, ground and the clock line, a typical smart card interface has a reset line (used to force the smart-card processor to restart execution of its program at the beginning), a bidirectional data line, and a programming line (used to force the smart-card into programming mode, for loading new code into some cards, not required on others). Some smart cards have two extra application specific lines.


Suppose you want to construct a secure application using thumb drives or smart cards. For example, you want to allow users to carry such a device and use it to prove their identity. There is a key problem you must solve:

If you now want to store something more than an identity on the device, you must solve an additional problem. In this case, you device will probably engage in a dialogue with the host computer, first confirming its identity and then conveying the required information. Now you must solve an additional problem:

In europe, smart cards are frequently used to convey cash value to both cellphones and pay phones. You buy a card charged with value, and then you put it in the phone to use it. Forgery of such cards is a real threat to the telephone company, and some phone hackers have build elaborate setups that use an authentic card plus added hardware. For example, they build an interface cable from a dumb card with the correct connector on it to a PDA, and from there to the real smart card. The program on the PDA lets the real smart card authenticate itself, and then, at the point in the dialogue where the host tells the smart card to decrement its value, the PDA cuts off the dialogue so that the card value remains unchanged.

Some pay phones and ATMs in europe have been equipped with special hardware, described as a wire cutter, designed to cut any wires connected to the card while it is in the machine.

Wireless Smart Cards

The newest generation of smart cards are wireless. Instead of a physical connector on the card, there is a loop antenna embedded in the card. The radio signal sent from the host computer to the card provides power for the card as well as allowing data communication. The data rates supported by such cards are very slow compared to hard wired cards, but they eliminate the need to physically put the card in the reader.

Wireless smart cards are closely related to RFID (radio frequency ID) systems, except that the device has memory capacity and does not simply respond to queries with its identity.

Wireless smart credit cards are currently available. At least one of these, the ExxonMobil Speedpass, has proven to have very weak security, allowing fairly straightforward cloning of cards. This card can be queried from a distance of a foot or two, and given that it is commonly carried in a coat pocket or wallet, carrying a reader in a coat pocket or wallet in a crowded setting offers the opportunity to collect credit card numbers from people careless enough to carry such a card.

Carrying such a card in a conductive case protects the owner from having his card cloned -- conductive cases block radio frequency signals.


Smart cards and thumb drives usually enter the world already programmed for some purpose -- you get a bank card, and it is already programmed as a bank card. It is possible, however, to buy these devices in their blank state, so that you can program them with whatever firmware you want. This offers numerous opportunities for constructive development, but it also means that, whenever you develop a smart-card or thumb-drive based application, you must be prepared to face the possibility of counterfeit devices being used.


The wikipedia articles are good: