In cryptography, a Secure Channel Protocol (SCP) is a way of transferring data that is resistant to overhearing and tampering. A confidential channel is a way of transferring data that is resistant to overhearing (i.e., reading the content), but not necessarily resistant to tampering. An authentic channel is a way of transferring data that is resistant to tampering but not necessarily resistant to overhearing.

An SCP is used in smart cards to protect bidirectional communication between Java Card and Host. It is used as Mutual authentication and provide cryptographic protection for card and host subsequent communication.

SCP provides the following three levels of  security:

  • Mutual authentication
  • Data Integrity
  • Confidentiality

Mutual authentication

Mutual authentication is achieved through the process of initiating a Secure Channel and provides assurance to both; card and host, that they are communicating with an authenticated entity. This process include the creation of new challenges and secure channel session keys. If any step in the mutual authentication process fails, the process shall be restarted, i.e. new challenges and Secure Channel Session keys shall be generated again.

Data Integrity

Data or message integrity is checked by comparing C-MAC received from off-card entity (Host) with the card internally generated C-MAC. Note that this comparison is done using same Secure Channel session key, generated in Mutual authentication step.

Data Confidentiality

The date received from host to card or card to host is not viewable by an unauthorized entity rather it is encrypted with Secure Channel session key generated during the mutual authentication process.

Secure Channel Protocol ’02’

SCP02 uses Triple DES encryption algorithm in CBC mode with Initialization vector (IV) of binary zeros. As SCP02 uses 3DES in CBC mode with fixed IV of binary zeros therefore its encryption scheme is deterministic and not highly secure and thus vulnerable to a classical plaintext-recovery attacks.

SCP02 relies on the «Encrypt-and-MAC» method, which means that it compute the MAC on the plain-text, encrypt the plain-text, and then append the MAC at the end of the ciphertext as shown in below diagram:

Encrypt-and-MAC Method

SCP02 has been deprecated by GlobalPlatform. GlobalPlatform recommends that Card Content Management operations and applications relying on SCP02 confidentiality protection of static data shall adopt one of the possible mitigations:

  • Encrypt all sensitive data transmitted in SCP02 using the Data Encryption Key (DEK) or any applet key.
  • Disable SCP02.
  • Transition to SCP03.

Secure Channel Protocol ’03’

SCP03 uses Advanced Encryption Standard (AES) encryption algorithm with randomly generated Initialization vector (IV) and Hence its encryption scheme is un-deterministic and highly secure.

The protocol allows for the following modes of encryption and authentication of data:

C-MAC,
C-ENC,
R-MAC, and
R-ENC.

SCP03 relies on the «Encrypt-then-MAC» method, which means that it Encrypt the plain-text, then compute the MAC on the ciphertext, and append the MAC to the ciphertext as shown in below diagram:

Encrypt-then-MAC Method

SCP03 provides strong security guarantees, resistance to replay, out of order delivery and algorithm substitution attacks.

Commonly used Secure Channel Protocols are SCP01, SCP02, SCP03, SCP80 and SCP81. Protocols SCP01, SCP02 and SCP03 that are meant for data security, SCP80 and SCP81 are for transport security.

Secure Channel Protocol SCP01, SCP02, SCP03

Related Products

Related Articles

« Back to Glossary Index