In cryptography, a Secure Channel Protocol (SCP) is a way of transferring data that is resistant to overhearing and tampering. A confidential channel is a way of transferring data that is resistant to overhearing (i.e., reading the content), but not necessarily resistant to tampering. An authentic channel is a way of transferring data that is resistant to tampering but not necessarily resistant to overhearing.
An SCP is used in smart cards to protect bidirectional communication between Java Card and Host. It is used as Mutual authentication and provide cryptographic protection for card and host subsequent communication.
SCP provides the following three levels of security:
- Mutual authentication
- Data Integrity
- Confidentiality
Mutual authentication
Mutual authentication is achieved through the process of initiating a Secure Channel and provides assurance to both; card and host, that they are communicating with an authenticated entity. This process include the creation of new challenges and secure channel session keys. If any step in the mutual authentication process fails, the process shall be restarted, i.e. new challenges and Secure Channel Session keys shall be generated again.
Data Integrity
Data or message integrity is checked by comparing C-MAC received from off-card entity (Host) with the card internally generated C-MAC. Note that this comparison is done using same Secure Channel session key, generated in Mutual authentication step.
Data Confidentiality
The date received from host to card or card to host is not viewable by an unauthorized entity rather it is encrypted with Secure Channel session key generated during the mutual authentication process.
Secure Channel Protocol ’02’
SCP02 uses Triple DES encryption algorithm in CBC mode with Initialization vector (IV) of binary zeros. As SCP02 uses 3DES in CBC mode with fixed IV of binary zeros therefore its encryption scheme is deterministic and not highly secure and thus vulnerable to a classical plaintext-recovery attacks.
SCP02 relies on the «Encrypt-and-MAC» method, which means that it compute the MAC on the plain-text, encrypt the plain-text, and then append the MAC at the end of the ciphertext as shown in below diagram:
Encrypt-and-MAC Method |
SCP02 has been deprecated by GlobalPlatform. GlobalPlatform recommends that Card Content Management operations and applications relying on SCP02 confidentiality protection of static data shall adopt one of the possible mitigations:
- Encrypt all sensitive data transmitted in SCP02 using the Data Encryption Key (DEK) or any applet key.
- Disable SCP02.
- Transition to SCP03.
Secure Channel Protocol ’03’
SCP03 uses Advanced Encryption Standard (AES) encryption algorithm with randomly generated Initialization vector (IV) and Hence its encryption scheme is un-deterministic and highly secure.
The protocol allows for the following modes of encryption and authentication of data:
C-MAC,
C-ENC,
R-MAC, and
R-ENC.
SCP03 relies on the «Encrypt-then-MAC» method, which means that it Encrypt the plain-text, then compute the MAC on the ciphertext, and append the MAC to the ciphertext as shown in below diagram:
Encrypt-then-MAC Method |
SCP03 provides strong security guarantees, resistance to replay, out of order delivery and algorithm substitution attacks.
Commonly used Secure Channel Protocols are SCP01, SCP02, SCP03, SCP80 and SCP81. Protocols SCP01, SCP02 and SCP03 that are meant for data security, SCP80 and SCP81 are for transport security.
Related Products
Related Articles
Eurosmart Welcomes GlobalPlatform’s Decision to set SCP02 as a Deprecated Feature
In early April 2018, GlobalPlatform announced in a Security Informative Note that the latest version of the Card Specification (v2.3.1) will set SCP02 as a deprecated feature. Eurosmart is committed in developing, promoting and maintaining the appropriate security level for its products,
Versasec, a Leader in Smart Card Management Systems Unveils Latest Version of vSEC:CMS S-Series
New York, NY, August 04, 2017 -- Versasec, the leader in smart card management systems, today introduced version 4.9 of its vSEC:CMS S-Series identity and access management solution. This updated version of the company's flagship product includes a variety