smart cards and the associated infrastructure problem kenneth g. paterson, fred piper, and matt robshaw information security group roy

Smart Cards and the Associated Infrastructure Problem
Kenneth G. Paterson, Fred Piper, and Matt Robshaw
Information Security Group
Royal Holloway
University of London, U.K.
TW20 0EX
September 16, 2002
Introduction
Pioneering patents that cover the concept of a smart card go back as
far as the late 1960's and early 1970's. Today the smart card
population is estimated to lie somewhere between one and two billion
cards. This far exceeds the number of mobile phones and personal
computers combined.
Yet the deployment and acceptance of smart cards is somewhat patchy.
In some countries the deployment of smart cards is substantial. In
others it is almost non-existent. Most studies suggest that around 46%
of the smart cards are used in Europe, with most of this being within
continental Europe, while 31% are deployed in the Asia-Pacific region,
19% in Latin America, and only 4% in North America [9]. There is
clearly a great discrepancy between the use, and perceived utility, of
smart cards depending on where you are in the world.
We might ask why this is the case. More interestingly, we might ask
whether this situation is likely to continue - is it likely that smart
cards will be deployed in areas that so far have little smart card
penetration? Undoubtedly, smart cards and the functionality they
provide can be vital components in a security solution. So what is
that determines whether a smart card deployment might be successful or
not? And do we really want smart cards, or do we just want a smart
“something”?
What is a smart card?
The traditional smart card is a credit-card sized piece of plastic
housing a small microprocessor. This typical smart card has fixed
dimensions (around 86mm by 54mm) with the location of the embedded
processor set in exact accordance with international standards [13].
The contacts and positioning of input/output interfaces on the chip
itself are closely specified and many other requirements of the smart
card are fully disclosed in the standard ISO 7816 [14]. It is clear
that for interoperability and infrastructure integration, a smart card
must be of a standard size and shape. However other sizes of smart
cards have been standardized. The dimensions we have just attributed
to the smart card are in fact those of the ID-1 format which is the
“classical” smart card. Other, much smaller, card sizes have also been
agreed upon; the ID-000 is as small as 25mm by 15mm and the ID-00 lies
somewhere between the two [28].
In contrast to the external appearance of a smart card, what goes on
inside the card varies widely. Some of the different options for the
embedded microprocessors will be discussed in a bit more detail later,
but at a top-level all smart cards effectively offer some form of
secure storage. This is their raison d’être. On top of this basic,
minimum, functionality some smart cards might offer a secure computing
environment. There will be a resident operating system whose
sophistication varies between the most basic and rudimentary controls
on access and information retrieval/update through to controlling the
loading and running of new applications with full security management.
This range in sophistication also applies to the computational effort
available for different tasks.
How smart are smart cards?
Smart cards range from being rather dumb to being surprisingly
versatile. The simplest “smart” cards are memory cards providing
little, or no, processing power. Older smart cards and legacy
deployments might use an 8-bit processor but today 32-bit processors
are routinely available.
It is interesting to ask just how important performance really is. At
first sight it might appear to be a very important feature of a smart
card implementation since the user is waiting for the smart card to do
something. However provided an implementation is “fast enough”, even
if this is slow by PC standards, then additional performance is just
not important. Inserting a card in a reader, moving data to and from
the card, waiting for user input and accounting for any other
application overheads typically means that any computation costs are
mitigated across the total transaction time. Even the most costly
cryptographic operation – typically signing with a 1024-bit RSA
modulus [30] – generally requires only a fraction of a second. RSA
signature verification would require much less time while secret-key
operations and hash function evaluations require even less. Of course
such rules of thumb are dependent on implementation, processor, and
architectural features.
Just as important as processing power is the issue of how much memory
is contained on the smart card. Clearly the amount of Read Only Memory
(ROM) and Electrical Erasable Programmable Read Only Memory (EEPROM)
is important since this is directly related to the application
functionality of the card. The more complex the application on the
card the more ROM will be required to store the relevant code.
However, the most expensive real estate on the card is that taken up
by Random Access Memory (RAM). A byte of RAM requires around twice the
physical space as a byte of EEPROM, which in turn requires around
twice the space of a byte of ROM [28]. Yet it is the RAM that is used
as working space during a computation - the more restrictive the RAM
space the more restrictive the dynamic functionality of the card. The
amount of space available for a give price is gradually increasing but
typical amounts of ROM/EEPROM/RAM for a moderately sophisticated smart
card might be 32K/16K/2K. At the very cheapest end of the market, and
perhaps representative of many widely deployed smart card schemes
today, the amount of memory available is greatly reduced.
It is interesting to place the smart cards used for typical
applications on a memory/processing power grid according to their
typical requirements. Stored value cards need very limited processing
power but potentially large amounts of (non-RAM) memory. By contrast,
smart cards that use data encryption or require the use of
cryptographic primitives in a very simple application (perhaps just
simple authentication) require much greater computational power
though, depending on the application, perhaps not so much memory.
Multi-application smart cards might consume moderate amounts of both
resources.

Low memory
Low computing
power
High memory
Low computing
power
High memory
High computing
power
Low memory
High computing
power



phone cards
health/ID cards
multi-application cards
some authentication
cards
Such tradeoffs are reflected in the price. Increased cost gets you
increased processing power and increased storage. Increased
computational power might be achieved via improvements to the resident
processor or via a special coprocessor that is dedicated to some of
the more intensive calculations. There is no standard smart card and
the cost typically ranges from just a few dollars through to more than
ten. In any widespread deployment the cost of the most pervasive
component is going to be an important factor. But it is also important
not to underestimate the costs associated with building an
infrastructure of card readers.
How secure are smart cards?
It makes sense to distinguish between two possible interpretations of
this question. The first interpretation might be how secure are the
computations that are completed on the smart card; i.e. how great is
the security provided by the card? The second interpretation might be
how securely are the computations and data management performed on the
card; i.e. how great is the security of the card?
The Security Provided by the Card
=================================
Depending on the card and the application, a range of different
processes might be required. Within the tight physical resources of a
smart card there are no opportunities to implement multiple
algorithms. Typically a single, standard, algorithm will be used. For
symmetric key cryptography this will almost certainly mean DES [24] or
maybe triple-DES [1] and for asymmetric cryptography the typical
algorithm of choice will be RSA [30].
In the future there might be moves towards using the AES [25] as a
replacement for DES, but this is not likely any time soon. Moving to
the AES is more than dropping-in a replacement to DES; the algorithms
have different block sizes. As a result a significant re-engineering
of existing deployments might be required. Alternatives to RSA would
most likely include elliptic curve cryptosystems [18] or the DSA [23]
for digital signatures. If a hash function is required SHA-1 [22] is
the most likely candidate for implementation although MD5 [29] might
occasionally be used.
For the most part, there are no significant security concerns with any
of these algorithms. However the use of standard and well-trusted
algorithms is an important component of any security solution.
The Security of the Card
========================
As a third-party observer it is almost impossible to ascertain the
true security of smart cards. Hackers often claim increasingly
sophisticated attacks against smart cards while smart card
manufacturers will claim increasingly sophisticated countermeasures.
Non-anecdotal information is difficult to come by. However it is
increasingly clear that the imagination and ingenuity lying behind
such attacks can be considerable.
Physically invasive attacks.
The contents of memory cells might be read or modified, probes can
(theoretically) be used to read the contents of data buses, wires can
be cut and alternative circuits added [2]. Such attacks are
conceivable, but they require chemicals and acids to remove protective
plastic layers around the smart card processors. They require
different layers of the chip to be removed while allowing other parts
of the chip to remain functional. And, typically, they require very
sophisticated, precise, and expensive equipment. Ranged against such
efforts by the attacker are many environmental detectors to detect
tampering and are intended to make such attacks as difficult as
possible. Note that such attacks are highly destructive and while a
secret might be removed from a card, the card itself will most likely
be unusable.
Side-channel attacks
--------------------
Interesting research in recent years has uncovered very effective,
non-invasive, ways of extracting secret information from a smart card.
Measuring minute fluctuations in the time required to perform a
cryptographic operation [19] or measuring fluctuations in the power
consumed by the smart card [20] can provide important information on
the computation taking place. More importantly, not only can the
computation be identified, the value of the operands in the
computation can, in extreme cases, even be read from the screen of an
oscilloscope! Since these operands might include some or all of a
private key, these pose serious threats to the integrity of the
system. To combat these and other such concerns, smart card
manufacturers and application developers take measures to ensure that
computation implementations don't unwittingly reveal additional
information about the computations taking place within the card. This
is often a very difficult task to accomplish and side-channel
cryptanalysis as well as the development of side-channel protections
is a field of active research within industry and academia.
Manipulative attacks
--------------------
Perhaps lying somewhere between the extremes of passive side-channel
attacks and the physical deconstruction of a smart card lie attacks
attempting to force the smart card to compute something it wouldn't
normally do. By forcing the processor to make errors [4], or perhaps
by forcing the smart card to react in unforeseen ways to
implementation errors, sensitive information might be leaked to the
attacker. A range of attacks have been described that attempt to
accomplish such feats, and smart card manufacturers have developed a
wide-range of hardware and software based techniques to try and combat
such attempts. If successful, such attacks can be devastating.
Overall, the question of smart card security is a difficult one, and
it is perhaps a question best answered by the hackers and the
manufacturers. The bottom line is defined by the fundamental question
of effort and reward. Is the application really of sufficient value to
warrant the efforts that would be required to gain an illicit
advantage? Perhaps it is for some applications. But for the vast
majority of applications this seems to be very unlikely. Thus it is
not a question of whether a smart card is secure, whatever that might
mean. It is more a question of whether the smart card is secure
enough.
Communicating with a smart card
The typical smart card has contacts set aside for communication
between the card and the reader and so communications with the outside
world is quite straightforward. However, we have so far failed to
disclose a second type of smart card, and it is this second type of
smart card that may well have a far more important role in the future.
The contactless smart card does not need to be physically connected to
a reader. Instead the delivery of power and the transmission of data
to and from the card are achieved at a distance. There are a variety
of ways of doing this and the slow development of industry-wide
standards might be one reason contactless smart cards are not as
widespread as we might expect. While there are a variety of technical
approaches, contactless smart cards are typically separated into two
types. The first uses close coupling [17] where the card might still
be inserted into a reader, or at the very least, placed on top of some
flat surface. It is not clear how widely this is likely to be
supported in the future. The second uses remote coupling for which the
range of interaction is much greater, perhaps beyond 10cm. Thus by
merely passing the card in close proximity to a reader, hence the name
proximity cards, power can be given to the smart card. Not only is
power generated in this way, but data can also be transferred back and
forth between the card and the reader at a high data rate. In the
future, we can expect to see cards with an even greater range,
so-called vicinity cards [7, 8]. These have a range of around a meter
or so, but they typically have a reduced functionality. The main
standards for these technologies, ISO 14443 [14] and ISO 15693 [15],
have been in development for some time. Of course, since we have
contact smart cards and contactless smart cards, it is natural that
there will also be a limited number of hybrid cards.
Contactless smart cards come with their own particular problems. When
using a smart card with a range of 10cm or more, it is entirely
conceivable that several smart cards will be in proximity to a reader
at the same time. One protocol that separates and maintains the
integrity of different user sessions is the Mifare communication
protocol which is aligned with (part of) ISO 14443 [15]. Also, one
would want to be particularly careful to ensure that information
cannot leak from the card through a process of unsolicited
interrogation. It is not inconceivable that a rogue reader could be
installed, or indeed carried by some adversary, so that legitimate
smart cards are secretly interrogated as they pass within range. This
might be a particular risk to vicinity cards. However such problems
have already been encountered and are being addressed in other
wireless environments [12] such as Bluetooth and Wireless LANs. So
while the complex and challenging nature of the problems are clear,
such problems needn’t be insurmountable.
What can you do with a smart card?
Smart cards offer a secure, private, environment for the storage of
information. This information might be non-sensitive information that
is merely being stored in a handy, portable, and tamper-resistant
device. For example, it is not clear that the level of credit on a
phone card is necessarily sensitive information. However we would
certainly want the value held securely so that it could not be
increased without authorization. By contrast, we might well hold a
private cryptographic key in a tamper-resistant device and it would be
vital that the value of that key was never revealed.
Used only for its secure storage capabilities, smart cards are
restricted to stored-value applications from phone card applications
through to the secure storage of credentials. However, when using the
secure computing environment that the card provides the range of
applications change dramatically from stored-value to electronic purse
and from the storage of credentials to dynamic authentication via the
use of digital signatures.
There are two increasingly wide spread uses of smart cards in the U.K.
The first is within the banking industry, where an increase in smart
card use is being fuelled by the move to the EMV standards [10] for
the authentication of credit cards and credit card transactions.
According to APACS CardWatch [3] £411.4 million was lost to card fraud
in the U.K. in 2001, representing roughly 0.2% of the total card
spend. More than 69% of all fraudulent card use in the U.K. takes
place at the point-of-sale, with skimming being the most common method
of counterfeit fraud accounting for 40% of losses1 in 2001 [3].
“Skimming” refers to the practice of capturing data on the magnetic
stripe on a credit or debit card by swiping the card, and then placing
this data on the magnetic stripe of a fake card along with a false
customer signature. The introduction of new smart cards is expected to
substantially complicate the process of making fake credit cards in
this way. The new system can also allow better management of card risk
in off-line transactions. A second, future, consideration for the
banks stems from the enhanced storage and processing capabilities of
smart bankcards, with the scope for future multi-application cards
that this allows.
Given the ease with which customers happily accept the use of cards as
financial instruments, and given the need to control counterfeit card
fraud in the credit card industry, it is no surprise that smart cards
are delivered to us first and foremost as banking devices. The second
major use of smart cards is within mobile phones.
Inside every GSM phone is a (very small) smart card. It is better
known as the Subscriber Identity Module (SIM), and it contains a
secret SIM key. This key is used in a Challenge/Response protocol to
authenticate the SIM to the network. Without successful
authentication, no service is granted. With successful authentication,
the SIM identity tells the network provider to which SIM, and hence
which network subscriber, to bill the call. The SIM can be moved from
phone to phone with ease, but the billing follows the SIM.
Authentication based on a secret key held in a tamper resistant smart
token very effectively prevents “phone cloning”. As a by-product of
the authentication process, an encryption key is derived. This key is
used to encrypt traffic between the mobile and base station and
prevents eavesdropping of this most exposed part of the network. While
some cryptographic weaknesses have been found in GSM algorithms,
SIM-based authentication effectively removed the threat of phone
cloning which plagued earlier analogue mobile telephony systems. GSM
systems worldwide have 662 million subscribers (to end February 2002),
with coverage in more than 170 countries, from Afghanistan to
Zimbabwe. Thus GSM represents a massive and highly successful global,
interoperable smart card deployment.
So we have two good examples of successful smart card deployment, one
imminent and the second already accomplished. However there are at
least two more uses of smart cards that are particularly interesting.
The first is the metering of public transport. This is relatively new
in the U.K., but it is a common application of smart card technology
in continental Europe and most particularly in the Asia-Pacific region
[9]. Currently, one of the biggest current deployments of smart card
technology anywhere in the world is for London Transport [32]. An
anticipated two million contactless smart cards will be deployed
within the next few years which will make inroads into the metering of
more than one billion trips each year [21]. We note the crucial
importance to any public transport smart card deployment that the
cards be contactless.
A second, somewhat neglected area, is that of user authentication. Why
do we still use a password when smart technologies can offer us
greater security? Of course many smart card based solutions exist. But
not many are actually deployed. Why is that?
Infrastructure, infrastructure, infrastructure
A quick web search reveals a variety of smart card readers on sale
from around $40 on upwards. They can be built into keyboards,
installed in PCs, or they might just be stand-alone devices. For many
years now we have been told that PC’s will likely be fitted with smart
card readers as standard. Yet the margins in the PC industry are so
small that a good business case for such a mass deployment of readers
is hard to make. Many people already use a smart token such as SecurID
[31] which generates one-time passwords for users to enter at a login
prompt. However the security benefits to be gained by using smart
cards rather than smart tokens for user authentication do not
necessarily seem to be justified by the infrastructure costs.
Within the financial industry a clear path exists to lead the user
from magnetic stripe bankcards to smart cards. Point-of-sale
terminals, ATMs, and the cards themselves are already very familiar to
the banks’ customers. In tandem with the new cards, a program of
upgrading point-of-sales and ATM equipment to handle the new cards is
required. There are some 750,000 point-of-sale terminals and 37,000
ATMs in the U.K. and the significant costs (estimated at £1.1 billion
by APACS [2]) of upgrading this infrastructure are being borne by the
UK banking industry. Of course, a switch to hybrid and then smart
capabilities fits easily into the natural upgrade cycle for cards and
equipment alike. Reducing losses through fraud is a strong motivation
for the service providers, in this case the banks, to pay for the new
infrastructure needed to support smart cards
The rapid deployment of smart cards for GSM is interesting. The
adoption of smart card technology was accelerated by the provision of
a smart card reader with every card - the reader is the phone itself!
Many network operators worked to a business model where the phones
were given away for free, with the costs of this exercise being
recouped through customer call charges. As will be the case with smart
cards in the banking sector, there was a strong motivation for the
network providers to use a secure token, and the up-front cost of
infrastructure building to support the tokens was hidden from the
consumers’ direct view. There was no need to deploy a separate
reader-based infrastructure. Indeed, it is the interaction between the
capabilities of the smart card and the air-interface naturally
provided by the reader (a.k.a. the telephone!) that makes so many of
the opportunities for mobile commerce so exciting.
Which brings us to our main contention. A major inhibitor to smart
card use in any particular application is the lack of a strong
business case for paying to provide the infrastructure. In fielding a
smart card application one needs to install a reading base. This is an
expensive undertaking, and one that often makes little business sense.
In our view, large-scale smart card deployments are only possible if
the supporting infrastructure for reading cards can be provided at
little additional cost to the system as a whole. In the case of EMV
upgrading to smart cards and readers falls naturally into the product
renewal cycle. In the case of GSM the smart card and the reader are
effectively provided within the phone the consumer buys.
An often-claimed inhibitor to smart card acceptance is the appearance
of single application smart cards. Users are likely to shy away from
wallet-bulge and would only use those cards that are essential for
their everyday use – perhaps a bankcard and a transport card. We
believe the use of single-application smart cards also has a downside
for issuers who have to carry the cost of infrastructure deployment.
The support of multiple applications on a smart card, while raising
significant security and business issues, is likely to be an important
factor in getting more smart card applications in the public domain.
The need for a supporting infrastructure points the way towards
multi-application smart cards since they seem best placed to amortize
deployment costs.
Perhaps this also points to the increased use of contactless smart
cards. Why? By divorcing the smart capability from the physical
restrictions of a card it seems that we provide greater flexibility to
application developers. This further facilitates the adoption of a
portable smart solution for commercial transactions. A second factor
in favour of contactless smart cards is the ease-of-use they present
to consumers: a contactless card need never be removed from a wallet
or handbag. But even better, since a contactless smart card need never
be inserted into a reader, we have liberated the physical form factor.
A contactless smart card can appear in any physical guise, and a
reader can easily be re-positioned in a wide variety of places.
There is no shortage of smart technologies in a non-card format. Smart
tokens [27], watches [7], key fobs [11], rings [5] have all been
proposed or are in active use today. The most significant limitation
appears to be our imagination. The Octopus watch [26] in Hong Kong is
proving to be very popular and replaces the contactless smart card
that is used for public transport. Instead of swiping the card across
the reader, the user swipes his/her watch. The cost of the journey is
automatically deducted as if it were a card. The watch can be loaded
with additional credit, it can be used as an electronic purse for
vending machines and, of course, it tells the time! Imagine embedding
the card within a phone, a PDA, a walkman, or an MP3 player and a
world of possibilities opens up.
Conclusion
In looking to the future, we need perhaps only look as far as current
trends. Smart cards are undeniably useful. But it seems that far from
being a liberating technology, the form of the smart card itself might
hinder its widespread adoption outside of specific markets.
Infrastructure costs appear to be a key decision tool in choosing
between the different technologies that might be deployed, and in many
circumstances, other devices would better serve our needs. A smart
card needs to be smart. But it doesn’t need to be a card.
References
==========
[1] American National Standard Institute. ANSI X9.17 – Financial
institution key management (wholesale). 1985.
[2] R. Anderson. Security Engineering. John Wiley, 2001.
[3] Association for Payment Clearing Services. Cardwatch. Available
via http://www.cardwatch.org.uk.
[4] D. Boneh, R. DeMillo, and R. Lipton. The Importance of Checking
Cryptographic Protocols for Faults. In W. Fumy, editor, Proceedings of
Eurocrypt’97. Lecture Notes in Computer Science, 37-51, 1233, Springer
Verlag, 1997.
[5] Dallas Semiconductor, Corp. iButton. Available via
http://www.ibutton.com/ibuttons/index.html.
[6] Don Davis. New technology – A hot new number in access control.
June 6, 2002. Available via
http://www.ti.com/tiris/docs/news/in_the_news/2002/06-06-02.shtml.
[7] Elatec. Mifare watch. Available via
http://www.elateceurope.com/mifare/mifare.html.
[8] John Elliott. Losing contact: the transactions of the future are
disappearing into thin air. Consult Hyperion. May 31, 2002. Article
available via http://www.cards-worldwide.com/.
[9] ePayments Resource Center. Available via http://www.epaynews.com/.
[10] Europay International, Mastercard International, and VISA
International (EMV) Specifications. Available via www.emvco.com.
[11] Gemplus. KeyFob8000. Available via
http://www.gemplus.com/products/keyfob8000/.
[12] G. Held. Data over Wireless Networks. McGraw-Hill, 2001
[13] ISO 7810-x. Identification cards.. International Organization for
Standardization. Geneva, Switzerland.
[14] ISO 7816-x. Integrated circuit cards with contacts. International
Organization for Standardization. Geneva, Switzerland.
[15] ISO 14443-x. Identification cards – Contactless integrated
circuit cards – Proximity cards. International Organization for
Standardization. Geneva, Switzerland.
[16] ISO 15693-x. Identification cards – Contactless integrated
circuit cards – Vicinity cards. International Organization for
Standardization. Geneva, Switzerland.
[17] ISO 10536-x. Identification cards – Contactless integrated
circuit cards – Close-coupled cards. International Organization for
Standardization. Geneva, Switzerland.
[18] D. Johnson, A. Menezes, and S.Vanstone. The Elliptic Curve
Digital Signature Algorithm. Certicom Research. Available via
http://www.certicom.com.
[19] P. Kocher. Timing Attacks on Implementations of Diffie-Hellman,
RSA, DSS, and Other Systems. In N. Koblitz, editor, Proceedings of
Crypto’96. Lecture Notes in Computer Science, 104-113, 1109, Springer
Verlag, 1996.
[20] P. Kocher, J. Jaffe, B. Jun. Differential Power Analysis. In M.
Wiener, editor, Proceedings of Crypto’99. Lecture Notes in Computer
Science, 388-397, 1666, Springer Verlag, 1999.
[21] London Underground. Frequently Asked Questions. Available via
http://www.thetube.com/.
[22] National Institute of Standards and Technology. FIPS 180-1. The
Secure Hash Standard. 1993.
[23] National Institute of Standards and Technology. FIPS 186. The
Digital Signature Standard. 1994.
[24] National Institute of Standards and Technology. FIPS 46-3. The
Data Encryption Standard. 1999.
[25] National Institute of Standards and Technology. FIPS 196. The
Advanced Encryption Standard. 2000.
[26] Octopus. Frequently Asked Questions. Available via
http://www.octopuscards.com/.
[27] Rainbow Technolgies. iKEY, USB token. Available via
http://www.rainbow.com/ikey/.
[28] W. Rankl and W. Effing. Smart card handbook. Second Edition. John
Wiley.
[29] R.Rivest. The MD5 message-digest algorithm. Internet RFC 1321.
April 1992.
[30] R. Rivest, A. Shamir, and L. Adleman. A method for obtaining
digital signatures and public-key cryptosystems. Communications of the
ACM, 21 (1978), 120-126.
[31] RSA Security. SecurID. Available via
http://www.rsasecurity.com/products/securid/index.html.
[32] Schlumberger. London Gets Smart with SchlumbergerSema Easyflow™
Contactless Smart Cards. Available via
http://www1.slb.com/smartcards/news/02/sct_london0801.html.
1 Interestingly, only £12 million of this fraud, or 3% of UK total
fraud by value, was Internet-related, seeming to run counter to the
claim that Internet-based fraud is rife. Perhaps this is something we
might expect to see increase in the coming years.
8

  • UAF OUTDOOR ADVENTURES EQUIPMENT RENTAL AGREEMENTRELEASE (SNOW GEAR AGREEMENT)
  • CONOCIMIENTO EN NEGOCIOS LA IMPLANTACIÓN DE SISTEMAS INTEGRADOS DE
  • ZÁKLADNÍ USTANOVENÍ NÁZEV SOUTĚŽE 2 MISTROVSTVÍ EVROPY VE
  • CARROCERIAS LA FAVORITA ESTA EMPRESA FABRICA SEIS MODELOS DE
  • AMPHIBIANS TERMS TO KNOW AMPHIBIANS METAMORPHOSIS OSMOSIS MATE HABITAT
  • BÜYÜKHACILAR İLKÖĞRETİM OKULU 20112012 EĞİTİM ÖĞRETİM YILI 4A SINIFI
  • 12172 CHAPTER 4 PAGE 3 12 DEPARTMENT OF LABOR
  • GIRBAU FIRMA UNA JOINT VENTURE EN CHINA EL GRUPO
  • OCHRONA DÓBR KULTURY PODCZAS KONFLIKTÓW ZBROJNYCH – PODSTAWOWA PROBLEMATYKA
  • DO ZAPŁATY NAZWISKO KRAKÓW IMIĘ KURS NR ROK STUDIÓW
  • ANTHROPOMETRY ANTHROPOMETRY PROVIDES THE DATA USED IN THE INDIRECT
  • DEP8056 (APRIL 2011) 401 KAR 42080 CLASSIFICATION GUIDE
  • OMCWTO LIBERALIZACION DEL COMERCIO SEGURIDAD ALIMENTARIA Y EL CODEX
  • M ODEL OF THE PERMANENT COUNCIL FOR OAS INTERNS
  • IV CONGRESO ESTATAL DEL EDUCADORA SOCIAL SANTIAGO DE COMPOSTELA
  • PAGE NO 1 OF 15 EFFECTIVE FROM 15072008 DOC
  • ABC INTRAVENOUS GTN PRESCRIPTION FORM INFUSION PATIENT NAME HOSPITAL
  • UNIVERSITY OF SASKATCHEWAN T1 TENURE RECOMMENDATION YEAR  
  • KALENDARZ ROKU SZKOLNEGO 20162017 1 ROZPOCZĘCIE ROCZNYCH ZAJĘĆ DYDAKTYCZNO
  • COMUNICACIÓN PUBLICITARIA CLASE 5 MONTAJE AUMONT LOS TRES
  • S THÜRINGER SIEDLERBUND EV VERBAND FÜR FAMILIENHEIM WOCHENENDSIEDLUNG UND
  • ENERGY ACADEMYUNITE SUMMER PROGRAMS THE UNIVERSITY OF NEW
  • IN THE COUNTY COURT NO AT MELBOURNE IN THE
  • LA COMUNICACIÓ D’ UN NOU ESTAT PERE NAVALLES PHD
  • HIGH POINT UNIVERSITY STOUT SCHOOL OF EDUCATION HILDRETH GABRIEL
  • PROCEDIMIENTO DE ADHESIÓN AL CONVENIO 1 APROBACIÓN POR EL
  • SEVNO 16 6 2021 VLOGA ZA ODDAJO PONUDB NA
  • MICROSOFT WORD – HOJA DE PRÁCTICAS PRACTICA 16 COPIAR
  • PRIORITY OF FIXTURE FILINGS CALIFORNIA STATUTES CALIFORNIA COMMERCIAL CODE
  • INFORMATION SHEET PROLOQUO2GO ADDING PHOTOGRAPHS PROLOQUO2GO IS AN APP