Practical Security With Smartcards - PowerPoint PPT Presentation

About This Presentation
Title:

Practical Security With Smartcards

Description:

Experimental Software (Cont'd) OpenBSD, AIX, NT, PalmPilot are primary targets. T=0, T=1 ... Experimental fault analysis. JavaCard formal verification. JavaCard ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 26
Provided by: bobr168
Category:

less

Transcript and Presenter's Notes

Title: Practical Security With Smartcards


1
Practical Security With Smartcards
  • Peter HoneymanCITIUniversity of MichiganAnn
    Arbor

2
Practical Approach
  • Build on what we have
  • Use existing infrastructure (UMCE)
  • UNIX filesystem mail, web servers
  • Kerberos
  • NT GINA
  • Use open standards (IETF, ISO)
  • Add secure hardware smartcard
  • Integrate smartcard with infrastructure
  • Secrets in a smartcard remain safe even if
    hardware / software is compromised

3
Experimental Approach
  • Home-brew software, hardware

4
Experimental Software
  • int scopen(int ttyn, int flags, int ep)
  • int scfdopen(int fd, int flags, int ep)
  • int screset(int fd, char atr, int ep)
  • int scclose(int fd)
  • int scread(int fd, int cla, int ins, int p1, int
    p2, int p3, char buf, int sw1p, int sw2p)
  • int scwrite(int fd, int cla, int ins, int p1, int
    p2, int p3, char buf, int sw1p, int sw2p)
  • int scdsr(int fd)
  • int scdtr(int fd, int cmd)
  • int scgetc(int fd, char cp, int ms)
  • int scputc(int fd, int ic)
  • void scsleep(int ms)

5
Experimental Software (Contd)
  • OpenBSD, AIX, NT, PalmPilot are primary targets
  • T0, T1

6
Experimental Hardware
7
Experimental Hardware (contd)
8
Experimental Hardware (contd)
9
Smartcard Filesystem (SCFS)
  • ISO-7816
  • Standard smartcard interface
  • Primitive message framing protocol
  • Too primitive to be useful
  • Many vendor dependencies
  • Smartcard programming toolkits
  • IBM MFC, Microsoft PC/SC, OpenCard framework,
    EMV96, PKCS11, JavaCard
  • Smartcard-specific everything language, API,
    toolkit, library, application, etc.
  • Hassle learning toolkit after toolkit
  • API dependencies

10
SCFS Goals / Policies
  • Integrate a smartcard with UNIX
  • VFS UNIX filesystem API
  • Take advantage of UNIX environment
  • Allows sophisticated UNIX commands
  • Access through symlinks
  • Any ISO-7816 smartcard
  • Easy integration with applications
  • Netscape cookies
  • PGP private keyring
  • Kerberos tickets
  • SSH private key

11
SCFS Design
  • Kernel VFS assisted by user process

user kernel
  • VFS handles application requests
  • scfsd translates requests to ISO-7816 APDUs
  • No caching

12
SCFS Implementation
  • xfs_mount()
  • Send reset to smartcard
  • Choose smartcard type from configuration table
    based on ATR
  • Mount the scfs filesystem
  • xfs_read()
  • Translate FID into ISO-7816 name
  • Select the file
  • Send read APDU
  • Copy data to user space (uiomove)

13
SCFS Performance
read() call
read() return
start reading smartcard
finish reading smartcard
Total
smartcard access
scfs overhead
scfs overhead
  • Command total card overhead
  • Read 8 28.9 28.2 0.7
  • Read 128 190.2 189.4 0.8
  • Write 8 63.4 62.7 0.7
  • Write 128 1259.5 1258.9 0.7
  • All times in ms

14
SCFS Conclusion
  • Flexible API
  • Overhead is small
  • Useful as a low-level development tool
  • ls, cd, pwd, make, etc.
  • Secure storage for user profiles, web cookies,
    Kerberos tickets, private keys, etc.
  • Problems
  • Readdir is broken in ISO-7816
  • Must preconfigure for each card
  • File length is troublesome

15
Smartcard Integration With Kerberos
  • University of Michigan computing environment is
    protected by Kerberos
  • So are MIT, CMU, Stanford, Cornell, ...
  • Security limitations
  • Lacks external encryption device
  • Lacks secure key storage
  • Passwords are vulnerable to dictionary attack
  • Smartcards can solve these problems
  • Public key cryptography is not practical
  • (yet)

16
Need for Encryption Device
Kerberos KDC
ticket
password
  • Key is exposed to user and workstation
  • Workstation storage is vulnerable
  • Workstation may not be trusted

17
Need for Secure Hardware
  • Keys stored on hard disk or in memory
  • Hard disks are not secure
  • Adversary with administrative rights can access
    keys
  • Data in a hard disk may be backed up in an
    unprotected mass storage device
  • Memory is not secure -- adversary can scan memory
  • Data in memory can be paged out to a hard disk

18
Dictionary Attack
  • Create a list of English words, names, etc.
  • Also Star Wars, German, Shakespeare,
  • thx1138 is a vulnerable password!
  • Derive keys from the words in the list
  • Obtain a ltplaintext, ciphertextgt pair
  • Kerberos gives up ltplaintext, ciphertextgt easily
  • Decrypt ciphertext with the derived key
  • If plaintext is recovered, the password is
    exposed
  • UMich gt 4,000 vulnerable accounts

19
Countermeasures - Use Smartcard
Kerberos KDC
ticket
  • Key is not exposed to user, work-station, or
    network
  • No password

20
Implementation
  • STARCOS v. 2.1 from Giesecke Devrient
  • Modify MIT Kerberos v5-1.0.5 client
  • Kerberos server unmodified for global
    interoperability
  • Well, almost
  • des_cbc_crc method uses key as ivec
  • Modify server to allow des_cbc_md5

21
Kerberos-smartcard Performance
card reset
kinit start
end decryption
kinit finish
start decryption
0
0.02
0.37
2.46
2.52
time in sec.
  • Decryption loop is bottleneck _at_ 2.09 sec
  • Plan to improve performance with STARCOSs native
    CBC

22
Kerberos-Smartcard Conclusion
  • Practical smartcard authentication method
  • Addresses major weakness of Kerberos
  • Fairly fast room to improve
  • Future work store ticket on smartcard

23
Future Directions
  • Smartcard filesystem
  • Porting to other operating systems
  • Distribution
  • Authentication
  • Smartcard integration for Kerberos servers
  • Smartcard decryption optimization
  • IP for smartcard
  • honey.mcard.umich.edu
  • Secure network storage, service provider

24
CITI/Schlumberger Program in Smartcard Technology
  • File system transparency
  • Secure cookie storage
  • Kerberos authentication
  • Internet protocol
  • Experimental fault analysis
  • JavaCard formal verification
  • JavaCard performance analysis
  • SEM attack and defense

25
Any Questions?
http//www.citi.umich.edu/
Write a Comment
User Comments (0)
About PowerShow.com