computer science department university texas at austin 1 secure hardware – smart cards main topics...

Computer Science Department University Texas at Austin

1

Secure Hardware – smart cardsMain Topics

• why do we need it?– Secure Requirements

– Application & Market (One card can do everything)

• how does it work?– Architecture

– Tamper Resistant Mechanism and Possible Attacks

– OS, application

• how to use it?– Shared Key

– Public Key

– Encryption

– Java Card

– Multi-Application Card

• High-end crypto-processor will not be covered herePresented by Zhenxun Xiao


2

What is smart card

A typical smart card is a credit-card size embedded system containing an 8-bit microprocessor or up to 32 bits processor, ROM to hold programs such as card operating system and immutable data, EEPROM to hold customer-specific data such as user name, secret keys as well as account numbers, RAM to hold transient data during computation and serial I/O, USB or PCMCIA to communicate with the host computer through card readers.


3

What are inside a smart card?• Components inside a smart card

– Power, Ground, Reset, Clock and I/O are the inputs of a smart card

– Battery memory is possible


4

What are the advantages?

• Tamper-resistant

– stored data in smart card can be protected against unauthorized access

• Loose coupling to host

– Especially attractive for use as secret key storage when hosts cannot be trusted to themselves to store secrets keys

• Low cost

• Portability


5

What are the disadvantages?• Low performance

– Slow processor

– Slow I/O channel

– Small memory (ROM, EEPROM and RAM)

– Unsuitable for computation-intensive task (cryptography)

– Executable code size is strictly limited, hence OS, security algorithms and protocols should be simplified

– New technologies may improve the performance

• Interoperation and standardization is relatively difficult

• Card specific attacks (invasive or non-invasive)• Invalid card holder

– PIN + smart card

– Biometric + smart card


6

Why do we need it (1)?• Secure Technique Point Of View

– Keys stored on hard disk or in memory are vulnerable

– Hard disks are not secure• Adversary with administrative rights can access keys

• Data in a hard disk may be backed up in a storage device without protection

– Memory is not secure • attacker can scan the whole memory

• Memory pages can be paged out to a hard disk

– Smart card is the “real” secure place for secret information


7

Why do we need it (2)?• Secure Technique Point Of View

– Password based system (Kerberos) suffers from dictionary attack

• Create a list of words, names

• Derive keys from the words in the list

• Obtain a <plaintext, ciphertext> pair

• Decrypt ciphertext with the derived key

– Smart card is able to store long random key (password) in advance and provides it as login in


8

Why do we need it (3)?• Application Point Of View

– Internet and electronic business prompts the distribution of smart card

– Platform (Hardware and OS) independent programming language (Java) matches the portability of smart card

– Multi-application cards make one card be able to do everything; You do not need carry student ID, driver ID, credit card, ATM card, medical card and etc

– Potential market profits


9

Why do we need it (4)?• Market trends


10

Basic Principle of Smart Card1. Smart cards are tamper resistant and secret information

can be stored inside safely even other hardware or software are comprised e.g. host OS and application

2. Place in smart card the secret components which are accessible only to smart card(Never leave smart card) such as private key, shared key, user name and account

3. Implement hash function, encryption algorithms (for RSA, DES and etc) to support authentication, digital signature and encryption in smart card

4. Simple OS support(I/O, stripped HTTP / TCP/IP stack)5. Applications such as Java applet in Java card are built on

OS and Secure modular.6. Necessary communication protocol between card

terminal (card reader) and smart card is constructed7. Integrate the above as a whole to the entire system


11

Example #1 Smart Card + Kerberos (1)• Kerberos is a shared key secure system

– Authentication Service Exchange: to obtain TGT

1. Client AS or KDC : { ID[c] || ID [tgs] || TS1 }

2. AS Client: E(K[c]) { K[c, tgs] || ID[tgs] || TS2 || Lifttime2 || Ticket[tgs] }

– Ticket-Granting Service Exchange: to obtain SGT

1. Client TGS: ID[v] || Ticket[tgs] || Authnticator[c]

2. TGS Client: E(K[c,tgs]) {ID[v] || TS4 :: Ticket[v]}• Ticket[tgs] = E(K[tgs]) {K[c,tgs] || ID[c] || ID[tgs] … }

• Ticket[v] = E(K[v]) {K[c,v] … }

• Authenticator[c] = E(K[c,tgs]) { ID[c] || AD[c] || TS3]

– Client-Server Authentication Exchange

1. Client V: Ticket[v] || ……


12

Example #1 Smart Card + Kerberos (2)

• A key in a workstation can be vulnerable

• A user chosen password is prone to attack


13

Example #1 Smart Card + Kerberos (3)

• A randomly generated bits as password is stored in smart card


14

Example #2 Smart Card + PKI (1)

• Private Key is stored in smart card to generate certificate

• Netscape Communicator support RSA for smart card

• Access protected data (e.g. corporate network) from anywhere (exploit portability of smart card)

• Host can also authenticate smart card by sending a challenge to smart card through card terminal and use the public key to decrypt the received response from smart card

• PKCS#11 is a standard for this case


15

Example #3 Smart Card + Cryptography (1)

• Smart card has slow CPU and slow I/O channel, hence it is not suitable for encrypting large plaintext and then decrypting by using a general cryptography algorithm in real time environment.

• (3)DES, RSA, MD5 are implemented mainly for authentication and digital signature (Many smart cards even do not support these either)

• Possible solutions– Major cryptography task can be performed at host side, smart card

only performance a minor cryptography task for each large message

– New efficient block ciphers take in place


16


• Remotely Keyed Encryption Protocol (RKEP)– Move major task to host

– Host and card share encryption algorithm (e.g. DES)

– For each data block, card encrypt/decrypt fixed length data which are deducted from the original variant length data by using the secret key stored in card and as a result generate a per-block key to host

– Host perform encryption/decryption on the full length data by using the per-block key

– Smart card MUST be present while encrypting/decrypting


17


• Remotely Keyed Encryption Protocol (RKEP)


18


• Remotely Keyed Encryption Protocol (RKEP)


19

Example #3 Smart Card + Cryptography (5)• Efficient Block Ciphers for Smart Cards

– Similar principle to DES (hide characteristics of plaintext), but simpler, reducing computation and saving memory

– Special design to resist card specific attacks

– Is it more vulnerable than DES from protocol or mathematics point of view? (I do not know now)

– The round transformation based on round key– Diffusion step (Matrix Multiplication, Coefficients are

selected carefully, use shifting and addition)

– dispersion step (Individual Byte, shifting rows)

– nonlinear step (Individual Byte, table lookup)

– round key addition (Individual Byte, XOR)


20

Example #4 Smart Card + CFS• Use smart card to generate per-file secret key for

cryptography file system– Smart card stores the user key

– Leverage efficient cryptography algorithm (e.g. RKEP as above) to encrypt or decrypt files

– Smart card must be present while acting


21

Example #5 Smart Card + Session Key• Smart card can store the session key obtained after

authentication– Leverage efficient cryptography algorithm (RKEP as

above) to encrypt or decrypt messages from host

– The secret key used inside smart card in Slide#17 #18 is session key exchanged after authenticating process in PKI or shared key infrastructure

– The partner host on the other end should support the same cryptography algorithms, hence making some changes to the secure infrastructure

– Is this right?


22

Example #6 Java Card

• Java byte codes can reside in smart cards and perform predetermined tasks– A simple Java Virtual Machine is support in smart card

– Simple HTTP/TCP/IP stack is support

– Smart card is a server responding to requests from hosts

– Possible small databases like medical records, financial information exists in smart cards

– Easy to standardize, program and develop

– How to make it secure then?


23

Example #7 Multi-Application Smart Card

• One card can have multi-application for multiple purpose – one card is enough?

• Card issuer has full control of the card and can add other applications from card service providers to smart card

• Download Java Applets to smart card• How to shared codes and how to make

applications be secure to one another?


24

Tamper Resistant Principle (1)

• Tamper Resistant hardware is NOT absolutely safe and various tampering techniques exist– Micro-probing access chip surface directly, thus opponents can

observe, manipulate, interfere with the integrated circuit

– Eavesdropping monitor the analog characteristics of all supply and interface connections and other electromagnetic radiation produced by the processor during normal operation

– Fault generation use abnormal environmental conditions to generate malfunctions in the processor that provide additional access

– Software Attacks employs the normal communication interface of the processor and exploit security vulnerabilities in the protocols, cryptographic algorithms or their implementation.


25


• Micro-probing– Invasive attack, the card is damaged but provide useful information

for non-invasive attacks such as eavesdropping, Fault generation – Probing workstation or manually– Unpack smart cards and reconstruction layout of IC (ALU,

instruction decoder, EEPROM & ROM memory cells)– Memory Read-out, observe the entire bus to discover the values in

memory

• Non-invasive attacks (Eavesdropping, Fault Generation, Software)– Every transistor and interconnection have a capacitance and

resistance, certain temperature, power supply voltage, – Circuit current change, signal propagation delays


26


• Glitch Attacks– Deliberately generate a malfunction that causes one or more flipflo

p to adopt the wrong state, hence replace one instruction with another, affect conditional jumps, test instruction, loop counter

– Clock-signal glitches, increase clock frequency for one or more half cycles

• Current Analysis– Different operations generate different currents, conditional branch

instruction is different from arithmetic instructions

– Same operations under different input values generate different currents, e.g. instruction decoder for different instruction, ALU for different input value


27

Tamper Resistant Principle (4)• Countermeasures

– Sensor to sense unpacking or other examinations, erase all secret data automatically

– Make IC more complex to be be reconstructed

– High-frequency detectors & low frequency sensor

– Randomized Clock Signal by inserting random delays at clock level, unable to predict the time at which a certain instruction is executed

– Randomized Multithreading, introduce non-determinism into the execution of algorithms, multiple copies of all registers for switch between threads

– Restricted Program Counter

– Carefully design algorithms (Efficient Block Cipher), CPU time and power consumption are independent of cipher key and plaintext


28

OS support for smart cards (1)

• OS support– SCFS (Smart Card File System), Smart Car

d is considered as a directory of a host OS– Window card By Microsoft– 3com PalmOS– MultOS for multi-application– Java Virtual Machine By Sun– Friendly development environment (Compili

ng and Loading) at hosts


29

OS support for smart cards (2)

• SCFS (Smart Card File System)


30

Smart Card Standardization (1)

– ISO7816 (1,2,3,4,5,6)

– Open Card Framework OCF1.2

– Java Card 2.0 Specification by sun

– PKCS#11 for PKI


31

Smart Card Standardization (2)

• ISO7816– #1 to #3: Physical Properties: dimension ,

mechanical stress, power, resistant to static electronic and radiation, electronic signal and transmission protocol

– #4: a set of commands across all industries to provide access, security and transmission of card data, e.g. commands to read, write and update records


32

Smart Card Standardization (3)• OpenCard Framework

– functions and roles of smart cards can vary widely by service

– OpenCard Framework (OCF) separates terminal software into terminal specific components and card specific components, thus making it possible to add or remove components on demand

– application developer simply uses the APIs provided by CardService, enabling the application to be shared across multiple platforms that support OCF

computer science department university texas at austin 1 secure hardware – smart cards main topics...

Documents

smart card power

typical smart card

card readers

smart card battery memory

hard disk smart card

derived key smart card

host computer

possible slide