Innovation and Collaboration with Mcard

1
Innovation and Collaboration with Mcard

• Peter Honeyman
• Center for Information Technology Integration
• University of Michigan
• Ann Arbor

2
A little bit about CITI

• Center for Information Technology Integration
• Founded in 1986 as part of Information Technology
  Division
• Now in CIO office
• Research and development skunkworks
• Advance UMich info tech environment, transfer
  results to University, government, industry
• Externally funded

3
CITI staff

• Faculty and staff scientists
• Researchers and programmers
• Graduate and undergraduate students

4
CITI core competencies

• Middleware lab
• Enterprise-scale info tech integration
• Distributed file systems
• Mobile computing
• High-speed networking
• Integrated security
• Proposal writing

5
Smartcards a pragmatic approach

• Secrets in a smartcard remain safe even if
  hardware / software is compromised
• Integrate smartcard with infrastructure
• Build on what we have
• Use existing infrastructure (UMCE)
• UNIX filesystem mail, web servers
• Kerberos
• NT (PAM GINA)
• Use open standards (IETF, ISO)
• Add secure hardware smartcard

6
Experimental software

• Primary targets
• OpenBSD
• Linux
• AIX
• NT
• PalmPilot
• JavaCard
• T0, T1

7
Innovation Outline

• Smartcard Filesystem
• Smartcard Integration with Kerberos
• Secure Bootstrap with Smartcard
• IP on Smartcard

8
Smartcard filesystem

• ISO-7816
• Standard smartcard interface
• Message framing protocol (too primitive to be
  usable)
• Many vendor dependencies
• Smartcard programming toolkits
• IBM MFC, Microsoft PC/SC, OpenCard framework,
  EMV96, PKCS11,
• Smartcard-specific everything language, API,
  toolkit, library, application, etc.
• Hassle learning toolkit after toolkit
• API dependencies

9
SCFS goals and policies

• Integrate a smartcard with UNIX
• VFS UNIX filesystem API
• Take advantage of UNIX environment
• Allows sophisticated UNIX commands
• Access through symlinks
• Any ISO-7816 smartcard
• Easy integration with applications
• Netscape cookies
• PGP private keyring
• Kerberos tickets
• SSH private key

10
Application to SSH
citi mount_scfs /dev/scfs0 /smartcard citi ln
-s /.ssh/identity /smartcard/ss/id citi ssh
sin.citi.umich.edu Enter PIN sin logout
11
SCFS performance
total
read() call
finish reading smartcard
read() return
start reading smartcard
smartcard access
scfs overhead
scfs overhead

• Command total card overhead
• Read 8 28.9 28.2 0.7
• Read 128 190.2 189.4 0.8
• Write 8 63.4 62.7 0.7
• Write 128 1259.5 1258.9 0.7
• all times in ms

12
SCFS problem areas

• Order of remove
• Directories and metadata

13
Directory entry file

• ISO-7816 does not have the right metadata
• FID, file type, size
• Required for ls, cat
• Hack .i in every directory

14
Hack ioctl()

• Some ISO-7816-4 features do not fit the UNIX
  filesystem abstraction
• creat(), mkdir() need size
• Crypto commands (authentication, verify key, )
• Issues with application loading

15
Comparing PC/SC and SCFS
PC/SC Application modified or created
Application
Application
PC/SC
OS
OS
SCFS Application not modified
Application
Application
OS
OS
SCFS
16
PC/SC and SCFS (contd)

• PC/SC supports more cards and readers
• SCFS can take advantage of it
• Work in progress

Application
Application
OS
OS
SCFS
PC/SC
17
SCFS wrap-up

• Powerful, flexible API
• Overhead is small
• Useful as a low-level development tool
• ls, cd, pwd, make, etc.
• Secure storage for user profiles, web cookies,
  Kerberos tickets, private keys, etc.

18
Smartcard/Kerberos integration

• University of Michigan computing environment is
  protected by Kerberos
• So are MIT, CMU, Stanford, Cornell, ...
• Public key cryptography is not practical
• (yet)
• Kerberos security limitations
• Lacks external encryption device
• Lacks secure key storage
• Passwords vulnerable to dictionary attack
• Smartcards can solve these problems

19
Need for encryption device
Kerberos KDC
ticket
password

• Key is exposed to user and workstation
• Workstation may not be trusted
• Sniffer, Trojan horse, virus ...

20
Need for secure storage

• Keys stored on hard disk or in memory are
  vulnerable
• Hard disks are not secure
• Adversary with administrative rights can access
  keys
• Data in a hard disk may be backed up in an
  unprotected mass storage device
• Memory is not secure
• Adversary can scan memory
• Data in memory can be paged out to a hard disk

21
Dictionary attack

• Create a list of English words, names, etc.
• Also Star Wars, German, Shakespeare,
• thx1138 is a vulnerable password! -(
• Derive keys from the words in the list
• Obtain a ltplaintext, ciphertextgt pair
• Kerberos gives up ltplaintext, ciphertextgt easily
• Decrypt ciphertext with the derived key
• If plaintext recovered, password is exposed
• UMich gt 4,000 vulnerable accounts in 1997

22
Countermeasures - use a smartcard
Kerberos KDC
ticket

• Key is not exposed to user, workstation, or
  network
• No password

23
Implementation

• STARCOS v. 2.1 from Giesecke Devrient
• Modify MIT Kerberos v5-1.0.5 client
• Kerberos server unmodified for global
  interoperability
• Well, almost
• des_cbc_crc method uses key as ivec
• Modify server to allow des_cbc_md5

24
Kerberossmartcard performance
kinit start
card reset
enddecryption
kinitfinish
start decryption
0
0.06
0.34
1.32
1.54
time in sec.

• Ticket decrypt time 1.26 sec.
• Native STARCOS CBC
• Two rounds
• Obviates 27 round host CBC 2.09 sec
• Communication cost _at_ 9600 bps half

25
Smartcard Hall of Shame

• Cards we considered but were unable to use.
• Schlumberger CryptoFlex, MultiFlex
• Internal authentication command returns only the
  first 6 of the 8 bytes of encrypted data. The
  full DES internal authentication command is not
  available in the standard version of the card.
• Cyberflex Access addresses these issues
• IBM MFC
• Encrypts a random number challenge presented by
  SCT_CMD_AUTHENTICATE command.

26
Smartcard Hall of Shame (contd)

• MAOSCO Multos
• Encrypts with a fixed key. From the manual "For
  security reasons," DES is used with a "known
  cryptographic key" (0x41AD8223A90BE2A1).
• General Information Systems Oscar
• DES key is XOR'ed with a random number. From
  e-mail The keys are XOR'ed with a random number
  for security reasons.
• Gemplus GPK
• Key size is limited to 40 bits.

27
Kerberossmartcard wrap-up

• Practical smartcard authentication method
• Addresses major weakness of Kerberos
• Fairly fast room to improve
• Try other smartcards
• Faster communication rate
• Future work
• Store ticket on smartcard
• Use PC/SC library for interoperability
• Server ticket generation

28
Secure bootstrap with smartcard

• Need to sign executable code for software
  integrity check
• Hardware-based solutions
• Secure Coprocessor, AEGIS
• Secure, but hard to configure
• Software-based solutions
• Tripwire, Authenticode
• But is OS trusted?

29
Code signing with smartcard

• Use AEGIS to boot a specialized OS (boot OS)
• Store MACs in a smartcard
• Check the kernel integrity (second OS) with the
  smartcard
• Check integrity of important applications
  (Kerberos KDC, databases, etc.) with the smartcard

30
IP on smartcard

• Expand smartcard accessibility to the Internet
• Network protocols on smartcard
• Network service used unmodified - same idea with
  SCFS
• FTP, HTTP, E-mail, etc.
• Smartcard as a mobile computer
• Bring IP address with you

31
IP on smartcard plans

• Phase 1 IP on ISO-7816
• Will be implemented on Schlumberger CyberFlex
• Limit communication style to host request -
  smartcard reply
• Phase 2 IP on bidirectional link layer
• Waiting for bare smartcard

32
Future directions

• SCFS
• Porting to other operating systems (Linux, NT)
• Support more cards and readers (PC/SC?)
• Kerberos
• Store tickets in a smartcard
• Support more cards and readers (PC/SC?)
• Smartcard-based ticket generation on server
• Just started
• IP on smartcard
• Code signing

33
Innovation wrap-up

• For secure operating system
• Authentication Kerberos smartcard
• Integrity check code signing with smartcard
• For convenient use of smartcard
• Host - smartcard access SCFS
• Internet access IP on smartcard

34
Collaboration

• Partnerships with industry, government
• Identify common objectives
• Develop near- and intermediate-term solutions
• University is a living laboratory of
  enterprise-scale issues

35
CITI/SchlumbergerProgram in Smartcard Technology

• File system transparency
• Secure token storage
• Kerberos authentication
• Internet protocol
• Experimental fault analysis
• JavaCard formal verification
• JavaCard performance analysis
• SEM attack and defense

36
Mcard opportunities

• CITI, ITD, FinOps, Medical
• Public key infrastructure
• Engage the creativity and energy of the student
  body

37
Any questions?
http//www.citi.umich.edu/