Secure Hardware - PowerPoint PPT Presentation

About This Presentation
Title:

Secure Hardware

Description:

Secure Hardware smart cards Main Topics why do we need it? Secure Requirements Application & Market (One card can do everything) how does it work? – PowerPoint PPT presentation

Number of Views:99
Avg rating:3.0/5.0
Slides: 33
Provided by: wint97
Category:

less

Transcript and Presenter's Notes

Title: Secure Hardware


1
Secure Hardware smart cards
  • Main Topics
  • why do we need it?
  • Secure Requirements
  • Application Market (One card can do everything)
  • how does it work?
  • Architecture
  • Tamper Resistant Mechanism and Possible Attacks
  • OS, application
  • how to use it?
  • Shared Key
  • Public Key
  • Encryption
  • Java Card
  • Multi-Application Card
  • High-end crypto-processor will not be covered
    here
  • Presented by Zhenxun Xiao

2
What is smart card
  • A typical smart card is a credit-card size
    embedded system containing an 8-bit
    microprocessor or up to 32 bits processor, ROM to
    hold programs such as card operating system and
    immutable data, EEPROM to hold customer-specific
    data such as user name, secret keys as well as
    account numbers, RAM to hold transient data
    during computation and serial I/O, USB or PCMCIA
    to communicate with the host computer through
    card readers.

3
What are inside a smart card?
  • Components inside a smart card
  • Power, Ground, Reset, Clock and I/O are the
    inputs of a smart card
  • Battery memory is possible

4
What are the advantages?
  • Tamper-resistant
  • stored data in smart card can be protected
    against unauthorized access
  • Loose coupling to host
  • Especially attractive for use as secret key
    storage when hosts cannot be trusted to
    themselves to store secrets keys
  • Low cost
  • Portability

5
What are the disadvantages?
  • Low performance
  • Slow processor
  • Slow I/O channel
  • Small memory (ROM, EEPROM and RAM)
  • Unsuitable for computation-intensive task
    (cryptography)
  • Executable code size is strictly limited, hence
    OS, security algorithms and protocols should be
    simplified
  • New technologies may improve the performance
  • Interoperation and standardization is relatively
    difficult
  • Card specific attacks (invasive or non-invasive)
  • Invalid card holder
  • PIN smart card
  • Biometric smart card

6
Why do we need it (1)?
  • Secure Technique Point Of View
  • Keys stored on hard disk or in memory are
    vulnerable
  • Hard disks are not secure
  • Adversary with administrative rights can access
    keys
  • Data in a hard disk may be backed up in a storage
    device without protection
  • Memory is not secure
  • attacker can scan the whole memory
  • Memory pages can be paged out to a hard disk
  • Smart card is the real secure place for secret
    information

7
Why do we need it (2)?
  • Secure Technique Point Of View
  • Password based system (Kerberos) suffers from
    dictionary attack
  • Create a list of words, names
  • Derive keys from the words in the list
  • Obtain a ltplaintext, ciphertextgt pair
  • Decrypt ciphertext with the derived key
  • Smart card is able to store long random key
    (password) in advance and provides it as login in

8
Why do we need it (3)?
  • Application Point Of View
  • Internet and electronic business prompts the
    distribution of smart card
  • Platform (Hardware and OS) independent
    programming language (Java) matches the
    portability of smart card
  • Multi-application cards make one card be able to
    do everything You do not need carry student ID,
    driver ID, credit card, ATM card, medical card
    and etc
  • Potential market profits

9
Why do we need it (4)?
  • Market trends

10
Basic Principle of Smart Card
  1. Smart cards are tamper resistant and secret
    information can be stored inside safely even
    other hardware or software are comprised e.g.
    host OS and application
  2. Place in smart card the secret components which
    are accessible only to smart card(Never leave
    smart card) such as private key, shared key, user
    name and account
  3. Implement hash function, encryption algorithms
    (for RSA, DES and etc) to support authentication,
    digital signature and encryption in smart card
  4. Simple OS support(I/O, stripped HTTP / TCP/IP
    stack)
  5. Applications such as Java applet in Java card are
    built on OS and Secure modular.
  6. Necessary communication protocol between card
    terminal (card reader) and smart card is
    constructed
  7. Integrate the above as a whole to the entire
    system

11
Example 1 Smart Card Kerberos (1)
  • Kerberos is a shared key secure system
  • Authentication Service Exchange to obtain TGT
  • Client ? AS or KDC IDc ID tgs TS1
  • AS ?Client E(Kc) Kc, tgs IDtgs TS2
    Lifttime2 Tickettgs
  • Ticket-Granting Service Exchange to obtain SGT
  • Client ? TGS IDv Tickettgs
    Authnticatorc
  • TGS ? Client E(Kc,tgs) IDv TS4
    Ticketv
  • Tickettgs E(Ktgs) Kc,tgs IDc
    IDtgs
  • Ticketv E(Kv) Kc,v
  • Authenticatorc E(Kc,tgs) IDc ADc
    TS3
  • Client-Server Authentication Exchange
  • Client ? V Ticketv

12
Example 1 Smart Card Kerberos (2)
  • A key in a workstation can be vulnerable
  • A user chosen password is prone to attack

13
Example 1 Smart Card Kerberos (3)
  • A randomly generated bits as password is stored
    in smart card

14
Example 2 Smart Card PKI (1)
  • Private Key is stored in smart card to generate
    certificate
  • Netscape Communicator support RSA for smart card
  • Access protected data (e.g. corporate network)
    from anywhere (exploit portability of smart card)
  • Host can also authenticate smart card by sending
    a challenge to smart card through card terminal
    and use the public key to decrypt the received
    response from smart card
  • PKCS11 is a standard for this case

15
Example 3 Smart Card Cryptography (1)
  • Smart card has slow CPU and slow I/O channel,
    hence it is not suitable for encrypting large
    plaintext and then decrypting by using a general
    cryptography algorithm in real time environment.
  • (3)DES, RSA, MD5 are implemented mainly for
    authentication and digital signature (Many smart
    cards even do not support these either)
  • Possible solutions
  • Major cryptography task can be performed at host
    side, smart card only performance a minor
    cryptography task for each large message
  • New efficient block ciphers take in place

16
Example 3 Smart Card Cryptography (2)
  • Remotely Keyed Encryption Protocol (RKEP)
  • Move major task to host
  • Host and card share encryption algorithm (e.g.
    DES)
  • For each data block, card encrypt/decrypt fixed
    length data which are deducted from the original
    variant length data by using the secret key
    stored in card and as a result generate a
    per-block key to host
  • Host perform encryption/decryption on the full
    length data by using the per-block key
  • Smart card MUST be present while
    encrypting/decrypting

17
Example 3 Smart Card Cryptography (3)
  • Remotely Keyed Encryption Protocol (RKEP)

18
Example 3 Smart Card Cryptography (4)
  • Remotely Keyed Encryption Protocol (RKEP)

19
Example 3 Smart Card Cryptography (5)
  • Efficient Block Ciphers for Smart Cards
  • Similar principle to DES (hide characteristics of
    plaintext), but simpler, reducing computation and
    saving memory
  • Special design to resist card specific attacks
  • Is it more vulnerable than DES from protocol or
    mathematics point of view? (I do not know now)
  • The round transformation based on round key
  • Diffusion step (Matrix Multiplication,
    Coefficients are selected carefully, use shifting
    and addition)
  • dispersion step (Individual Byte, shifting rows)
  • nonlinear step (Individual Byte, table lookup)
  • round key addition (Individual Byte, XOR)

20
Example 4 Smart Card CFS
  • Use smart card to generate per-file secret key
    for cryptography file system
  • Smart card stores the user key
  • Leverage efficient cryptography algorithm (e.g.
    RKEP as above) to encrypt or decrypt files
  • Smart card must be present while acting

21
Example 5 Smart Card Session Key
  • Smart card can store the session key obtained
    after authentication
  • Leverage efficient cryptography algorithm (RKEP
    as above) to encrypt or decrypt messages from
    host
  • The secret key used inside smart card in Slide17
    18 is session key exchanged after authenticating
    process in PKI or shared key infrastructure
  • The partner host on the other end should support
    the same cryptography algorithms, hence making
    some changes to the secure infrastructure
  • Is this right?

22
Example 6 Java Card
  • Java byte codes can reside in smart cards and
    perform predetermined tasks
  • A simple Java Virtual Machine is support in smart
    card
  • Simple HTTP/TCP/IP stack is support
  • Smart card is a server responding to requests
    from hosts
  • Possible small databases like medical records,
    financial information exists in smart cards
  • Easy to standardize, program and develop
  • How to make it secure then?

23
Example 7 Multi-Application Smart Card
  • One card can have multi-application for multiple
    purpose one card is enough?
  • Card issuer has full control of the card and can
    add other applications from card service
    providers to smart card
  • Download Java Applets to smart card
  • How to shared codes and how to make applications
    be secure to one another?

24
Tamper Resistant Principle (1)
  • Tamper Resistant hardware is NOT absolutely safe
    and various tampering techniques exist
  • Micro-probing access chip surface directly, thus
    opponents can observe, manipulate, interfere with
    the integrated circuit
  • Eavesdropping monitor the analog characteristics
    of all supply and interface connections and other
    electromagnetic radiation produced by the
    processor during normal operation
  • Fault generation use abnormal environmental
    conditions to generate malfunctions in the
    processor that provide additional access
  • Software Attacks employs the normal communication
    interface of the processor and exploit security
    vulnerabilities in the protocols, cryptographic
    algorithms or their implementation.

25
Tamper Resistant Principle (2)
  • Micro-probing
  • Invasive attack, the card is damaged but provide
    useful information for non-invasive attacks such
    as eavesdropping, Fault generation
  • Probing workstation or manually
  • Unpack smart cards and reconstruction layout of
    IC (ALU, instruction decoder, EEPROM ROM
    memory cells)
  • Memory Read-out, observe the entire bus to
    discover the values in memory
  • Non-invasive attacks (Eavesdropping, Fault
    Generation, Software)
  • Every transistor and interconnection have a
    capacitance and resistance, certain temperature,
    power supply voltage,
  • Circuit current change, signal propagation delays

26
Tamper Resistant Principle (3)
  • Glitch Attacks
  • Deliberately generate a malfunction that causes
    one or more flipflop to adopt the wrong state,
    hence replace one instruction with another,
    affect conditional jumps, test instruction, loop
    counter
  • Clock-signal glitches, increase clock frequency
    for one or more half cycles
  • Current Analysis
  • Different operations generate different currents,
    conditional branch instruction is different from
    arithmetic instructions
  • Same operations under different input values
    generate different currents, e.g. instruction
    decoder for different instruction, ALU for
    different input value

27
Tamper Resistant Principle (4)
  • Countermeasures
  • Sensor to sense unpacking or other examinations,
    erase all secret data automatically
  • Make IC more complex to be be reconstructed
  • High-frequency detectors low frequency sensor
  • Randomized Clock Signal by inserting random
    delays at clock level, unable to predict the time
    at which a certain instruction is executed
  • Randomized Multithreading, introduce
    non-determinism into the execution of algorithms,
    multiple copies of all registers for switch
    between threads
  • Restricted Program Counter
  • Carefully design algorithms (Efficient Block
    Cipher), CPU time and power consumption are
    independent of cipher key and plaintext

28
OS support for smart cards (1)
  • OS support
  • SCFS (Smart Card File System), Smart Card is
    considered as a directory of a host OS
  • Window card By Microsoft
  • 3com PalmOS
  • MultOS for multi-application
  • Java Virtual Machine By Sun
  • Friendly development environment (Compiling and
    Loading) at hosts

29
OS support for smart cards (2)
  • SCFS (Smart Card File System)

30
Smart Card Standardization (1)
  • ISO7816 (1,2,3,4,5,6)
  • Open Card Framework OCF1.2
  • Java Card 2.0 Specification by sun
  • PKCS11 for PKI

31
Smart Card Standardization (2)
  • ISO7816
  • 1 to 3 Physical Properties dimension ,
    mechanical stress, power, resistant to static
    electronic and radiation, electronic signal and
    transmission protocol
  • 4 a set of commands across all industries to
    provide access, security and transmission of card
    data, e.g. commands to read, write and update
    records

32
Smart Card Standardization (3)
  • OpenCard Framework
  • functions and roles of smart cards can vary
    widely by service
  • OpenCard Framework (OCF) separates terminal
    software into terminal specific components and
    card specific components, thus making it possible
    to add or remove components on demand
  • application developer simply uses the APIs
    provided by CardService, enabling the application
    to be shared across multiple platforms that
    support OCF
Write a Comment
User Comments (0)
About PowerShow.com