Network Defense by Rik Farrow There are smartcards in your future, and you need to be ready The scene is a familiar one: a young woman inserts a card into a machine, then enters a PIN. The machine responds affirmatively, and the woman continues her interaction. What is different about this activity is that the woman is sitting at her PC, and using a smart card to authenticate herself to the network. Later, she might use the same smart card to purchase a book from Amazon. Smart cards are to credit cards what a computer is to a slide rule. Credit cards contain no technical method for authenticating a user, just human based ones (matching a signature and sometimes a picture). And those means of authentication are useless without a local presence--they will not work over a network. Smart cards can perform authentication, encryption, provide keys, certificates, medical information, and even hold the equivalent of money. What makes all of this possible is a tiny, embedded microprocessor and some supporting circuitry in a package that most commonly resembles a credit card. Comparatively cheap, soon to be ubiquitous, the smart card will likely become an important part of the security of your network in the near future. Yet smartcards are not without their problems. Compared to a desktop computer, smartcards are extremely limited in their capabilities, vulnerable to invasive and non-invasive attacks, and suffering from a multiplicity of standards. Even though their use in PCs is not without risk, smartcards could be helping you today. Embedded Circuits Smartcards have been around for over ten years. You can recognize a smartcard by looking for the charactersitic pattern of contacts visible of the surface of the device. These contacts present the interface to the smartcard, accepting power, ground, a clock, as well as bidirectional serial communications. GSM phones use smartcards to identify their user. The more common smartcards are buried in plastic with the same for factor as a credit card. [NOTE: The VISA site has a jpeg image of a smart card showing the contact pad. RIK] The circuit contains a miniturized computer, complete with permanent storage (read only memory,or ROM), temporary storage (RAM), and semi-permanent storage such as flash memoery or non-volatile RAM. Address and data busses connect these to the central processor, and the central processor includes the logic for a serial interface to the outside world. Sometimes smart cards include special hardware for performing encryption, most commonly DES. The smartcard also includes anti-tampering features, such as fusible links that can destroy internal connections, for example, after many failed attempts at entering the correct PIN, making the card unusable. But there have been much more agressive attempts at tampering with cards. Smartcards are tamper-resistant as a design goal. In the real world, they have often fallen short of being tamper-proof, because the secrets held within smartcards can be worth a lot of money. A lot of motivation for attacking smartcards has come from their use in pay-per-view applications. To watch a particular program, a smartcard gets programmed with shared secret, a symmetric encryption key. The broadcasters will use this key to encrypt the pay-per-view show, and if pirates can recover this key, it can be sold on the black market and used by anyone with access to the broadcast medium. Invasive attacks include dipping the card in heated, fuming nitric acid to remove its packaging, followed by a acetone wash. The stripped circuitry may then be mapped using a microscope with a CCD camera to map the basic architecture. Deeper layers can be revealed after a quick ultrasonic bath in hydrofluoric acid. Then the attacker can use a confocal microscope (which shades different layers in varying colors). With this information available, the attacker can locate the volatile memory, and use manual microprobing to tap data busses and read the secrets contained in the memory. There are also non-invasive attacks against smartcards. These attacks use take advantage of the normal use of the card and monitor current, voltage changes, or even changes in emmissions to determine a secret key. While a power analysis attack will not be able to recover an entire 56 bit key, it can be used to guess enough key bits to make a brute force attack feasible. For example, if 16 bits of a 56 bit key can be guessed, a small array of PCs can be used to test all remaining keys (created by varying the unknown 40 bits until successful) in just a few hours. Another form of non-invasive attack, the glitch attack can be used to trick the smartcard into skipping a portion of an algorithm, and or even missing an instruction branch, simply by putting a little hiccup into the normally steady clock input. Smartcard manufacturers have fought back by making power analysis more difficult, introducing layers of shielding over the circuitry, adding cryptographic algorithms into bus decoding for memory accesses, and building the circuits so that they do not sit on a single plane, but lie at different depths. As you can imagine, there is a constant war between the designers and the attackers, with the attackers moving faster then the defenders (as is usually the case in security). So smartcards are not tamper-proof, only tamper-resitant. With enough effort, an attacker can glean the information protected by the smartcard. Why would you want to use such a device to improve your network's security? The Better Mousetrap Most attackers focus on smartcards holding shared secrets, such as symmetric keys. Breaking a single smartcard provides a single key that has widespread use. But the most common use of smartcards for network security will not involve a single secret, but individual, password-like secrets, public key certificates, and assymmetric keys. In these cases, the amount of effort to recover a single key will generally be much greater than the value of that key. The Center for Information Technology Integration (CITI), an applied research and development center of the University of Michigan, has published a paper (and example code) for using smartcards for user authentication. The University of Michigan uses Kerberos V for authenticating students into computer systems. Kerberos V permits students to login once, and then use many network facilities, and has a greater level of security than the single-login facility used in NT 4. In Windows 2000, the successor to NT 4, authentication will be based on Kerberos V. One of the biggest weaknesses of the Kerberos system is that users' passwords are used for encrypting communication between the client and the Key Distribution Center (KDC). As a portion of a client request is easy to learn (the username), brute force attacks using words from a dictionary can be used to attempt to guess sniffed exchanged between the client and the KDC during login. Another Kerberos weakness present on multi-user systems (like UNIX servers) permits a rogue superuser to abuse Kerberos tickets acquired by other users. In the CITI project, the use of smartcards fixes both of these weaknesses. Instead of having a student enter a password, a secret key is stored on the smartcard. The request from a client to the KDC gets encrypted with this secret key in the smartcard, so that the student does not have to remember a password that is transformed into the key. Instead, the student presents the card, enters a PIN to enable the card, and Kerberos handles authenticating the student by returning an encrypted ticket. The ticket can also be decrypted by the secret key stored in the smartcard. By using smartcards, CITI has solved the problems of poorly chosen passwords and password hashes that may be stolen from an unsecured system (most computers are unsecured). The use of Kerberos means that sniffable passwords never appear in the network, and Kerberos prevents replay attacks as well. The smartcards are also used by the students for identification, money, and healthcare, helping to ensure the students will remember to take the smartcard with him or her. While the CITI/Kerberos system marks an innovative use of smartcards, there are more mundane uses as well. Many operating systems, including NT, Solaris, HP-UX, and even Linux, support the use of pluggable authentication modules (PAM) as replacements for password authentication. Even organizations that do not use Kerberos can benefit from the use of smartcards for authentication. Some organizations already use authentication devices, such as Security Dyanmics SecurID. Smartcards cost less than a third the cost of other authentication devices, and have no batteries that will run out. So why don't more organizations use smartcards? There have been several obstacles to the use of smartcards. First, you must have a smartcard reader to use a smartcard. The reader provides the interface and power to the smartcard, as well as a keypad for entering a PIN. Readers that fit into a floppy disk drive or a PCMCIA slot have appeared, making this less of a problem. But these solutions have a particular weakness as well. The computer's keyboard must be used for entering the PIN, and keystrokes can be sniffed. There are over forty different back door programs today for Windows 9x/NT, and all of them can sniff keystrokes. A solution to both the keystroke sniffing and reader requirement is a keyboard that contains a smartcard reader. The numeric keypad on the keyboard can be used to enable the smartcard in a manner that prevents keystroke sniffing. Microsoft, Lucent, and other vendors have designed smartcard reading keyboards, although there has yet to be much market demand for them. Multiplicity of Choices The other serious problems for implementors of smartcards has been lack of standardization. Smartcard standards do exist for form factor and some basic communication capabilities. But the differences between smartcards from different vendors, and even within a single product line, has made developing applications difficult. One approach to making application development easier has come from Sun Microsystem's Javacard, a subset of the Java language that supports writing applets for smartcards. A different approach has been espoused by Microsoft, as well as Mondex International (MULTOS), for writing applications in a higher level language. You may have heard of smartcards being used for credit and debit cards. Smartcards are actually very popular outside of the US because of the greater security possible with a smartcard. The use of smartcards in the US has not caught on because credit card transactions can be cheaply authorized via a modem connection, which is not true in the rest of the world. But smartcards have much stronger authentication mechanisms than credit cards, and the Internet and ecommerce will help move the people into greater acceptance of smartcards. For example, the level of fraud in credit card when used in stores or restaurants is very small, less than .1%. The credit card fraud over the Internet is more than ten times higher. The authentication features of smartcards, such as storing an X.509 certificate or private key for authenticating a transaction, would end most fraud. As well as making it impossible to steal cards electronically (as far as I can see). Let's get back to our user, sitting at her computer. She has now authenticated to the network, but wants to order a book from Amazon or a new hard drive from Microtime. Instead of pulling out her credit card, she again enters her PIN to authorize a transfer of funds from her bank account, or a charge against her credit account, and can trust that the transaction is private, secure, and complete. Her smartcard is not only her authentication, it also contains her digital identity for banking, shopping, and even visits to her HMO. Smartcards will solve many problems related to network security. The question is not if, but rather when. Resources: Information about the Java for Smartcards: http://java.sun.com/products/javacard/; click on partners for a list of vendors supporting Java Card VISA's page describing current and future uses of smart cards: http://www.visa.com/nt/chip/main.html Multos from Mondex International, with a smaller list of supporters (but some familiar names as well): http://www.multos.com/ Microsoft's OS for smart cards (it's NOT Windows, it fits in 8k!); http://www.microsoft.com/smartcard/ The PC/SC Workgroup, with specifications for integrating PCs and smart cards: http://www.smartcardsys.com/ The smart card forum factoids: http://www.smartcrd.com/info/more/Factoids.htm Smart card research (with links to other sites) at CITI (part of the University of Michigan): http://www.citi.umich.edu/projects/sinciti/smartcard/