presentation source
Download
Report
Transcript presentation source
Practical Security With Smartcards
Peter Honeyman
CITI
University of Michigan
Ann Arbor
Smartcards: a pragmatic approach
Build
on what we have
– Use existing infrastructure (UMCE)
» UNIX filesystem; mail, web servers
» Kerberos
» NT GINA
– Use open standards (IETF, ISO)
– Add secure hardware: smartcard
Integrate smartcard with infrastructure
Secrets in a smartcard remain safe even
if hardware / software is compromised
Experimental approach
Home-brew
software, hardware
Experimental software
screset(fd, atr, ep);
scopen(ttyn, flags, ep);
scfdopen(fd, flags, ep);
scclose(fd);
scread(fd, cla, ins, p1, p2, p3, buf, sw1p, sw2p);
scwrite(fd, cla, ins, p1, p2, p3, buf, sw1p, sw2p);
scgetc(fd, cp, ms);
scputc(fd, ic);
scdsr(fd);
scdtr(fd, cmd);
void scsleep(ms);
Experimental software (cont’d)
Primary
–
–
–
–
–
–
targets:
OpenBSD
Linux
AIX
NT
PalmPilot
JavaCard
T=0,
T=1
Experimental hardware
Experimental hardware (cont’d)
Experimental Hardware (cont’d)
Smartcard integration with
Kerberos
University
of Michigan computing
environment is protected by Kerberos
– So are MIT, CMU, Stanford, Cornell, ...
Public
– (yet)
key cryptography is not practical
Kerberos
security limitations:
– Lacks external encryption device
– Lacks secure key storage
– Passwords vulnerable to dictionary attack
Smartcards
can solve these problems
Need for encryption device
Kerberos
KDC
ticket
password
ticket
Decrypt
Key is exposed to user and workstation
Workstation may not be trusted
Workstation storage is vulnerable
Need for secure hardware
Keys
stored on hard disk or in memory
are vulnerable
Hard disks are not secure
– Adversary with administrative rights can
access keys
– Data in a hard disk may be backed up in an
unprotected mass storage device
Memory
is not secure
– Adversary can scan memory
– Data in memory can be paged out to a hard
disk
Dictionary attack
Create
etc.
a list of English words, names,
– Also Star Wars, German, Shakespeare, …
– thx1138 is a vulnerable password! :-(
Derive keys from the words in the list
Obtain a <plaintext, ciphertext> pair
– Kerberos gives up <plaintext, ciphertext>
easily
Decrypt
ciphertext with the derived key
– If plaintext recovered, password is exposed
UMich:
1997
> 4,000 vulnerable accounts in
Countermeasures - use a
smartcard
Kerberos
KDC
ticket
ticket
Decrypt
Key
ticket
is not exposed to user, workstation,
or network
No password
Implementation
STARCOS
v. 2.1 from Giesecke &
Devrient
Modify MIT Kerberos v5-1.0.5 client
Kerberos server unmodified for
global interoperability
– Well, almost …
– des_cbc_crc method uses key as ivec
– Modify server to allow des_cbc_md5
Kerberos+smartcard performance
kinit
start
card
reset
0
0.06
Ticket
–
–
–
–
start
decryption
0.34
end
decryption
time in sec.
decrypt time: 1.26 sec.
1.32
Native STARCOS CBC
Two rounds
Obviates 27 round host ECB: 2.09 sec
Communication cost @ 9600 bps: ~ half
kinit
finish
1.54
Kerberos+smartcard conclusion
Practical smartcard authentication method
Addresses major weakness of Kerberos
Fairly fast … room to improve
Future work: store ticket on smartcard
Smartcard filesystem (SCFS)
ISO-7816
– Standard smartcard interface
– Primitive message framing protocol
» Too primitive to be useful
– Many vendor dependencies
Smartcard
programming toolkits
– IBM MFC, Microsoft PC/SC, OpenCard
framework, EMV’96, PKCS#11, JavaCard …
– Smartcard-specific everything: language,
API, toolkit, library, application, etc.
– Hassle learning toolkit after toolkit
– API dependencies
SCFS goals and policies
Integrate
a smartcard with UNIX
– VFS: UNIX filesystem API
Take
advantage of UNIX environment
– Allows sophisticated UNIX commands
– Access through symlinks
Any ISO-7816 smartcard
Easy integration with applications
–
–
–
–
Netscape cookies
PGP private keyring
Kerberos tickets
SSH private key
Application to SSH
citi% mount_scfs /dev/scfs0 /smartcard
citi% ln -s ~/.ssh/identity /smartcard/ss/id
citi% ssh sin.citi.umich.edu
Enter PIN:
sin% logout
SCFS design
Kernel
VFS assisted by user process
application
scfsd
smartcard
user
kernel
VFS
XFS
VFS handles application requests
scfsd translates requests to ISO7816 APDUs
No caching
SCFS implementation
xfs_mount()
Send reset to smartcard
Choose smartcard type from configuration
table based on ATR
Mount the scfs filesystem
xfs_read()
Translate FID into ISO-7816 name
Select the file
Send “read” APDU
Copy data to user space (uiomove)
SCFS performance
total
read()
call
start reading
smartcard
finish reading
smartcard
read()
return
smartcard access
scfs overhead
Command
Read
8
Read 128
Write 8
Write 128
scfs overhead
total
28.9
190.2
63.4
1259.5
card
28.2
189.4
62.7
1258.9
all times in ms
overhead
0.7
0.8
0.7
0.7
SCFS conclusion
Flexible API
Overhead is small
Useful as a low-level
development tool
– ls, cd, pwd, make, etc.
Secure
storage for user profiles, web
cookies, Kerberos tickets, private keys,
etc.
Problems
– Readdir is broken in ISO-7816
– Must preconfigure for each card
– File length is troublesome
Future directions
Smartcard
filesystem
– Complete missing vnodeops
– Porting to other operating systems
Authentication
– Secure Kerberos ticket generation
– Smartcard public key integration
IP
for smartcard
– honey.mcard.umich.edu
– Secure network storage, service provider