Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.
-
Upload
arnold-jefferson -
Category
Documents
-
view
212 -
download
0
Transcript of Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.
![Page 1: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/1.jpg)
Practical Security With Smartcards
Peter HoneymanCITIUniversity of MichiganAnn Arbor
![Page 2: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/2.jpg)
Smartcards: a pragmatic approach
Build on what we have– Use existing infrastructure (UMCE)
»UNIX filesystem; mail, web servers»Kerberos»NT GINA
– Use open standards (IETF, ISO)– Add secure hardware: smartcard
Integrate smartcard with infrastructure Secrets in a smartcard remain safe
even if hardware / software is compromised
![Page 3: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/3.jpg)
Experimental approach
Home-brew software, hardware
![Page 4: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/4.jpg)
Experimental softwarescreset(fd, atr, ep);
scopen(ttyn, flags, ep);
scfdopen(fd, flags, ep);
scclose(fd);
scread(fd, cla, ins, p1, p2, p3, buf, sw1p, sw2p);
scwrite(fd, cla, ins, p1, p2, p3, buf, sw1p, sw2p);
scgetc(fd, cp, ms);
scputc(fd, ic);
scdsr(fd);
scdtr(fd, cmd);
void scsleep(ms);
![Page 5: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/5.jpg)
Experimental software (cont’d)
Primary targets: – OpenBSD– Linux– AIX– NT– PalmPilot– JavaCard
T=0, T=1
![Page 6: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/6.jpg)
Experimental hardware
![Page 7: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/7.jpg)
Experimental hardware (cont’d)
![Page 8: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/8.jpg)
Experimental Hardware (cont’d)
![Page 9: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/9.jpg)
Smartcard integration with Kerberos
University of Michigan computing environment is protected by Kerberos– So are MIT, CMU, Stanford, Cornell, ...
Public key cryptography is not practical – (yet)
Kerberos security limitations:– Lacks external encryption device– Lacks secure key storage– Passwords vulnerable to dictionary
attack Smartcards can solve these problems
![Page 10: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/10.jpg)
Decrypt
Need for encryption device
KerberosKDC
Key is exposed to user and workstationWorkstation may not be trustedWorkstation storage is vulnerable
passwordticket
ticket
![Page 11: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/11.jpg)
Need for secure hardware
Keys stored on hard disk or in memory are vulnerable
Hard disks are not secure – Adversary with administrative rights can
access keys– Data in a hard disk may be backed up in
an unprotected mass storage device Memory is not secure
– Adversary can scan memory– Data in memory can be paged out to a
hard disk
![Page 12: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/12.jpg)
Dictionary attack
Create a list of English words, names, etc.– Also Star Wars, German, Shakespeare, …– thx1138 is a vulnerable password! :-(
Derive keys from the words in the list Obtain a <plaintext, ciphertext> pair
– Kerberos gives up <plaintext, ciphertext> easily
Decrypt ciphertext with the derived key– If plaintext recovered, password is
exposed UMich: > 4,000 vulnerable accounts in
1997
![Page 13: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/13.jpg)
Decrypt
Countermeasures - use a smartcard
Key is not exposed to user, workstation, or network No password
KerberosKDC
ticket
ticket
ticket
![Page 14: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/14.jpg)
Implementation
STARCOS v. 2.1 from Giesecke & Devrient
Modify MIT Kerberos v5-1.0.5 client Kerberos server unmodified for
global interoperability– Well, almost …– des_cbc_crc method uses key as ivec – Modify server to allow des_cbc_md5
![Page 15: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/15.jpg)
kinitstart
card reset
enddecryption
kinitfinish
startdecryption
0 0.06 0.34 1.32 1.54
Kerberos+smartcard performance
Ticket decrypt time: 1.26 sec.– Native STARCOS CBC– Two rounds– Obviates 27 round host ECB: 2.09 sec– Communication cost @ 9600 bps: ~ half
time in sec.
![Page 16: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/16.jpg)
Kerberos+smartcard conclusion
Practical smartcard authentication method
Addresses major weakness of Kerberos Fairly fast … room to improve Future work: store ticket on smartcard
![Page 17: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/17.jpg)
Smartcard filesystem (SCFS) ISO-7816
– Standard smartcard interface– Primitive message framing protocol
»Too primitive to be useful– Many vendor dependencies
Smartcard programming toolkits– IBM MFC, Microsoft PC/SC, OpenCard
framework, EMV’96, PKCS#11, JavaCard …
– Smartcard-specific everything: language, API, toolkit, library, application, etc.
– Hassle learning toolkit after toolkit– API dependencies
![Page 18: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/18.jpg)
SCFS goals and policies
Integrate a smartcard with UNIX – VFS: UNIX filesystem API
Take advantage of UNIX environment– Allows sophisticated UNIX commands– Access through symlinks
Any ISO-7816 smartcard Easy integration with applications
– Netscape cookies– PGP private keyring– Kerberos tickets– SSH private key
![Page 19: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/19.jpg)
Application to SSH
citi% mount_scfs /dev/scfs0 /smartcardciti% ln -s ~/.ssh/identity /smartcard/ss/idciti% ssh sin.citi.umich.eduEnter PIN:sin% logout
![Page 20: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/20.jpg)
SCFS design
Kernel VFS assisted by user process
XFSVFS
application scfsd smartcard
VFS handles application requests scfsd translates requests to ISO-
7816 APDUs No caching
userkernel
![Page 21: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/21.jpg)
SCFS implementationxfs_mount()
Send reset to smartcardChoose smartcard type from configuration table based on ATRMount the scfs filesystem
xfs_read() Translate FID into ISO-7816 nameSelect the fileSend “read” APDUCopy data to user space (uiomove)
![Page 22: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/22.jpg)
SCFS performance
Command total card overheadRead 8 28.9 28.2 0.7Read 128 190.2 189.4 0.8Write 8 63.4 62.7 0.7Write 128 1259.5 1258.9 0.7
all times in ms
read()call
finish readingsmartcard
read()return
start readingsmartcard
total
smartcard accessscfs overhead scfs overhead
![Page 23: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/23.jpg)
SCFS conclusion
Flexible API Overhead is small Useful as a low-level development tool
– ls, cd, pwd, make, etc. Secure storage for user profiles, web
cookies, Kerberos tickets, private keys, etc.
Problems– Readdir is broken in ISO-7816– Must preconfigure for each card– File length is troublesome
![Page 24: Practical Security With Smartcards Peter Honeyman CITI University of Michigan Ann Arbor.](https://reader035.fdocuments.in/reader035/viewer/2022070400/56649f155503460f94c2a8a5/html5/thumbnails/24.jpg)
Future directions
Smartcard filesystem– Complete missing vnodeops– Porting to other operating systems
Authentication– Secure Kerberos ticket generation– Smartcard public key integration
IP for smartcard– honey.mcard.umich.edu– Secure network storage, service provider