Use of Cryptography and Encryption Keys in Smart Cards

Cryptographic Technology in Smartcards

Smart cards actually offer more security and confidentiality than other financial information or transaction storage vehicles, making it a perfect solution for e-commerce transactions. A smart card is a safe place to store valuable information such as private keys, account numbers, passwords, or personal information. It's also a secure place to perform processes that one doesn't want exposed to the world, for example, performing a public key or private key encryption. Smart cards have computational or processing power to provide greater security, allowing verification of the cardholder. Entering a PIN is one method of verification, biometrics is another. The benefit of the smart card is that you can verify the PIN or fingerprint securely, off-line.

Security is almost always a fundamental requirement of smartcard solutions. Smartcards have made significant security advances in physical tamper and power analysis protection. Inter-application security will also be a critical requirement by card issuers, irrespective of the platform adopted. This has not hindered the use of Javacard in the GSM SIM world but security will be a much more important issue with financial cards or for the use of financial applications on SIM cards.

There are differences in the platform security schemes and all offer useful flexibility in different directions. However, the fundamental mechanisms of authorised and confidential loading of applications can be satisfied by all platforms.

Authentication Token Basics

Secure Tokens

The biggest challenge to business-to-business transactions is establishing a trusted platform for high value transactions in the public space of the Internet. Some key elements are required to build this platform: security, authentication and confidentiality. PKI (Public Key Infrastructure) is the technology of choice for securing electronic commerce.

A secure token is a secure container in which to keep your private signing and encryption Keys and Certificates in support of Public Key Infrastructure operations. Your token is similar in nature to your credit card, and should be kept safely and securely at all times.

Access to the Keys and Certificates is by a Private Identification Number (PIN) (also known as a personal identification code or pass phrase) which allows the secure token to be used in the PKI environment. Once stored on the card, your private keys are never able to be extracted, and can only be used within the security of the secure token.

Public Key Infrastructure ( PKI )

Public Key Infrastructure – or PKI – is a set of procedures and technology to provide security and confidentiality for electronic business. The smart card plays a central role in the deployment of a PKI since it provides a secure, portable storage for keys and certificates.

“Public key infrastructure” (PKI) is a system for Internet security.  It is also a system used for digital certificates, and by certificate and other registration authorities involved in verification and authentication of the validity of Internet transactions by several parties.

PKI provides users with the ability to communicate with confidence in an electronic environment. To be able to do this, users need to know:

An application related to access, but more sophisticated, is public key infrastructure, or PKI, and its usefulness for electronic signatures. PKI is an electronic system of verifying an individual’s identity using an embedded authentication certificate.

Since the smart card or security token stores and maintains the user's keys, it is important to properly integrate your smartcard into an existing PKI infrastructure or plan for it in deploying a new PKI.

With the passage of the U.S. Government Paperwork Elimination Act in 1998, federal agencies must be able to offer and accept digital signatures.

Keycorp's PKI smartcard system

• chip is tamper-resistant
• information stored on the card can be PIN code and/or read-write protected
• capable of performing encryption
• each smart card has its own, unique serial number

Coprocessors are essential to execute secure authentication and data encryption or electronic signature. They allow for implementation of highly secure authentication methods and integrity checks based on both secret key or public key methods.

Secure transaction processing, secure Web applications, public key cryptography, symmetric key cryptography, secure data repositories, security architectures.

White paper on General Cryptographic knowledge basics.

Technical Reports on Cryptography - highly technical from the Crypto Group in Belgium.

Public Key Infrastructure Implementation Methodology - PKIcomplete provides a methodology for the implementation of public key infrastructures. 

The methodology begins at the point where your organization has expressed the requirement for a PKI to support some or all aspects of its electronic service delivery. For example, the requirement may have been expressed in an information management/information technology plan, in an IT or IT security infrastructure improvement plan, or as part of an application development initiative.

The methodology covers the elements of the PKI life cycle up to the stage where the PKI is up and operational, certification has been completed, and personnel have been trained and have assumed their new PKI responsibilities.

The PKIcomplete methodology has been designed to address the rigorous specification and implementation demands of a PKI.

PKI Forum, Inc. is an international, not-for-profit, multi-vendor and end-user alliance whose purpose is to accelerate the adoption and use of Public-Key Infrastructure (PKI) and PKI-based products and services. The PKI Forum advocates industry cooperation and market awareness to enable organizations to understand and exploit the value of PKI in their e-business applications.

Two Factor Authentication

Differential Power Analysis

Differential Power Analysis involves measuring the electrical power consumption of smart cards and other cryptographic devices. Statistical methods are then used to extract cryptographic keys and other secrets. Vulnerable devices are at risk for compromises including fraud, cloning, impersonation, counterfeiting, and piracy.

Although DPA attacks typically require technical skill to implement, they can be repeated with a few thousand dollars of standard equipment, and can often break a device in a few minutes. DPA and related attacks were originally discovered at Cryptography Research in 1998.

This group of young cryptographers in San Francisco had discovered a way to extract the encryption keys protecting data in a chip, thus opening its contents for unintended use. The ramifications for the burgeoning GSM market and highly touted stored value programs such as Mondex, Proton, and VisaCash seemed significant.

Cryptography Research showed the vulnerabilities they discovered to Mondex, Visa, and others. These card issuers then brought the silicon and card suppliers to see the DPA demonstration and under non-disclosure agreements were shown how to mask and minimize the vulnerabilities with the understanding that they would be coming back for licensing once the patents were issued.

In April 2004, Cryptography Research announced that it had been granted a series of patents broadly covering countermeasures to DPA attacks. These include:

* U.S. Patent #6,654,884: Hardware-level mitigation and DPA countermeasures for cryptographic devices;
* U.S. Patent #6,539,092: Leak-resistant cryptographic indexed key update;
* U.S. Patent #6,510,518: Balanced cryptographic computational method and apparatus for leak minimization in smartcards and other cryptosystems;
* U.S. Patent #6,381,699: Leak-resistant cryptographic method and apparatus;
* U.S. Patent #6,327,661: Using unpredictable information to minimize leakage from smartcards and other cryptosystems;
* U.S. Patent #6,304,658: Leak-resistant cryptographic method and apparatus;
* U.S. Patent #6,298,442: Secure modular exponentiation with leak minimization for smartcards and other cryptosystems; and
* U.S. Patent #6,278,783: DES and other cryptographic, processes with leak minimization for smartcards and other cryptosystems.

Cryptography Research now expects companies utilizing the patented countermeasures in their products to pay for its use.

Technical primer on Differential Power Analysis

Public-Key Algorithms

Symmetric-Key Algorithms

Data Hashing Algorithms

SPYRUS

The National Security Agency (NSA) publicly announced in October 2003 its intent to adopt elliptic curve cryptography (ECC), which forms the heart of the Suite B algorithms.

SPYRUS, which has specialized in cryptographic services utilizing high assurance devices to publish, distribute, and provide access control for electronic data received the first patent sublicense for elliptic curve cryptography that has been issued by the National Security Agency, under the terms of the NSA Field of Use patent license.

The "Field of Use" refers to the technology and methods necessary to implement patented technology, utilizing elliptic curves in GF(p) with key strengths greater than 255-bits, with implementations that are certified to meet the FIPS 140-2 security standard. SPYRUS products implement ECC technology specified for use by the U.S. Government, and increasingly adopted by other governments as well as the commercial sector.

SPYRUS products support the full range of ECC curves in GF(p) that have been approved for use by the U.S. Government, from P-256 to P-521. SPYRUS products also support the full range of SHA-224/256/384/512, and AES-128/192/256. The Full and One-Pass ECMQV key establishment schemes are supported, along with the five EC Diffie-Hellman schemes required by NIST's Special Publication SP 800-56. The full range of capabilities that might be selected for a particular application will therefore be available in a FIPS 140-2 certified SPYRUS product.

Infineon and SPYRUS have been partners since the mid-1990s. Together they produced the first smart card and USB cryptographic token certified to meet the FIPS 140-1 Level 2 and Level 3 security standards, for use in both Government and commercial business enterprises. This collaboration now provides the market with the first token to offer complete Suite B capabilities to provide the strongest security protection in smart card, USB token, and secure mass storage products available anywhere. It is being submitted for certification under the stringent FIPS 140-2 Level 3 cryptographic security standard by an agency of the U.S. Government (NIST). The Infineon SLE66CX642P chip is in the process of being certified under Common Criteria at an EAL5+ level of trust by the German Government.

SPYRUS plans to migrate its security solution to Infineon's new PE family of secure microcontroller ICs to take advantage of enhanced features including more efficient EEPROM programming, 33MHz CPU clock, and smaller die size. These technologies include Infineon's multi-layer chip design, which includes an active shield to prevent tampering, the Advanced Cryptographic Engine (ACE) as well as a Triple DES cryptographic coprocessor to accelerate RSA, ECC and DES computations, together with state-of-the-art techniques to defeat possible side-channel analysis attacks. These techniques include instruction timing randomization, complementary balanced circuitry, encrypted memory bus transfers, and current scrambling techniques.

SPYRUS technologies build upon that solid security base by utilizing their own intellectual property and algorithm implementations to add highly optimized support for ECC, AES, SHA-2, RSA, DSA, and other legacy algorithms running on their secure smart card operating system (SPYCOS(R)).

StrongSwan / OpenSwan

strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developed over the last three years. In order to have a stable IPsec platform to base their future extensions of the X.509 capability on, they decided to launch the strongSwan project.

IPsec provides encryption and authentication services at the IP (Internet Protocol) level of the network protocol stack.

Working at this level, IPsec can protect any traffic carried over IP, unlike other encryption which generally protects only a particular higher-level protocol -- PGP for mail, SSH for remote login, SSL for web work, and so on. This approach has both considerable advantages and some limitations. For discussion, see our IPsec section

IPsec can be used on any machine which does IP networking. Dedicated IPsec gateway machines can be installed wherever required to protect traffic. IPsec can also run on routers, on firewall machines, on various application servers, and on end-user desktop or laptop machines.

TrustCenter - key to internet security - secure communications, PKI certificates.

Cryptography Information and Links

Symmetric Cryptology - Data Authentication - pdf

Handbook of Applied Cryptography

IACR (International Association for Cryptologic Research)

IETF web site: www.ietf.org

Cryptography faq: www.faqs.org/faqs/cryptography-faq

Ron Rivest, David Wagner, Counterpane www.counterpane.com/hotlist.html

Digicrime

MSDN - CryptoAPI Reference

MSDN - Cryptography Portal

The related ISO specification 7810, 7816

Link collection for Security and Cryptography

Crypto NESSIE (New European Schemes for Signatures, Integrity and Encryption) puts forward a portfolio of strong cryptographic primitives after a transparent and open evaluation process Nessie (New European Schemes for Signatures, Integrity and Encryption) puts forward a portfolio of strong cryptographic primitives after a transparent and open evaluation process

Pampas (Pioneering Advanced Mobile Privacy and Security) has identified research challenges in the area of mobile privacy and security and has derived a coherent roadmap for applied research within the current batch of European Projects Pampas (Pioneering Advanced Mobile Privacy and Security) has identified research challenges in the area of mobile privacy and security and has derived a coherent roadmap for applied research within the current batch of European Projects

The security of RSA is based on the “fact” that it is easy to generate two large primes, but that it is hard to factor their product.

SMARTsh

smartsh has become somewhat obsolete. It used to work only with Cyberflex Access 16K cards (no longer manufactured?), and only with native ISO 7816-4 command APDUs of that card.  It is suggested that you use the MuscleCard framework which supports a wide variety of cards, and either the command-line oriented muscleTool or the GUI-oriented XCardII for card management.

Crypto-Gram is a free monthly e-mail newsletter on computer security and cryptography from Bruce Schneier (author of Secrets and Lies and Applied Cryptography, inventor of Blowfish and Twofish, CTO and founder of Counterpane Internet Security, Inc., general crypto pundit and occasional crypto curmudgeon).