Use of Smartcards in IT Security

Properties and Structure of Smartcards

• Smartcard Reader
• IT Security Applications
• Identification and Authentication
• Personal Profile Carriers
• Personal Keys and Certificates
• Running Encryption and Signature Operations
• Organizational Aspects
• Smartcard Technology
   

More than 20 years ago a young French journalist named Roland Moreno filed a patent for integrating a processor circuit into plastic cards. At that time nobody realized how versatile or important that applications would become.

On the basis of this simple idea several hundred million cards have been manufactured for a wide range of security and commerce applications. This article explains Smartcard fundamentals, and the deployment of these intelligent chipcards in IT Security. 
 

Properties and Structure of Smartcards

Chipcards / smartcards are as large as a standard ec credit card (86 x 54 x 0.76 mm). In contrast to magnetic stripcards they possess an integrated circuit that can store information and options for external interfacing. 

Depending on the card type they can have more or less extensive intelligence.

Chipcards can be divided into several categories, which influence use and costs.

Depending on the memory technology chipcards can be Read-Only (ROM), be Write-Once (EPROM) or Re-Written (EEPROM). 

For a simple memory card it is perfectly sufficient, if one bit after another is 'booked', so when the last bit is written the card is used up and it loses functionality (e.g. telephone cards). Such cards do not require extensive intelligence: simple logic is enough for reading and booking bits. 

Only the "intelligent" processor chipcards (smartcards) are described herein, as these are the only cards deployed in IT security. 

Such IT Security smartcards have the following structure: 

Access to the memory areas is only possible via the CPU. The operating system (OS) of the chipcard  supports the CPU and is is stored in ROM, but can be extended with functions in EEPROM. This makes it possible to have cards with individual functionality without the expense of creating masks. 

Today a typical smartcard has an 8 or 16-bit CPU, 4 to 64k RAM, up to 24 KB ROM, and 4 to 64 KB EEPROM. High end smartcards run RSA operations with keys of between 512 and 1024 bits using crypto-coprocessors. 

There is a range of norms that describe smartcard functions and manufacturer standards in the process of becoming established, such as the Microsoft PC/SC initiative or Sun's JavaCard specification. 

The most important smartcard standards endeavor is the ISO 7816 which consists of several parts. From the security functions perspective the standardized commands to run functions relevant to security are described below. 

The Verify command makes it possible to compare saved data to data sent to the card. This makes password or PIN mechanisms possible, and the cards have operating error counters to prevent obtaining PIN numbers by trial and error. 

The External and Internal Authenticate commands make it possible to authenticate card using a challenge / response, otherwise known as requesting a PIN from the user. 

First the card reader provides a challenge / response to the chipcard, and when successful, then shifts into a mode that enables authenticate using the the crypto technology. 

The card initially receives a challenge from the terminal (interface device or host). With a saved key a response is calculated that allows card readers to make a PIN ID check. In the second stage a terminal response value is returned to the card to check in the card whether the terminal recognized the card. Only then may the card status be increased to authenticate. 

This two-way handshake can be used on the whole card or only on individual areas using dedicated keyfiles, which are special data files on the chipcards memory image that store the private security keys. 

Because the private keys never leave the chipcard, you don't have to worry about anybody compromising the cards or having to store keys in a common database on a server. 
 

Smartcard Readers

In general a distinction must be made between readers with a PIN keyboard (also known as PIN pads) and those without. Depending on the application it is necessary to enter the PIN in a secured environment (this affects the POS area in particular). In certain areas such as PC access control it is not usual to have a less ergonomic keyboard in addition to the usual one. In addition the PIN is not numerical in certain areas, so that PIN keyboard entries are not possible. Most readers can be connected using a serial port. There are also readers which can be used as PCMCIA device (notebooks) or integrated into the keyboard. 
 

IT Security Applications

The properties of smartcards make them predestined for IT security applications. With the smartcard it is thus possible to release data only after the presentation of secret values (secret number or password). At the same time smartcards have mechanisms such as an operating error counter (FBZ) to prevent obtaining the value by trial and error. When the final operating error counter is reached, depending on the level of security, the card becomes totally unusable, temporarily locked or individual functions are temporarily not accessible. The PIN is used to authenticate the user to the smartcard and protects him against card misuse should the card be lost. The user can select any PIN and can change it at any time. 

The smartcard can run algorithms. This makes it possible to use encryption methods such as DES and RSA for authentication purposes, for secured transmission of data between the card and terminal and to calculate digital signatures. Successful authentication flows can change the status of the smartcard, thus releases new functions and data accesses. Equipped with these abilities, the following areas of application are possible in the IT security applications: 

• Identification and authentication to a security system
• Saving personal keys, certificates and profiles
• Encryption operations
• Digital signatures
   

Identification and Authentication Medium

The smartcard is generally used as a substitute for user ID / password systems. A much higher level of security can be achieved with a secure communication protocol between the smartcard and reader and between the reader and PC. It works as follows (the steps in brackets are not essential).

1. Smartcard reader and smartcard identify themselves with a two-way handshake via the possession of the same key (CK=Company Key or CCK Chipcard Communication Key). This excludes initial cards or cards from other organizations from being processed. Subsequently the CCK can be used to secure communication between smartcard and reader.
2. The user inserts his smartcard in the reading device. The user identification is read from a readable field which cannot be changed (PID=Personal Identification).
3. The user enters his PIN. This is transmitted to the card and is verified by the same. The assumption is that no mechanisms have been installed by an attacker, to obtain the PIN when the PIN is entered or that the attacker subsequently obtains possession of the card.
4. A challenge response procedure occurs with the checking system of the host. The PID is sent to the host and initiates a challenge to the smartcard, which is calculated using a user-specific personal value (PK=Personal Key). On successful verification of the smartcard response, the host has identified the card.
5. By returning a response from the host to the smartcard and with its verification, the chipcard can be set to a higher status.
    

Personal Profile Carriers

In certain operating systems security mechanisms such as access tokens are integrated. After a successful user ID / password verification the operating system makes the information (user profile) available from internal tables. To do so this information must be kept up to date on all PCs where access has to be granted (authentication servers such as Kerberos are an alternative). The smartcard offers the opportunity of saving such profiles (or the keys necessary for Kerberos ) on the card securely and thus equipping the user with his rights which cannot be copied or inherited. 
 

Carriers for Personal Keys and Certificates

Smartcards are suitable as secure storage media for personal keys and X.509 certificates. Very security-critical secret keys to sign data using public key methods can be stored security against unauthorized access. Indeed for security reasons the German Signature Act requires the deployment of ITSEC E4 high certified smartcards for digital signatures which conform to the law. Saving the certificate on the smartcard, which confirms the assignment of a public key to a person is of practical value for key management. When required the certified public key can also be added for verification purposes. 

Smartcards as secure storage media for secret keys and certificates are also being used increasingly with GSS-based methods for reciprocal partner authentication and for agreeing a session key for encrypting mass data. Personal and group-specific keys for encryption / decryption of mass data can be saved securely on smartcards. 
 

Running Encryption and Signature Operations 

If the encryption and signature operations are performed within the card, the keys used for this will not leave the secured area of the card. As for now larger encryption operations (encryption of mass data) are not possible in the card. However a card with integrated RSA functionality is eminently suitable for encrypting low data quantities (e.g. hash values for digital signatures). 
 

Organizational Aspects

Objections of potential users against the use of smartcards frequently relate to organizational aspects. Smartcards are complicated to handle, must be issued, are easy to lose, etc. And users shrink from costs for additional hardware (cards/reading devices). Can smartcards be justified from a cost/benefit perspective? 

back to top