logging in or signing up mcard 99 march Alien Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 108 Category: News & Reports.. License: All Rights Reserved Like it (0) Dislike it (0) Added: August 20, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Innovation and Collaboration with Mcard: Innovation and Collaboration with Mcard Peter Honeyman Center for Information Technology Integration University of Michigan Ann Arbor A little bit about CITI: A little bit about CITI Center for Information Technology Integration Founded in 1986 as part of Information Technology Division Now in CIO office Research and development 'skunkworks' Advance UMich info tech environment, transfer results to University, government, industry Externally funded CITI staff: CITI staff Faculty and staff scientists Researchers and programmers Graduate and undergraduate students CITI core competencies: CITI core competencies Middleware lab Enterprise-scale info tech integration Distributed file systems Mobile computing High-speed networking Integrated security Proposal writing Smartcards: a pragmatic approach: Smartcards: a pragmatic approach Secrets in a smartcard remain safe even if hardware / software is compromised Integrate smartcard with infrastructure Build on what we have Use existing infrastructure (UMCE) UNIX filesystem; mail, web servers Kerberos NT (PAM + GINA) Use open standards (IETF, ISO) Add secure hardware: smartcard Experimental software: Experimental software Primary targets: OpenBSD Linux AIX NT PalmPilot JavaCard T=0, T=1 Innovation: Outline: Innovation: Outline Smartcard Filesystem Smartcard Integration with Kerberos Secure Bootstrap with Smartcard IP on Smartcard Smartcard filesystem: Smartcard filesystem ISO-7816 Standard smartcard interface Message framing protocol (too primitive to be usable) Many vendor dependencies Smartcard programming toolkits IBM MFC, Microsoft PC/SC, OpenCard framework, EMV’96, PKCS#11, … Smartcard-specific everything: language, API, toolkit, library, application, etc. Hassle learning toolkit after toolkit API dependencies SCFS goals and policies: SCFS goals and policies Integrate a smartcard with UNIX VFS: UNIX filesystem API Take advantage of UNIX environment Allows sophisticated UNIX commands Access through symlinks Any ISO-7816 smartcard Easy integration with applications Netscape cookies PGP private keyring Kerberos tickets SSH private key Application to SSH: Application to SSH citi% mount_scfs /dev/scfs0 /smartcard citi% ln -s ~/.ssh/identity /smartcard/ss/id citi% ssh sin.citi.umich.edu Enter PIN: sin% logout SCFS performance: SCFS performance Command total card overhead Read 8 28.9 28.2 0.7 Read 128 190.2 189.4 0.8 Write 8 63.4 62.7 0.7 Write 128 1259.5 1258.9 0.7 all times in ms read() call finish reading smartcard read() return start reading smartcard total smartcard access scfs overhead scfs overhead SCFS problem areas: SCFS problem areas Order of remove Directories and metadata Directory entry file: Directory entry file ISO-7816 does not have the right metadata FID, file type, size Required for ls, cat Hack: '.i' in every directory Hack: ioctl(): Hack: ioctl() Some ISO-7816-4 features do not fit the UNIX filesystem abstraction creat(), mkdir() need size Crypto commands (authentication, verify key, …) Issues with application loading Comparing PC/SC and SCFS: Comparing PC/SC and SCFS PC/SC SCFS: Application not modified OS Application OS Application PC/SC: Application modified or created OS Application OS Application SCFS PC/SC and SCFS (cont’d): PC/SC and SCFS (cont’d) PC/SC supports more cards and readers SCFS can take advantage of it Work in progress PC/SC OS Application OS Application SCFS SCFS wrap-up: SCFS wrap-up Powerful, flexible API Overhead is small Useful as a low-level development tool ls, cd, pwd, make, etc. Secure storage for user profiles, web cookies, Kerberos tickets, private keys, etc. Smartcard/Kerberos integration: Smartcard/Kerberos integration University of Michigan computing environment is protected by Kerberos So are MIT, CMU, Stanford, Cornell, ... Public key cryptography is not practical (yet) Kerberos security limitations: Lacks external encryption device Lacks secure key storage Passwords vulnerable to dictionary attack Smartcards can solve these problems Need for encryption device: Need for encryption device Kerberos KDC Key is exposed to user and workstation Workstation may not be trusted Sniffer, Trojan horse, virus ... password ticket Need for secure storage: Need for secure storage Keys stored on hard disk or in memory are vulnerable Hard disks are not secure Adversary with administrative rights can access keys Data in a hard disk may be backed up in an unprotected mass storage device Memory is not secure Adversary can scan memory Data in memory can be paged out to a hard disk Dictionary attack: Dictionary attack Create a list of English words, names, etc. Also Star Wars, German, Shakespeare, … thx1138 is a vulnerable password! :-( Derive keys from the words in the list Obtain a andlt;plaintext, ciphertextandgt; pair Kerberos gives up andlt;plaintext, ciphertextandgt; easily Decrypt ciphertext with the derived key If plaintext recovered, password is exposed UMich: andgt; 4,000 vulnerable accounts in 1997 Countermeasures - use a smartcard: Countermeasures - use a smartcard Key is not exposed to user, workstation, or network No password Kerberos KDC ticket Implementation: Implementation STARCOS v. 2.1 from Giesecke andamp; Devrient Modify MIT Kerberos v5-1.0.5 client Kerberos server unmodified for global interoperability Well, almost … des_cbc_crc method uses key as ivec Modify server to allow des_cbc_md5 Kerberos+smartcard performance: kinit start card reset end decryption kinit finish start decryption 0 0.06 0.34 1.32 1.54 Kerberos+smartcard performance Ticket decrypt time: 1.26 sec. Native STARCOS CBC Two rounds Obviates 27 round host CBC: 2.09 sec Communication cost @ 9600 bps: ~ half time in sec. Smartcard Hall of Shame: Smartcard Hall of Shame Cards we considered but were unable to use. Schlumberger CryptoFlex, MultiFlex Internal authentication command returns only the first 6 of the 8 bytes of encrypted data. The 'full DES' internal authentication command is not available in the standard version of the card. Cyberflex Access addresses these issues IBM MFC Encrypts a random number challenge presented by SCT_CMD_AUTHENTICATE command. Smartcard Hall of Shame (cont’d): Smartcard Hall of Shame (cont’d) MAOSCO Multos Encrypts with a fixed key. From the manual: 'For security reasons,' DES is used with a 'known cryptographic key' (0x41AD8223A90BE2A1). General Information Systems Oscar DES key is XOR'ed with a random number. From e-mail: 'The keys are XOR'ed with a random number for security reasons.' Gemplus GPK Key size is limited to 40 bits. Kerberos+smartcard wrap-up: Kerberos+smartcard wrap-up Practical smartcard authentication method Addresses major weakness of Kerberos Fairly fast … room to improve Try other smartcards Faster communication rate Future work: Store ticket on smartcard Use PC/SC library for interoperability Server ticket generation Secure bootstrap with smartcard: Secure bootstrap with smartcard Need to sign executable code for software integrity check Hardware-based solutions Secure Coprocessor, AEGIS Secure, but hard to configure Software-based solutions Tripwire, Authenticode But is OS trusted? Code signing with smartcard: Code signing with smartcard Use AEGIS to boot a specialized OS (boot OS) Store MACs in a smartcard Check the kernel integrity (second OS) with the smartcard Check integrity of important applications (Kerberos KDC, databases, etc.) with the smartcard IP on smartcard: IP on smartcard Expand smartcard accessibility to the Internet Network protocols on smartcard Network service used unmodified - same idea with SCFS FTP, HTTP, E-mail, etc. Smartcard as a mobile computer Bring IP address with you IP on smartcard plans: IP on smartcard plans Phase 1 : IP on ISO-7816 Will be implemented on Schlumberger CyberFlex Limit communication style to host request - smartcard reply Phase 2 : IP on bidirectional link layer Waiting for bare smartcard Future directions: Future directions SCFS Porting to other operating systems (Linux, NT) Support more cards and readers (PC/SC?) Kerberos Store tickets in a smartcard Support more cards and readers (PC/SC?) Smartcard-based ticket generation on server Just started IP on smartcard Code signing Innovation wrap-up: Innovation wrap-up For secure operating system Authentication: Kerberos + smartcard Integrity check: code signing with smartcard For convenient use of smartcard Host - smartcard access: SCFS Internet access: IP on smartcard Collaboration: Collaboration Partnerships with industry, government Identify common objectives Develop near- and intermediate-term solutions University is a 'living laboratory' of enterprise-scale issues CITI/SchlumbergerProgram in Smartcard Technology: CITI/Schlumberger Program in Smartcard Technology File system transparency Secure token storage Kerberos authentication Internet protocol Experimental fault analysis JavaCard formal verification JavaCard performance analysis SEM attack and defense Mcard opportunities: Mcard opportunities CITI, ITD, FinOps, Medical Public key infrastructure Engage the creativity and energy of the student body Any questions?: Any questions? http://www.citi.umich.edu/ You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
mcard 99 march Alien Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 108 Category: News & Reports.. License: All Rights Reserved Like it (0) Dislike it (0) Added: August 20, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Innovation and Collaboration with Mcard: Innovation and Collaboration with Mcard Peter Honeyman Center for Information Technology Integration University of Michigan Ann Arbor A little bit about CITI: A little bit about CITI Center for Information Technology Integration Founded in 1986 as part of Information Technology Division Now in CIO office Research and development 'skunkworks' Advance UMich info tech environment, transfer results to University, government, industry Externally funded CITI staff: CITI staff Faculty and staff scientists Researchers and programmers Graduate and undergraduate students CITI core competencies: CITI core competencies Middleware lab Enterprise-scale info tech integration Distributed file systems Mobile computing High-speed networking Integrated security Proposal writing Smartcards: a pragmatic approach: Smartcards: a pragmatic approach Secrets in a smartcard remain safe even if hardware / software is compromised Integrate smartcard with infrastructure Build on what we have Use existing infrastructure (UMCE) UNIX filesystem; mail, web servers Kerberos NT (PAM + GINA) Use open standards (IETF, ISO) Add secure hardware: smartcard Experimental software: Experimental software Primary targets: OpenBSD Linux AIX NT PalmPilot JavaCard T=0, T=1 Innovation: Outline: Innovation: Outline Smartcard Filesystem Smartcard Integration with Kerberos Secure Bootstrap with Smartcard IP on Smartcard Smartcard filesystem: Smartcard filesystem ISO-7816 Standard smartcard interface Message framing protocol (too primitive to be usable) Many vendor dependencies Smartcard programming toolkits IBM MFC, Microsoft PC/SC, OpenCard framework, EMV’96, PKCS#11, … Smartcard-specific everything: language, API, toolkit, library, application, etc. Hassle learning toolkit after toolkit API dependencies SCFS goals and policies: SCFS goals and policies Integrate a smartcard with UNIX VFS: UNIX filesystem API Take advantage of UNIX environment Allows sophisticated UNIX commands Access through symlinks Any ISO-7816 smartcard Easy integration with applications Netscape cookies PGP private keyring Kerberos tickets SSH private key Application to SSH: Application to SSH citi% mount_scfs /dev/scfs0 /smartcard citi% ln -s ~/.ssh/identity /smartcard/ss/id citi% ssh sin.citi.umich.edu Enter PIN: sin% logout SCFS performance: SCFS performance Command total card overhead Read 8 28.9 28.2 0.7 Read 128 190.2 189.4 0.8 Write 8 63.4 62.7 0.7 Write 128 1259.5 1258.9 0.7 all times in ms read() call finish reading smartcard read() return start reading smartcard total smartcard access scfs overhead scfs overhead SCFS problem areas: SCFS problem areas Order of remove Directories and metadata Directory entry file: Directory entry file ISO-7816 does not have the right metadata FID, file type, size Required for ls, cat Hack: '.i' in every directory Hack: ioctl(): Hack: ioctl() Some ISO-7816-4 features do not fit the UNIX filesystem abstraction creat(), mkdir() need size Crypto commands (authentication, verify key, …) Issues with application loading Comparing PC/SC and SCFS: Comparing PC/SC and SCFS PC/SC SCFS: Application not modified OS Application OS Application PC/SC: Application modified or created OS Application OS Application SCFS PC/SC and SCFS (cont’d): PC/SC and SCFS (cont’d) PC/SC supports more cards and readers SCFS can take advantage of it Work in progress PC/SC OS Application OS Application SCFS SCFS wrap-up: SCFS wrap-up Powerful, flexible API Overhead is small Useful as a low-level development tool ls, cd, pwd, make, etc. Secure storage for user profiles, web cookies, Kerberos tickets, private keys, etc. Smartcard/Kerberos integration: Smartcard/Kerberos integration University of Michigan computing environment is protected by Kerberos So are MIT, CMU, Stanford, Cornell, ... Public key cryptography is not practical (yet) Kerberos security limitations: Lacks external encryption device Lacks secure key storage Passwords vulnerable to dictionary attack Smartcards can solve these problems Need for encryption device: Need for encryption device Kerberos KDC Key is exposed to user and workstation Workstation may not be trusted Sniffer, Trojan horse, virus ... password ticket Need for secure storage: Need for secure storage Keys stored on hard disk or in memory are vulnerable Hard disks are not secure Adversary with administrative rights can access keys Data in a hard disk may be backed up in an unprotected mass storage device Memory is not secure Adversary can scan memory Data in memory can be paged out to a hard disk Dictionary attack: Dictionary attack Create a list of English words, names, etc. Also Star Wars, German, Shakespeare, … thx1138 is a vulnerable password! :-( Derive keys from the words in the list Obtain a andlt;plaintext, ciphertextandgt; pair Kerberos gives up andlt;plaintext, ciphertextandgt; easily Decrypt ciphertext with the derived key If plaintext recovered, password is exposed UMich: andgt; 4,000 vulnerable accounts in 1997 Countermeasures - use a smartcard: Countermeasures - use a smartcard Key is not exposed to user, workstation, or network No password Kerberos KDC ticket Implementation: Implementation STARCOS v. 2.1 from Giesecke andamp; Devrient Modify MIT Kerberos v5-1.0.5 client Kerberos server unmodified for global interoperability Well, almost … des_cbc_crc method uses key as ivec Modify server to allow des_cbc_md5 Kerberos+smartcard performance: kinit start card reset end decryption kinit finish start decryption 0 0.06 0.34 1.32 1.54 Kerberos+smartcard performance Ticket decrypt time: 1.26 sec. Native STARCOS CBC Two rounds Obviates 27 round host CBC: 2.09 sec Communication cost @ 9600 bps: ~ half time in sec. Smartcard Hall of Shame: Smartcard Hall of Shame Cards we considered but were unable to use. Schlumberger CryptoFlex, MultiFlex Internal authentication command returns only the first 6 of the 8 bytes of encrypted data. The 'full DES' internal authentication command is not available in the standard version of the card. Cyberflex Access addresses these issues IBM MFC Encrypts a random number challenge presented by SCT_CMD_AUTHENTICATE command. Smartcard Hall of Shame (cont’d): Smartcard Hall of Shame (cont’d) MAOSCO Multos Encrypts with a fixed key. From the manual: 'For security reasons,' DES is used with a 'known cryptographic key' (0x41AD8223A90BE2A1). General Information Systems Oscar DES key is XOR'ed with a random number. From e-mail: 'The keys are XOR'ed with a random number for security reasons.' Gemplus GPK Key size is limited to 40 bits. Kerberos+smartcard wrap-up: Kerberos+smartcard wrap-up Practical smartcard authentication method Addresses major weakness of Kerberos Fairly fast … room to improve Try other smartcards Faster communication rate Future work: Store ticket on smartcard Use PC/SC library for interoperability Server ticket generation Secure bootstrap with smartcard: Secure bootstrap with smartcard Need to sign executable code for software integrity check Hardware-based solutions Secure Coprocessor, AEGIS Secure, but hard to configure Software-based solutions Tripwire, Authenticode But is OS trusted? Code signing with smartcard: Code signing with smartcard Use AEGIS to boot a specialized OS (boot OS) Store MACs in a smartcard Check the kernel integrity (second OS) with the smartcard Check integrity of important applications (Kerberos KDC, databases, etc.) with the smartcard IP on smartcard: IP on smartcard Expand smartcard accessibility to the Internet Network protocols on smartcard Network service used unmodified - same idea with SCFS FTP, HTTP, E-mail, etc. Smartcard as a mobile computer Bring IP address with you IP on smartcard plans: IP on smartcard plans Phase 1 : IP on ISO-7816 Will be implemented on Schlumberger CyberFlex Limit communication style to host request - smartcard reply Phase 2 : IP on bidirectional link layer Waiting for bare smartcard Future directions: Future directions SCFS Porting to other operating systems (Linux, NT) Support more cards and readers (PC/SC?) Kerberos Store tickets in a smartcard Support more cards and readers (PC/SC?) Smartcard-based ticket generation on server Just started IP on smartcard Code signing Innovation wrap-up: Innovation wrap-up For secure operating system Authentication: Kerberos + smartcard Integrity check: code signing with smartcard For convenient use of smartcard Host - smartcard access: SCFS Internet access: IP on smartcard Collaboration: Collaboration Partnerships with industry, government Identify common objectives Develop near- and intermediate-term solutions University is a 'living laboratory' of enterprise-scale issues CITI/SchlumbergerProgram in Smartcard Technology: CITI/Schlumberger Program in Smartcard Technology File system transparency Secure token storage Kerberos authentication Internet protocol Experimental fault analysis JavaCard formal verification JavaCard performance analysis SEM attack and defense Mcard opportunities: Mcard opportunities CITI, ITD, FinOps, Medical Public key infrastructure Engage the creativity and energy of the student body Any questions?: Any questions? http://www.citi.umich.edu/