View
216
Download
0
Category
Tags:
Preview:
Citation preview
Innovation and Collaboration with Mcard
Peter HoneymanCenter for Information Technology Integration
University of MichiganAnn Arbor
A little bit about CITI
Center for Information Technology Integration– Founded in 1986 as part of Information
Technology Division– Now in CIO office
Research and development “skunkworks” Advance UMich info tech environment,
transfer results to University, government, industry
Externally funded
CITI staff
Faculty and staff scientists Researchers and programmers Graduate and undergraduateand undergraduate
students
CITI core competencies
Middleware lab Enterprise-scale info tech integration
– Distributed file systems– Mobile computing– High-speed networking– Integrated security
Proposal writingProposal writing
Smartcards: a pragmatic approach
Secrets in a smartcard remain safe even if hardware / software is compromised
Integrate smartcard with infrastructure Build on what we have
– Use existing infrastructure (UMCE)»UNIX filesystem; mail, web servers»Kerberos»NT (PAM + GINA)
– Use open standards (IETF, ISO)– Add secure hardware: smartcard
Experimental software
Primary targets: – OpenBSD– Linux– AIX– NT– PalmPilot– JavaCard
T=0, T=1
Innovation: Outline
Smartcard Filesystem Smartcard Integration with
Kerberos Secure Bootstrap with Smartcard IP on Smartcard
Smartcard filesystem ISO-7816
– Standard smartcard interface– Message framing protocol (too primitive
to be usable)– Many vendor dependencies
Smartcard programming toolkits– IBM MFC, Microsoft PC/SC, OpenCard
framework, EMV’96, PKCS#11, …– Smartcard-specific everything: language,
API, toolkit, library, application, etc. – Hassle learning toolkit after toolkit– API dependencies
SCFS goals and policies
Integrate a smartcard with UNIX – VFS: UNIX filesystem API
Take advantage of UNIX environment– Allows sophisticated UNIX commands– Access through symlinks
Any ISO-7816 smartcard Easy integration with applications
– Netscape cookies– PGP private keyring– Kerberos tickets– SSH private key
Application to SSH
citi% mount_scfs /dev/scfs0 /smartcardciti% ln -s ~/.ssh/identity /smartcard/ss/idciti% ssh sin.citi.umich.eduEnter PIN:sin% logout
SCFS performance
Command total card overheadRead 8 28.9 28.2 0.7Read 128 190.2 189.4 0.8Write 8 63.4 62.7 0.7Write 128 1259.5 1258.9 0.7
all times in ms
read()call
finish readingsmartcard
read()return
start readingsmartcard
total
smartcard accessscfs overhead scfs overhead
SCFS problem areas
Order of remove Directories and metadata
Directory entry file
ISO-7816 does not have the right metadata– FID, file type, size
Required for ls, cat Hack: “.i” in every directory
Hack: ioctl()
Some ISO-7816-4 features do not fit the UNIX filesystem abstraction
creat(), mkdir() need size Crypto commands (authentication,
verify key, …) Issues with application loading
Comparing PC/SC and SCFS
PC/SC
SCFS: Application not modified
OS
Application
OS
Application
PC/SC: Application modified or created
OS
Application
OS
Application
SCFS
PC/SC and SCFS (cont’d) PC/SC supports more cards and readers SCFS can take advantage of it Work in progress
PC/SC
OS
Application
OS
Application
SCFS
SCFS wrap-up
Powerful, flexible API Overhead is small Useful as a low-level development tool
– ls, cd, pwd, make, etc. Secure storage for user profiles, web
cookies, Kerberos tickets, private keys, etc.
Smartcard/Kerberos integration
University of Michigan computing environment is protected by Kerberos– So are MIT, CMU, Stanford, Cornell, ...
Public key cryptography is not practical – (yet)
Kerberos security limitations:– Lacks external encryption device– Lacks secure key storage– Passwords vulnerable to dictionary
attack Smartcards can solve these problems
Decrypt
Need for encryption device
KerberosKDC
Key is exposed to user and workstationWorkstation may not be trustedSniffer, Trojan horse, virus ...
passwordticket
ticket
Need for secure storage
Keys stored on hard disk or in memory are vulnerable
Hard disks are not secure – Adversary with administrative rights can
access keys– Data in a hard disk may be backed up in
an unprotected mass storage device Memory is not secure
– Adversary can scan memory– Data in memory can be paged out to a
hard disk
Dictionary attack
Create a list of English words, names, etc.– Also Star Wars, German, Shakespeare, …– thx1138 is a vulnerable password! :-(
Derive keys from the words in the list Obtain a <plaintext, ciphertext> pair
– Kerberos gives up <plaintext, ciphertext> easily
Decrypt ciphertext with the derived key– If plaintext recovered, password is
exposed UMich: > 4,000 vulnerable accounts in
1997
Decrypt
Countermeasures - use a smartcard
Key is not exposed to user, workstation, or network No password
KerberosKDC
ticket
ticket
ticket
Implementation
STARCOS v. 2.1 from Giesecke & Devrient
Modify MIT Kerberos v5-1.0.5 client Kerberos server unmodified for
global interoperability– Well, almost …– des_cbc_crc method uses key as ivec – Modify server to allow des_cbc_md5
kinitstart
card reset
enddecryption
kinitfinish
startdecryption
0 0.06 0.34 1.32 1.54
Kerberos+smartcard performance
Ticket decrypt time: 1.26 sec.– Native STARCOS CBC– Two rounds– Obviates 27 round host CBC: 2.09 sec– Communication cost @ 9600 bps: ~ half
time in sec.
Smartcard Hall of Shame Cards we considered but were unable to use. Schlumberger CryptoFlex, MultiFlex
– Internal authentication command returns only the first 6 of the 8 bytes of encrypted data. The “full DES” internal authentication command is not available in the standard version of the card.
– Cyberflex Access addresses these issues IBM MFC
– Encrypts a random number challenge presented by SCT_CMD_AUTHENTICATE command.
Smartcard Hall of Shame (cont’d) MAOSCO Multos
– Encrypts with a fixed key. From the manual: "For security reasons," DES is used with a "known cryptographic key" (0x41AD8223A90BE2A1).
General Information Systems Oscar– DES key is XOR'ed with a random number. From
e-mail: “The keys are XOR'ed with a random number for security reasons.”
Gemplus GPK– Key size is limited to 40 bits.
Kerberos+smartcard wrap-up
Practical smartcard authentication method Addresses major weakness of Kerberos Fairly fast … room to improve
– Try other smartcards– Faster communication rate
Future work: – Store ticket on smartcard– Use PC/SC library for interoperability– Server ticket generation
Secure bootstrap with smartcard
Need to sign executable code for software integrity check
Hardware-based solutions– Secure Coprocessor, AEGIS– Secure, but hard to configure
Software-based solutions– Tripwire, Authenticode– But is OS trusted?
Code signing with smartcard
Use AEGIS to boot a specialized OS (boot OS)
Store MACs in a smartcard Check the kernel integrity (second
OS) with the smartcard Check integrity of important
applications (Kerberos KDC, databases, etc.) with the smartcard
IP on smartcard
Expand smartcard accessibility to the Internet
Network protocols on smartcard– Network service used unmodified -
same idea with SCFS– FTP, HTTP, E-mail, etc.
Smartcard as a mobile computer– Bring IP address with you
IP on smartcard plans
Phase 1 : IP on ISO-7816– Will be implemented on
Schlumberger CyberFlex– Limit communication style to host
request - smartcard reply Phase 2 : IP on bidirectional link
layer– Waiting for bare smartcard
Future directions
SCFS– Porting to other operating systems (Linux, NT)– Support more cards and readers (PC/SC?)
Kerberos– Store tickets in a smartcard– Support more cards and readers (PC/SC?)– Smartcard-based ticket generation on server
Just started– IP on smartcard– Code signing
Innovation wrap-up
For secure operating system– Authentication: Kerberos + smartcard– Integrity check: code signing with
smartcard For convenient use of smartcard
– Host - smartcard access: SCFS– Internet access: IP on smartcard
Collaboration
Partnerships with industry, government
Identify common objectives Develop near- and intermediate-
term solutions University is a “living laboratory”
of enterprise-scale issues
CITI/SchlumbergerProgram in Smartcard Technology
File system transparency Secure token storage Kerberos authentication Internet protocol Experimental fault analysis JavaCard formal verification JavaCard performance analysis SEM attack and defense
Mcard opportunities
CITI, ITD, FinOps, Medical Public key infrastructure Engage the creativity and energy
of the student body
Any questions?http://www.citi.umich.edu/
Recommended