A Multi-Application Smart-Card ID System for George Mason University

- Suraj Ravichandran.

Current System  Magnetic Swipe Card based

ID  The card has three tracks  They each store the following:

Name, G# and Issue-ID  The readers convey the G# to

the database, which then relays the required information

 Services rendered: Monetary(Mason Money), Library, access to campus residential buildings

So Why Change?  Lack of encryption makes

spoofing/cloning easier

 No link exists to verify the authenticity of the card in use with the person's actual ID

 Physical deployment not secure – major security risk

Proposed System: Overview  Contact-less Smart-card

based ID system  Secure deployment of

physical sytems  Possible means to link

owners ID to card in use  Cryptographic scheme for

ensuring the above point and to prevent card duplication/spoofing

 Suggested System : NFC Smart-cards combined with Encryption and Signatures

Contact-less Smart Cards  ISO 14443 defines the

standard for Contact-less Card

 They utilize the power form the radio waves to operate the chip and behave like a smart-card

 Major benefit is the utilization of available cryptosystems to accelerate the hardware

Contact-less Smart Cards  CPU: Control Processing Unit

 SRAM: Static Random Access Memory

 ROM: Read Only Memory Static store the Operating System

 EEPROM: Electrically Erasable and Programmable Read Only Memory Persistent

 CRYPTO: Cryptographic processor

 RNG: Random Number Generator

NFC  NFC stands for Near Field Communication

 Emerging communication protocol for use in short (about 10cms) range

 Due to ultra-short range there are no ethical concerns, thus also making it ideal for complementing a cryptographic scheme

 Very widely accepted for ID and Mass Marketing applications

 Smart-card implementations already exist and most of the industry giants are NFC certified partners

NFC : Tag Types Type 1 Tag Type 2 Tag Type 3 Tag Type 4 Tag

Compatible Products

Innovation Topaz (now Broadcom)

NXP Mifare Ultralight

Sony Felica NXP DESFire/ NXP SmartMX JCOP

Memory Size

96 bytes 48/144 bytes 1,4,9 kB 4/32 kB

Unit Price Low Low Low Medium/High

Data Access

Read/Write or Read Only

Read/Write or Read Only

Read/Write or Read Only

Read/Write or Read Only

Active Content

X X X X/Y

NFC Card Reader/Writer  ACR122 NFC Contact-less Smart

Card Reader – by Advanced Card Systems

 Economical on the budget – USD 45  NFC Reader :-

ISO/IEC18092 (NFC) compliant NFC Tags Access Speed = 212 kbps

 Contact-less Smart Card Reader :- Support FeliCa card Support ISO 14443 Type A & B cards

MIFARE® cards (Classics, DESFire)

NFC Tags

 Simple Read/Write Tags range from as low as 0.75 USD a card

 The Smart-card versions cost around 1.25 USD if bought in bulk

NFC Security Threats  Eavesdropping

 Data Corruption (DoS attacks)

 Data Modification

 Cloning the Card

 Solution? -- Use of Cryptographic Schemes

Zero Knowledge Proof of ID  It makes it possible for the prover to prove himself to the

verifier without exchanging any key or secret details at all

 Thus, an eavesdropper only gets to bag assertions or negations, but no solid proof of identity that can later be misused

 Likewise, it also prevents the verifier from misusing the secret details of the prover in future

 Zero Knowledge Protocols wont care whether you actually know the password or not, as long as you prove that you know it

ZKPI Alibaba Analogy This is supposed to be

Alibaba's magic cave

Magic Words!!! “Open Sesame” This is the secret of the

cave

ZKPI practical algorithms   Feige-Fiat-Shamir Zero Knowledge Proof Protocol

  Uses the difficulty in factorizing to its advantage

  If the protocol is repeated multiple times the probability that a false positive decreases to almost 1 in a million

  Multiple instances of protocol can be paralleled to accelerate the operation and further narrow down the chance of false identity

ZKPI Drawbacks and Advantages

Pros:

 Comparatively faster than RSA

 True ZKPI leak absolutely no information to eavesdropper

Cons:

 No hardware accelerators present

 Difficulty in fabrication of chips

 No API support for back-end systems

 Final Card not tamper proof

Elliptic Curve Cryptography  Competitor of RSA

 Proven to withstand significant cryptanalysis

 Provides same level of security as RSA, with lesser number of bits for modulus

 Lesser amount of memory usage

NFC Signature Record Size Signature Algorithm Signature Certificate Total Size

(bytes) RSA 1024/SHA-1 128 774 902

RSA 2048/SHA-1 256 1180 1436

RSA 4096/SHA-1 512 1437 1949

DSA 1024/SHA-1 128 693 821

ECDSA P-192/SHA-1 48 388 436

ECDSA P-256/ SHA-256 64 412 476

Implicit Certificates - ECC-based Elliptic Curve Qu-Vanstone (ECQV)

Field Size (bytes)

Version 1

Certificate Serial Number 8

Certificate Algorithm Identifier for Certificate Issuer’s Signature 1

Hash 1

Issuer Identifier 8

Validity Period 4

Subject Identifier 8

Public Key Reconstruction Value 25

Total Certificate Size 56

Reduction in Signature RTD by using ECQV

Signature Algorithm Signatures (bytes)

Certificate Chain (bytes)

Total Size (bytes)

RSA 1024/SHA-1 128 774 902

ECDSA P-192/SHA-1 48 388 436

ECDSA P-192/SHA-1/ECQV 48 56 104

ECDSA P-256/SHA-216/ECQV 64 64 128

Signcryption  PV signature scheme (Pintsov-Vanstone) can provide

confidentiality within the signature itself  Keyed PV(its variant), where the signer chooses a recipient

and encrypts and signs message (or a part of it) for the recipient

 Partial message recovery :- the message divided into two parts, hidden and visible part

 Hidden part is embedded in the signature, visible part is sent as is, along with the signature

 During verification, the hidden part is recovered from the signature

 A requirement of keyed PV is that the recipient have an elliptic curve key pair, compatible with the domain parameters of the signer’s key pair

ECC based Signatures Pros

 ECC is well established, thus availability of hardware accelerators and library support

 Proposed scheme saves in memory and hence one can switch to type 2/1 cards, proving economical

Cons

 Substantial amount of computations performed

 Root CA needs to be established

 Card is still not tamper proof

 Still no link of card holder to card in use

 Frequent issuance of CRLs

Then Authentication Solution

 Place a second layer of security to link card holder to card in use

 Use any Personal Identity Verification Scheme

 Suggested: Personal Identification Number (PIN)

Alternate System:Biometrics

 Methods for uniquely recognizing humans based on intrinsic physical or behavioral traits

 Such traits include fingerprints, palm patterns, retina scans and face detection

Biometrics Pros :   Inherent tessellation of

Identity and authenticity

 Very difficult to get hack if system is securely deployed

 No need to carry any accessory around (e.g. id card)

Cons :  Expensive on the budget

 Cases of False positives/negatives

 Gives value to parts of the body, can lead to be very dangerous

Comparison System Current Mag

Strip Biometric NFC + ZKPI NFC + ECC

Cost Least Highest Moderate Moderate

Security rendering

None By uniqueness of human traits

Due to difficulty in factorization

Due to difficulty in factorization

Tamper Proof X Y X X

True Card Holder Problem

X Y X X

Ease of Deployment and Integration

-- Difficult High Compatibility to current back-end

High Compatibility to current back-end

Ease of Fabrication of equipment

Mass Production

Mass Production

Very Difficult/ not an industry standard

On the verge of an NFC standard

THANK YOU …Doubts?