Contactless PKI Smartcard by AccessSmart


More Info
									    Contac      tless Smartcards Support PKI?
Can t or Fiction
Dovell Bonnett
Founder and CEO of Access Smart.

“It is cheap and easy to design a high security system poorly. It is expensive and hard to design a security system
to protect against every possible attack. It requires forethought and insight to design a useful security system at a
high degree of trustworthiness and at an affordable price”.
-- Tom Austin

                                    ith security there’s no such thing as a single solution that meets everyone’s
                                    needs, budget and protections against every known IT threat. That’s why
                                    there’re four popular security authentication and data protection architectures:

                           •   Public Key Infrastructure (PKI),
                           •   One Time Passwords (OTP),
                           •   Single Sign On (SSO), and
                           •   Password Management.

Each architecture type has its own unique pros and cons, and may or may not be appropriate for your particular
environment. However, there are some instances where a particular implementation is misleading and downright
dangerous. One such is the installation of symmetric contactless smartcards as a PKI component. This report
discusses this misconception.

First, let me state that PKI is a great technology. It’s very strong and offers benefits not available with the other
three architectures. But, it is pricey, cumbersome to manage and requires network infrastructure redesigns.
Similarly, contactless smartcards have come a long way in both security and functionality. The convenience
and ruggedness makes them one of the best candidates for physical access, transportation, cashless vending and
logical access. It’s their combination that raises my concerns.

The misconception is that contactless smartcards with symmetric encryption is part of a Public Key
Infrastructure (PKI) system. The thought is that a card stores an AES or 3DES encrypted digital signature or
certificate as a secure, unique individual identifier. That signature is then passed to the reader where it decrypts
it to reveal the true signature. To a die-hard security and smartcard person, like me, the hairs on the back of my
neck start to stand on end when I hear this claim. The four main smartcard components to PKI are true random
number generation, key pair generation, private key secure storage and private key signing. All other
information is regarded as public even without Wikileaks.

My concern is that many IT managers who have implemented a PKI computer system believe they can
cheaply piggy back onto that security with any secure smartcard technology. However, at best they are only
implementing a glorified password. Or are they?

Copyright 2011, Access Smart, LLC                                                                          1

Access Smart, LLC, 27762 Antonio Parkway L1-461, Ladera Ranch, CA 92694 • (877) 795-6466 •
    Contac      tless Smartcards Support PKI?
Can t or Fiction

PKI Background
Sorry, but I do have to get a little technical here but I will keep it to the basics. A PKI system is made up of a
number of cryptographic algorithms, hardened hardware, protocols and policies that delivers the ultimate goal
for secure messaging: Authentication, Non-repudiation, Data Integrity, Data Confidentiality, Authorization
and Trust. The trick of course is to keep the bad guys & gals from access information or networks, but all the
while making it convenient for the good folks to gain access.

PKI takes advantage of four basic cryptographic functions (yes, there more but remember I’m keeping it
simple): Hashing, Symmetric Encryption, Message Authentication Codes and Asymmetric Encryption to create
CyberText, Key Exchanges, Digital Signatures and Digital Certificates.

    •   Hash: A mathematical algorithm that takes a block of data called ClearText and calculates a Unique
        Message Digest (UMD). The actual size of the UMD is changing as computers become more powerful,
        security becomes more important and hackers become more sophisticated but let’s use 128-characters.
        The value of the hash does not disclose the content of the message, but it does determine if a message
        has been modified when the hash of the receiving document is compared to the hash of the transmitting
        document. (Data Integrity).
    •   Symmetric Encryption: a single shared key is used to both encrypt and decrypt messages. Think of it
        like a code book or a secret decoder ring (do kids still have those?). Two or more people have copies of
        the same book or key to read each other’s encrypted messages. Symmetric keys can encrypt and decrypt
        large messages really fast, but safeguarding and distributing the key is very hard. (Data Confidentiality).
    •   Message Authentication Code: is a mathematical algorithm that creates a unique value from an
        encrypted message using a secure encryption key. While a Hash and MAC may seem to be the same, they
        differ as to when they are used: Hash before encryption, MAC after. (Data Integrity & Authentication)
    •   Asymmetric Encryption: very secure, mathematically tied key pair known as the Public and Private
        Keys. Either key can be used to encrypt, but only the other key of the pair can be used to decrypt. The
        main security concern is that the Private Key is never compromised. While asymmetric encryption is
        very secure, the encryption time can be very long especially for larger data files so that is why it is used
        to encrypt short messages like the Hash and MAC data, but more on that later. Its other advantage is easy
        decryption key distribution issues without fear of exposing the encrypting key. (Data Confidentiality)
    •   Digital Signature: The combination of a ClearText, Hash and Private Key. A message is sent through a
        Hash to create a UMD. The UMD is then encrypted with a Private Key to create a Digital Signature. A
        Digital Signature is different for every message since the ClearText is different. The Digital Signature is
        public information. (Non-repudiation)

Copyright 2011, Access Smart, LLC                                                                        2

Access Smart, LLC, 27762 Antonio Parkway L1-461, Ladera Ranch, CA 92694 • (877) 795-6466 •
    Contac      tless Smartcards Support PKI?
Can t or Fiction

    •   Digital Certificate: Provides a certain level of assurance of the identity of an individual’s public key
        based on the level of identity checking of the person applying for the certificate. The assurance levels
        range from Class 1 (little to no confidence) up to Class 4 (very high confidence). Typically an external
        third-party acts as the Certificate Authority, which provides a trusted path for validation of the identity
        by internal and external systems, but it can be done internally if the certificate is for internal use only.
        The certificate is public and generally published for anyone to use to communicate with the holder of the
        associated private key. (Trust)

So the next step is to combine these different elements together in such a way as to send secure messages fast
to the people they are intended for and for the receiving party to trust that you where the sender and they got an
unaltered message. Here are the highlighted steps to do this.

Example of Sending an Encrypted Message
There are nuances and additional security that takes place, but let’s keep this example basic and simple.
    1. Creating the Encryption Keys: A secure cryptographic processor and a true random number generator
       in a computer or in a smartcard are used to generate the Public / Private Key pair. This same processor
       can also be used to create unique Symmetric Session Keys. The Public Key is posted to outside world.
       The Private Key is NEVER exposed and must be kept in a tamper-resistant secure module (TRSM)
       within the computer or smartcard. The Symmetric Session Keys are kept hidden but not private.
        •   When data is encrypted with the Sender’s Private Key and then decrypted with the Sender’s Public
            Key, all the Receivers know that only the Sender could have sent the message. (Non-Repudiation)
        •   When data is encrypted with a Receiver’s Public Key and then decrypted by the Receiver’s Private
            Key, then only the intended Receiver can read the message. (Authorization)

    2. Creating the Secure Message: Now the parts start coming together in a number of operations all
       happening simultaneously:
        a. A ClearText message is written and then sent through a hash function to create a Unique Message
           Digest (UMD). The UMD is then encrypted with Sender’s Private Key to create a Digital Signature.
           (Non-repudiation + Data Integrity)
        b. The Digital Signature is attached to the original message and encrypted with the symmetric session
           key to create the CyberText. (Data Confidentiality)
        c. The full CyberText is then sent through the MAC function to create another unique Message
           Authentication Code (MAC) of the entire CyberText. (Authentication)
        d. The Symmetric Session Key, being a small data string, is encrypted with the Recipient’s Public Key

Copyright 2011, Access Smart, LLC                                                                        3

Access Smart, LLC, 27762 Antonio Parkway L1-461, Ladera Ranch, CA 92694 • (877) 795-6466 •
    Contac      tless Smartcards Support PKI?
Can t or Fiction

           to ensure that only the authorized Recipient can decrypt the CyberText. (Authorization)
       e. All the above data components are then combined into what the industry refers to as the Envelope.
          (Non-repudiation + Data Integrity + Data Confidentiality + Authentication + Authorization)
       f. The Sender’s personal information, Sender’s Public Key and information about a Trusted Third Party
          are encrypted using the Trusted Third Party’s Private Key to create the Digital Certificate which is
          attached to the entire Envelope. Think of it as the waxed seal on the envelope. (Trust)

    3. Reading the Secure Message: The process is similar to the steps above but in reverse.
       a. The Recipient uses the Trust Third Party’s Public Key to decrypt the Digital Certificate. They can
          trust that Sender’s Public Key is legitimate.
       b. The Envelope is opened with the Recipient’s Private Key. Only the true Recipient can do this.
       c. As the contents are spilled out, the Sender’s Public Key is used to retrieve the Symmetric Session
       d. The CyberText is run through a MAC and compared to the MAC sent in the Envelope. If they match
          then the CyberText has not been tampered with or altered in transmission.
       e. The Symmetric Session Key decrypts the CyberText to reveal the ClearText and the Digital
       f. The Digital Signature is decrypted using the Sender’s Public Key to reveal the ClearText’s UMD.
       g. The Recipient runs the ClearText though a Hash and compares the two UMD’s. If they match then
          the Senders Signature is authentic and the message has not been altered.

So you may be asking yourself, “How is all this helpful?” The entire Public Key Infrastructure, and
“Infrastructure” is the key word, is designed to completely remove all individuals knowing, generating or
transmitting any of the security keys. It takes advantage of the information that is public like the Public Key,
Digital Signature and Digital Certificate by using the secret Private Key and the hidden Symmetric Session Key
to provide Authentication, Non-repudiation, Data Integrity, Data Confidentiality, Authorization and Trust for
messages. So what’s the problem with having a contactless PKI smartcard as described in the beginning of this

The Issues
Is it possible to have a contactless, smartcard-based PKI system? The answer is a solid “yes” and “no”. Well I
hope that clears up the issue. If not, let me explain.

Copyright 2011, Access Smart, LLC                                                                      4

Access Smart, LLC, 27762 Antonio Parkway L1-461, Ladera Ranch, CA 92694 • (877) 795-6466 •
    Contac      tless Smartcards Support PKI?
Can t or Fiction

Recently silicon manufactures have been able to take a secure PKI contact smartcard chip and add in a
contactless interface. These cards are commonly referred to as Dual Interface Smartcards. The contact part is
used in the PKI function, whereas the contactless part is typically used to transmit small blocks of data. But
while the contactless interface can also be used, here’s why it may not be practical.
    1. The time it takes to generate keys and create signatures is time consuming and requires a lot of
       processing power. A contactless card has to stay undisturbed in the field until this happens. For an
       individual to holding a card in the field for more than 2-seconds is unrealistic. But placing the card into
       a contact reader with sufficient power can speeds the processing time plus less chance of removal before
    2. In the contactless side there is always the concern that the card will not remain in the RF field long
       enough to complete all its calculations. There is the theoretical risk that given enough unfinished key
       generations and signatures hackers can break the Public/Private Key pairs and then break into anything.
    3. The fear that a contactless card can be snooped without the user even knowing it by nefarious people
       with high power readers built into building walls and briefcases. Have you read the reports about the
       American Embassy in the old Soviet Union?
It has to be noted that a contactless chip that does not include an Asymmetric Key Processor and a Random
Number Generator is not, I repeat, is NOT a PKI card. A symmetric processor doesn’t count.

The Arguments
There seems to be an industry belief that by storing a digital signature or digital certificate on a non-PKI
contactless smartcard is a secure way to authenticate an individual into the company’s PKI computer network.
This is a false premise and one that could cause more security problems down the road. Both the Digital
Signature and the Digital Certificate are public. Therefore, encrypting a public signature or certificate does not
provide any security as everyone already knows the password.

I will use the Signature example in the following discussion.

    •   Digital Signature Authentication: Digital signatures are public information. They are created with
        the private key and use that individual’s Public Key to decrypt. Since everyone can get a hold of the
        signature, fraudulent cards can be made.
    •   Public Key Encryption: Taking a data string, which is usually in clear text, and encrypting it with an
        individual’s public key and then using the private key to decrypt doesn’t work either. The public key is
        public so if someone knows the data they can create cards since they have the public key.
    •   Symmetric Key Encryption: Using a Symmetric Key to encrypt a secret data stream and the same

Copyright 2011, Access Smart, LLC                                                                       5

Access Smart, LLC, 27762 Antonio Parkway L1-461, Ladera Ranch, CA 92694 • (877) 795-6466 •
    Contac      tless Smartcards Support PKI?
Can t or Fiction

        session key in a reader or server to decrypt is for user authentication fine and secure. The issue is that it is
        not PKI.
    •   Symmetric Key Encryption of a Digital Signature: I feel that the user is now trying to grasp at straws.
        Where is the security in encrypting public information? Plus all the complexities and encryptions that
        have to be done could take a while.
    •   Double Asymmetric Encryption: This sounds like “Double Secret Probation” for you Animal
        House fans. Take the individual’s Digital Signature and then re-encrypt it with a computer’s Public
        Key so that when it is presented to a reader the computer will use its Private Key to decrypt PUBLIC
        INFORMATION. Again since the Public Key is public anyone can make a card. And no, using the
        Private Key is no better. Why? Wait for it…. because everybody has the computer’s Public Key to read
        the card’s public data.
    •   Private Key Authentication: The last and final argument before the final WWF smack down is to use
        the Private Key as the authentication data. Guess what; as soon as the Private Key is removed from the
        TRSM you no longer have a Secure Private Key and thus no PKI.

Contactless PKI is possible with specialized smartcards, but the time to do all the proper authentications,
encryptions and decryptions don’t make them practical or cost advantageous at this time for physical or logical
access. Contact smartcards are still the best way to go for PKI.

Using a symmetric key enabled smartcard to authenticate a user into a PKI system is perfectly secure and a great
option, but don’t confuse it with PKI. Be sure to include at least one more factor of authentication like PIN or
biometrics. Otherwise, the computer is only authenticating the card and not the user.

Also, all these examples utilized single factor authentication (another topic for you security fans) which is
weak in itself. To add any strength there also has to be Something the Person Knows (i.e. password or PIN) and
Something the Person Is (i.e. biometrics).

I started my argument that saying that using a digital signature to log into a system was really nothing more
than a glorified password. But in reality it is less secure because the information is publicly available whereas
hopefully the password is not.

So in conclusion I’ll go back to the opening quote, “It is cheap and easy to design a high security system

Copyright 2011, Access Smart, LLC                                                                           6

Access Smart, LLC, 27762 Antonio Parkway L1-461, Ladera Ranch, CA 92694 • (877) 795-6466 •
    Contac      tless Smartcards Support PKI?
Can t or Fiction

                     Dovell Bonnett has been creating security solutions for computer users for over 20 years.
                     In order to provide these solutions to consumers as directly, and quickly, as possible, he
                     founded Access Smart. With each of his innovations, the end user — the person sitting in
                     front of a computer — is his No. 1 customer.

                     This passion, as he puts it, to “empower people to manage digital information in the digi-
                     tal age” also led him to write the popular Online Identity Theft Protection for Dummies.
                     Within the pervasive nature of our e-commerce and e-business community, personal infor-
mation, from credit card numbers to your pet’s name, is more easily accessed, and identity theft and fraud has
become an issue that touches every consumer.

Mr. Bonnett’s solutions reduce security risks for individual users, small businesses and large corporations. His
professional experience spans 21 years in engineering, product development, sales and marketing, with more
than 15 years focused specifically on smartcard technology, systems and applications. Mr. Bonnett has spent
most of his smartcard career translating and integrating technology components into end-user solutions designed
to solve business security needs and incorporating multi-applications onto a single credential using both con-
tactless and contact smartcards. He has held positions at National Semiconductor, Siemens (Infineon), Certicom,
Motorola and HID. He is the author of smartcard articles, regularly presents at conferences, and helps compa-
nies successfully implement smartcard projects. Mr. Bonnett has been an active member of the Smart Card Alli-
ance contributing to the development of physical access security white papers. He holds dual bachelor’s degrees
in industrial and electrical engineering from San Jose State University.

Copyright 2011, Access Smart, LLC                                                                      7

Access Smart, LLC, 27762 Antonio Parkway L1-461, Ladera Ranch, CA 92694 • (877) 795-6466 •

To top