Trust in the palm of your hand

Mar 1, 2002 12:00 PM, By Johannes Lehrhofer

eBusiness is built on trust. In the offline world, trust is generated through personal relationships, physical signatures, and other evidence, in the online world however, trust must be created without the aid of verifiable physical evidence. Instead, digital identities are created to provide credible evidence that the customer is who they say they are, and likewise the vendor.

The explosion of online and connected services has led to a growing demand for compact and secure forms of digital identity which are portable, simple to use and easily integrated into the complete infrastructure of the service. Security technology is used in Internet services, online and mobile banking and financial services, telecommunications services, entertainment and transport.

The advent of more mobile services, available at all times in any location, has increased the problem of security. Users do not connect from fixed locations, and may use several different devices. Traditional means of identification, such as sending communications to a fixed address, simply don't apply any more. The security solution must travel with the user and the service to any location.

Thus, smart card integrated circuits (ICs) have emerged as a leading technology for the provision of eBusiness and online identity. They provide a self-contained environment in which user data, security processing and transaction data, and service processing can all take place. Easily embedded in traditional form factors such as plastic cards, and increasingly in other devices such as phone and other communications, smart watches and keyfobs, smart card ICs equipped with security features can manage the process of secure access to mobile and online services, securing service delivery.

Smart card ICs include many features aimed specifically at delivering security and establishing trust, including hardware support for established security algorithms, standards such as 3DES or RSA.

Main issues in eBusiness security

There are five main issues in online security which any technology solution should provide.

• Identification and authentication. The user must be identified to the service clearly and unambiguously, with no scope for other people to access the user's account or represent themselves as the user.

• Authorization. The security system needs to be able to admit users who can authenticate themselves to it properly, but no-one else.

• Integrity. Data transmitted between the user and the service must not be corrupted or altered in any way, and it must be provable that there has been no manipulation or corruption of the data.

• Non-repudiation. There must be no way in which either party can claim not to have participated in the transaction.

• Confidentiality. Data, user details and transaction information must be secured against prying eyes.

These challenges are typically met by defining an infrastructure that encompasses all stages of the chain from the end user to the host service. In a simple instance, such as a user logging on to a Local Area Network or even a standalone PC, there will be few steps in the chain.

When the same requirements are made for access to a worldwide system (for example, a satellite television or banking system) the complexity increases. Because smart cards can store user information locally, transaction details can be held on the card, speeding the process of accessing the user's data.

Security protects both the user and the service. From the service provider's point of view, an effective security architecture can:

• Protect revenue by ensuring that only legitimate customers can access the service;

• Protect the provider against liabilities to the customer for loss of personal data;

• Reduce disputed transactions by providing a clear audit trail of activity; and

• Boost customer satisfaction by building trust between service provider and customer.

In the past, security applications using smart cards tended to be related to secure network access applications such as logging into corporate networks. The explosion of mobile services has meant that security is a consideration for many novel uses of cards, and is a feature in nearly every application from telephony to transport.

Smart cards enabling the public key infrastructure

One of the technologies widely adopted for online security is public key infrastructure. This makes use of pairs of keys, one kept private, one shared in public, to perform a variety of functions authenticating data. By encrypting a message then wrapping it using the public key, the sender can make sure that only the intended recipient can unwrap the package and decrypt the contents.

This process is usually managed using digital certificates or signatures. Each user's signature is stored on the smart card IC. When the user logs on to the system, the signature (or a temporary key generated using it) is presented to the network and assessed against a list of valid signatures. If both the digital signature and the password supplied by the user match, access is granted and temporary keys valid for the duration of the session are created.

In some implementations, biometrics are used rather than passwords, so that a fingerprint or iris scan can identify the user, and to prove the correct user is presenting the correct token.

Some uses of PKI technology are explicit — where the user is aware that they are presenting a certificate to a service in order to gain access to it, and the card is effectively functioning as a high-tech key. In these cases, the user is providing an additional authentication factor and knows that they are logging into a service — a corporate network, online banking.

In other cases, the entire process is handled by software and the user is unaware of the activity going on behind the scenes. SIM cards in mobile phones are an example where the software in the phone handset and at the service provider, works with the SIM card IC to handle the process of authorizing the user, opening a session and carrying out the service separately from any user-managed authentication process.

Smart cards as user tokens

Smart cards have proven to be an ideal medium for user authentication devices. Small, portable and familiar, they contain both storage for passwords and keys, and processing capability for generating codes, encrypting and decrypting data, and interacting with services. Typically, the smart card IC is presented along with a user password, number, or even a biometric signature such as a fingerprint or iris scan.

There are two types of security processors: private key and public key. Each performs a different security function, though in practice, modern systems such as PKI and SSL use both for different aspects of the transaction between user and service.

Private key processors are used for the bulk encryption of data prior to transmission from user to service. Typically, any data sent between user and service will be scrambled using a secret key known only to the service and the user. The key can be stored securely on the smart card IC, and the IC can assist with encrypting and decrypting data, if it contains a suitable co-processor. These processors are used to process the encryption — a secret-key algorithm used to encrypt data.

Public key processors are used to generate keys as part of the process of signing into public key-based infrastructures, whether a corporate PKI system or a more general system, such as a Web site using secure sockets layer (SSL) encryption. The need here is to perform the complex mathematics used to generate a large number fast enough that the user does not perceive a gap or wait in the process of signing on to a system. The most established algorithm used for public key transactions is RSA. Elliptic curve cryptography (ECC) is also used for application areas where high encryption speed and low power requirements are key issues. Examples are contactless PKI applications such as company cards, which combine physical access to the building via the contactless interface and logical access to the company's network using the ECC algorithm.

While traditional smart card microprocessors are poorly adapted to this type of calculation, adding a specialist public key coprocessor to the IC can dramatically boost performance in public key generation and signing, and enable the card to generate session keys quickly.

In the past, only traditional contact-based smart cards were used for high-security work. As customers began to demand both the convenience of contactless and the security of contact to be combined into a multi-application card, dual-interface cards have been developed. Applications requiring high-security and large amounts of data transfer can use the contact interface, while low-value transactions such as transport fares can use the contactless. This type of IC is ideal for the provision of multi-application services, such as bank cards, which can also operate as e-purses or travel tickets, or corporate identity/security cards, which can be used to pay for goods in restaurants and stores.

The role of reader ICs

The deployment of smart cards in PKI requires the use of both cards and readers at the point of access. For consumer applications, a reader device is nearly always required at the point of access and use — built into the pay TV decoder box, or within the mobile phone handset.

Integrating security into applications

In many eBusiness applications, security is integrated into the application itself and not handled as a separate process. All of the capabilities of the IC are needed at once for these advanced applications.

New generation smart card ICs combine advanced processing power, security features, and advanced data storage technology in a single IC. Generous memory and storage enable more complex applications to be handled. Support for open programming environments such as Java also make it easier for system designers to program smart card access.

With these capabilities, service designers can look at creating additional applications to run beside the access control application to provide additional interactive services. This type of multi-use is likely to be particularly important in third generation mobile applications. Again, the architecture of advanced card ICs, has been designed to handle multi-application use securely, so that data or code from one application is securely separated from the others, removing the risk of virus and other security attacks from preventing access to the service.

Hardware security

What happens if the smart card token falls into the wrong hands and an attempt is made to read the information it contains? In addition to the logical security designed into the IC, physical security is also required so that information cannot be read from the card by physically deconstructing or manipulating it.

The software architecture is designed to restrict access to the information, but in the event of a successful attack, other measures are needed. A sophisticated memory protection scheme with customized parameters can secure on-chip memory and a number of specific security methods are used to counter attack strategies.

Security standards

Rigorous testing plays a large part in determining the acceptance of security technologies. As more security technologies, and implementations of them, reach the marketplace, users need criteria to be able to differentiate among good technologies and good implementations of the good technologies. Such standards can also test and validate the security under which devices are produced, the interoperability of devices, and their physical resistance to attack.

Philips Semiconductors pursues the development and adoption of relevant standards for smart card ICs, and gains certification for its processors under schemes such as the ITSEC or the Common Criteria for security products. The Common Criteria for IT security products are an international validation scheme, now supported by 14 countries and used as the basis for their own IT security accreditation schemes. There are seven levels of security, with 1 being the weakest and 7 being the strongest.

Such accreditation schemes are only useful if they are widely supported in the commercial world. The Smart Card IC Platform Protection Profile, on which the Common Criteria validation for smart cards is based, was developed by a consortium of card IC developers and is endorsed by Eurosmart. Common Criteria validation at high level has become a requirement of German digital signature law — digital signatures are only held to be valid if they are stored in an accredited device. It is likely that other legislation will bring in similar controls to ensure that digital signatures are properly stored and managed to ensure their legal validity.

The way forward

This is an exciting time in the history of smart card ICs with the world of new mobile applications bringing new opportunities. The security and access control implications of the new generation of interactive services are most easily solved using the new generation of smart card Ics — which incorporate high-performance security among other advanced features.

Cryptographic smart cards aid Canadian defense department

To enable a secure and trusted environment for accessing and communicating sensitive information over vast computer networks, the Canadian Department of National Defense (DND) selected a Datakey smart card system based on Philips Semiconductors' WE-family of cryptocontroller ICs.

The Canadian DND forces protect Canadian interests at home and abroad, help civil authorities protect and sustain national interests and assist in national emergencies. Given the sensitive nature of data flowing through shared DND networks, a highly secure system is necessary to protect communications. Deployed to more than 80,000 DND network users, Datakey smart cards have enabled an environment in which identification, authentication, confidentiality, data integrity and non-repudiation are guaranteed, allowing secure e-mail correspondence across DND enterprise networks.

The Datakey smart card is based on the Philips P8WE5032 cryptographic controller IC. The chip features a high-speed triple-DES coprocessor, with a FameX cryptographic engine for public key encryption, and offers security against physical attacks with its unique chip design. With significantly increased smart card memory, card issuers are able to offer a high-performing smart card which can download updated applications, even when the card is already in the field.

Italy uses digital signature cards to secure B2B transactions

The chambers of commerce, the national railway and numerous other businesses in Italy plan to use smart cards based on Philips Semiconductors smart card Ics, storing digital certificates to secure business-to-business (B2B) commerce. The certificates stored on the cards allow users to digitally sign documents they send over the Internet, making them legally binding.

More than a year ago, the Italian chambers of commerce started distributing smart cards bearing a digital ID along with separate private encryption keys to enable member companies to send and receive documents to the chambers. InfoCamere, the card issuing organization that works with the chambers of commerce, plans to extend the system to secure payment of chamber registration fees and other transactions using the cards. Italy's national railway, through IT company TSF, is also outfitting drivers with digital signature cards that will be used to sign daily route reports they submit online. Intesa, an arm of New York-based IBM Corp., which provides e-commerce services to about 4,000 Italian companies, will use signature cards to secure transmission of documents for purchasing, financial administration and logistics.

Additionally, Munich-based Giesecke and Devrient says it is delivering 1.5 million of its StarCert chip modules and related STARCOS software for these projects to Italian systems integrator IPM-Net. Based on Philips Semiconductors' WE-family of 8-bit cryptocontroller ICs, the StarCert modules are capable of on-chip key generation, ruling out any possibility of key misuse — as the secret key never leaves the chip. In combination with G&D's STARCOS chip card operating system, Starcert has achieved independent evaluation and certification to ITSEC E4 standard by Debis Systemhaus Information Security Services GmbH.

The future of Internet-based secure transactions depends on the development of trusted mutual authentication and thus reliable — and legally binding — digital signatures. It is vital that everyone can be certain that they are dealing with the right person and that infiltration of private or sensitive data, whether it be medical details or banking transactions, becomes a thing of the past.

For the record

About the author

Johannes Lehrhofer is Segment Marketing Manager, E-Business, for Philips Semiconductors.

About the company

Visit infoLink at www.securitysolutions.com for more information on the company featured in this article.

Philips Semiconductors — 126

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue