An Introduction to Smart Cards (Part II of a Two-Part Series)
The first article in this two-part series (pub-lished in the September/October 1999 issue of Messaging Magazine) described the history of smart cards, compared some different types, and discussed their low-level properties. This article completes the picture by discussing the standards that affect the adoption of smart cards in mainstream society, and how smart cards relate to today’s computer systems.

Smart Card Security Standards
Many of the standards mentioned in Part 1 of this two-part series focus on the details of the smart card, as well as the related read/write terminal and low-level software layers. Another important class of stan-dards focuses on how smart cards are inte-grated into applications that provide computer and network security. This sec-tion discusses the principles of these stan-dards, and identifies the emerging standards, as well as the players who define and utilize them.

Principles of Smart Card Security Standards
In order to be useful and gain acceptance, any standard designed to facilitate the inte-gration of smart cards into computer secu-rity systems should follow certain principles, as illustrated by the examples in Table 1.

Prominent Smart Card Specifications and Standards
The following are emerging as important standards with respect to the integration of smart cards into computer and network security applications:

  • PKCS#11: Cryptographic Token Interface Standard
    This standard specifies an application pro-gramming interface (API), called Cryptoki, to devices that hold cryptographic infor- mation and perform cryptographic func-tions. Cryptoki (pronounced crypto-key and short for cryptographic token inter-face) follows a simple object-based approach, addressing the goals of technol-ogy independence (any kind of device) and resource sharing (multiple applications accessing multiple devices). PKCS#11 pre-sents to applications a common, logical view of the device, called a cryptographic token. The standard was created in 1994 by RSA, with input from industry, academia, and government.
  • PC/SC
    The PC/SC Workgroup was formed in May 1997 to address critical technical issues related to integrating smart cards with PCs. PC/SC Workgroup members include Bull Personal Transaction Systems, Gemplus, Hewlett-Packard Company, IBM, Microsoft Corp., Schlumberger, Siemens-Nixdorf Inc., Sun Microsystems, Toshiba Corp., and VeriFone. In December 1997, the Workgroup released Version 1.0 of the specification, which addresses limitations in existing standards. In particular, the standard focuses on how to better integrate ICC devices with PCs, while adequately addressing interoperability (from a PC application perspective) between products from multiple vendors. In addition, the specification defines standard interfaces to interface devices (IFDs), as well as common PC programming interfaces and control mechanisms.
  • Open Card
    This standard, open framework, announced in March 1997 by IBM, Netscape, NCI, and Sun Microsystems Inc., provides an architecture and a set of APIs that enable the development of interopera-ble smart card solutions across many hard-ware and software platforms. In particular, the Open Card Framework enables applica-tion developers and service providers to build and deploy “smart card aware” solutions in any Open Card-compliant environment. An Introduction to Smart Cards PART OF A TWO-PART SERIES By Steve Petri, Litronic, Inc. 2 20 Messaging Magazine November/December 1999 TABLE 1 Principle Implications Multi-platform Standards should be applicable to numerous modern day operating systems and computer architectures, such as Windows, Unix, Mac, x86, Sparc, etc. Open Participation Standards should be defined on the basis of input and peer review from members of industry, academia, and government. Interoperability Standards should be interoperable with other leading standards and protocols. Real, Functional Standards should apply to real-world problems and markets, and should adequately address their requirements. Experience and Products Standards should be created by a group of people with experience in security-related products and standards. Extensibility Standards should facilitate expansion to new applications, protocols, and smart card capabilities that weren’t yet around when the standard was created.
  • Java Card
    The Java Card API specification enables the “Write Once, Run Anywhere”™ capabilities of Java on smart cards and other devices with limited memory. The Java Card API was developed in conjunction with leading members of the smart card industry, and has been adopted by more than 95 percent of the manufacturers in the smart card industry, including Bull/CP8, Dallas Semi-conductor, De La Rue, Geisecke & Devrient, Gemplus, Inside Technologies, Motorola, Oberthur, Schlumberger, and Toshiba.
  • Common Data Security Architecture (CDSA)
    Developed by Intel, CDSA provides an open, interoperable, extensible, and cross-platform software framework that makes computer platforms more secure for all applications including electronic commerce, communi-cations, and digital content. The CDSA 2.0 specifications were adopted by The Open Group in December 1997.
  • Microsoft Cryptographic API
    The Microsoft ® Cryptographic API (Cryp-toAPI) enables application developers to add cryptography and certificate manage-ment functions to their Win32 ® applica-tions. Applications can use the functions in CryptoAPI without knowing anything about the underlying implementation, in much the same way that an application can use a graphics library without knowing anything about the particular graphics hardware configuration.

Importance of Smart Cards as a Design Mechanism for Computer Networks
This section highlights the fundamental security challenges that face us in this increasingly network-oriented world, and shows how smart cards can provide impor-tant security advantages.

Fundamental Security Challenges
Because computers and networks are becoming so central to our lives in this digital age, many new security challenges are arising. This is the era of full connectiv-ity, both electronically and physically. Smart cards can facilitate this connectivity and other value added capabilities, while providing the necessary security assurances not available through other means.
On the Internet, smart cards increase the security of the authentication, authoriza-tion, privacy, integrity, and non-repudia- tion building blocks. Primarily, this is because the private signing key never leaves the smart card, making it very diffi-cult to gain unauthorized knowledge of the private key by compromising the host computer system.
In a corporate enterprise system, multiple disjointed systems often have their security based on different technologies. Smart cards can bring these together by storing multi-ple certificates and passwords on the same card. Secure e-mail and intranet access, dial-up network access, encrypted files, digitally signed web forms, and building access are all improved by the smart card.
In an extranet situation, where a com-pany would like to administer security to business partners and suppliers, smart cards can be distributed to allow access to certain corporate resources. The smart card’s importance in this situation relates to the need to ensure the strongest possi-ble security when permitting access through the corporate firewall and proxy defenses. When distributing credentials by smart card, a company can have a higher assurance that those credentials cannot be shared, copied, or otherwise compromised.

The Smart Card Security Advantage
For modern day systems, smart cards can enhance security by providing the follow-ing advantages:

  • Smart Cards Enhance Public Key Infrastructures (PKIs), Which Are Better Than Passwords
    PKI systems are more secure than password-based systems, because a PKI does not allow shared knowledge of the secret. That is, the private key need only be known in one place, rather than two or more. If the one place is on a smart card, and the pri-vate key never leaves the smart card, the crucial secret for the system is never in a situation where it is easily compromised. A smart card allows the private key to be usable, without ever appearing on a net-work or in the host computer system.
  • Smart Cards Increase the Security of Password-Based Systems Although smart cards have obvious advan-tages for PKI systems, they can also increase the security of password-based sys-tems. One of the biggest problems in typi-cal password systems is that users write down their password and attach it to their monitor or keyboard. They also tend to choose weak passwords, and they share their passwords with other people. If a smart card is used to store a user’s multiple passwords, they need only remember the personal identification number (PIN) to the smart card in order to access all of the passwords. Additionally, if a security officer initializes the smart card, very strong pass-words can be chosen and stored on the smart card. The end user need never even know the passwords, so they can’t be writ-ten down or shared with others.
  • Multiple-Factor Authentication
    Security systems benefit from multiple-factor authentication. Commonly used factors are: “something you know,” “some-thing you have,” “something you are,” and “something you do.” Password-based sys-tems typically use only the first factor, “something you know.” Smart cards add an additional factor, “something you have.” Such two-factor authentication has proven to be much more effective than single-factor authentication, because the “something you know” factor is so easily compromised or shared. Smart cards can also be enhanced to include the remaining two factors. Available prototype designs accept a thumbprint on the surface of the card in addition to the PIN in order to unlock the services of the card. Alterna-tively, a thumbprint template, retina tem-plate, or other biometric information can be stored on the card, to be checked against data obtained from a separate bio-metric input device. Similarly, “something you do,” such as typing patterns, hand-written signature characteristics, or voice inflection templates can be stored on the card and matched against data accepted from external input devices.
  • Portability of Keys and Certificates
    Web browsers and other popular software packages can use public key certificates and private keys, but these security measures identify the workstation rather than the user. The key and certificate data is stored in a proprietary browser storage area, and must be exported/ imported in order to be moved from one workstation to another. With smart cards, the certificate and pri-vate key are portable, and can be used on multiple workstations, whether they are at work, at home, or on the road. If the lower-level software layers support it, they can also be used by different software programs from different vendors, on different platforms, such as Windows, Unix, and Mac.
  • Auto-disabling PINs Versus Dictionary Attacks
    If a private key is stored in a browser storage file on a hard drive, it is typically protected by a password. This file can be “dictionary attacked,” meaning that unauthorized per-sons can attempt commonly used pass-words in a brute force manner until they obtain knowledge of the private key. On the other hand, a smart card typically locks itself up after some low number of consecutive bad PIN attempts, for example 10. Thus, the dictionary attack is no longer a feasible way to access the private key if it has been securely stored on a smart card.
  • Non-Repudiation
    The ability to deny, after the fact, that your private key performed a digital signature is called repudiation. If, however, your pri-vate signing key exists only on a single smart card and only you know the PIN to that smart card, it is very difficult for oth-ers to impersonate your digital signature by using your private key. Many digital sig-nature systems require this “hardware-strength non–repudiation,” meaning that the private key is always protected within the security perimeter of a hardware token, and can’t be used without the proper PIN.
  • Counting the Number of Private Key Usages
    So many of the important things in our lives are authorized by our handwritten signature. Smart card-based digital signa-tures offer benefits over handwritten signa-tures, because they are much more difficult to forge and they can enforce the integrity of the document through technologies such as hashing. Also, because the signa-ture is based in a device that is actually a computer, we can conceive many new benefits. For example, a smart card could count the number of times that your pri-vate key—and hence, your digital signa-ture— was used over a given period of time.

Legalities
As with any technology, there are legal issues to keep in mind when dealing with smart cards. Commonly, for example, a smart card has the ability to perform cer-tain licensed algorithms, such as the RSA asymmetric cipher. Usually, any license fees associated with the algorithm are bun-dled into the cost of the smart card.
If a smart card can perform restricted technologies such as encryption at large keylengths, it is classified as a munition by certain U.S. Commerce laws. As such, it can be considered illegal to export or import such an item in certain regions.
Many states are writing new digital sig-nature laws that make it the end user’s responsibility to protect their private key. If the private key can never leave an auto-matically PIN disabling smart card, the end user can find it easier to meet these respon-sibilities. Certificate authorities can help in this area by supporting certificate exten-sions that specify that the private key was generated in a secure environment and has never left the confines of a smart card. With this mechanism, higher levels of non-repu-diation can be achieved when verifying a smart card-based signature while using a certificate containing such an extension. In other words, a digital signature carries more weight if its associated certificate val-idates that the private key resides on a smart card and can never be extracted.

Smart Card-Enabled Products
This section lists popular security products, and explains how smart cards can be used to enhance their security.

  • Web Browsers (SSL, TLS)
    Web browsers use technology such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to provide security while browsing the World Wide Web. These technologies can authenticate the client and/or server to each other and also provide an encrypted channel for any mes-sage traffic or file transfer. The authentica-tion is enhanced because the private key is stored securely on the smart card. The encrypted channel typically uses a sym-metric cipher where the encryption is per-formed in the host computer because of the low data transfer speeds to and from the smart card. Nonetheless, the randomly generated session key that is used for sym-metric encryption is wrapped with the partner’s public key, meaning that it can only be unwrapped on the smart card. Thus it is very difficult for an eavesdropper to gain knowledge of the session key and message traffic.
  • Secure E-Mail (S/MIME, OpenPGP)
    S/MIME and OpenPGP allow e-mail to be encrypted and/or digitally signed. As with SSL, smart cards enhance the security of these operations by protecting the secrecy of the private key and also unwrapping session keys within a security perimeter.
  • Form Signing
    Web-based HTML forms can be digitally signed using your private key. This could prove to be a very important technology for Internet-based business, because it allows digital documents to be hosted by web servers and accessed by web browsers in a paperless fashion. Online expense reports, W-4 forms, purchase requests, and group insurance forms are some examples. For form signing, smart cards provide portability of the private key and certifi-cate, as well as hardware-strength non-repudiation.
  • Object Signing
    If an organization writes code that can be downloaded over the Web and then exe-cuted on client computers, it is best to sign that code so that clients can be sure it came from a reputable source. Smart cards can be used by the signing organization so the private key can’t be compromised by a rogue organization in order to impersonate the valid one.
  • Kiosk/Portable Preferences
    Certain applications operate best in a “kiosk mode” where one computer is shared by a number of users, but becomes configured to their preferences when they insert their smart card. The station can 22 Messaging Magazine November/December 1999 In a corporate enterprise system, multiple disjointed systems often have their security based on different technologies. Smart cards can bring these together by storing multiple certificates and passwords on the same card.then be used for secure e-mail, web brows-ing, etc., and the private key would never leave the smart card or enter the kiosk computer. The kiosk can even be config-ured not to accept mouse or keyboard input until an authorized user inserts the proper smart card and supplies the proper PIN.
  • File Encryption
    Even though the 9600-baud serial interface of the smart card usually prevents it from being a convenient mechanism for bulk file encryption, it can enhance the security of this function. If a different, random ses-sion key is used for each file to be encrypted, the bulk encryption can be per-formed in the host computer system at fast speeds, and the session key can then be wrapped by the smart card. Then, the only way to easily decrypt the file is by possess-ing the proper smart card and submitting the proper PIN so that the session key can be unwrapped.
  • Workstation Logon Logon
    credentials can be securely stored on a smart card. The normal login mecha-nism of the workstation, which usually prompts for a username and password, can be replaced with one that communicates to the smart card.
  • Dial-up Access (RAS, PPTP, RADIUS, TACACS)
    Many of the common remote access dial-up protocols use passwords as their secu-rity mechanism. As previously discussed, smart cards enhance the security of pass-words. Also, as many of these protocols evolve to support public key-based sys-tems, smart cards can be used to increase the security and portability of the private key and certificate.
  • Payment Protocols (SET)
    The Secure Electronic Transactions (SET) protocol allows credit card data to be securely transferred between customer, merchant, and issuer. Because SET relies on public key technology, smart cards are a good choice for storage of the certificate and private key.
  • Digital Cash
    Smart cards can implement protocols to enable users to carry “digital cash” on a smart card. In these systems, the underly-ing keys that secure the architecture never leave the security perimeter of hardware devices. Mondex, VisaCash, EMV (Euro-pay- Mastercard-Visa), and Proton are examples of digital cash protocols designed for use with smart cards.
  • Building Access
    Even though the insertion, processing time, and removal of a standard smart card could be a hassle when entering a build-ing, magnetic stripe or proximity chip technology can be added to smart cards so that a single token provides computer security and physical access.

Problems with Smart Cards
Even though smart cards offer many obvi-ous benefits for computer security, they still haven’t caught on with great popular-ity in countries like the United States. This is not only because of the prevalence, infrastructure, and acceptability of mag-netic stripe cards, but also because of a few problems associated with smart cards. Lack of a standard infrastructure for smart card reader/writers is often cited as a complaint. Until very recently, the major computer manufacturers haven’t given much thought to offering a smart card reader as a stan-dard component. Many companies don’t want to absorb the cost of outfitting com-puters with smart card readers until the economies of scale drive down their cost. In the meantime, many vendors provide bundled solutions to outfit any personal computer with smart card capabilities.
Lack of widely adopted smart card stan-dards is often cited as another complaint. There are a large number of smart card-related standards, and many of them address only a certain vertical market or only a certain layer of communications. Recently, however, this situation has begun to improve as web browsers and other mainstream applications have included smart cards as an option. Additionally, Microsoft’s impending release of Windows for Smart Cards operationg system will have native support for smart cards. Applica-tions like these are helping to speed up the evolution of standards.

Attacking Smart Cards
Attacks on smart cards generally fall into four categories:

  • Logical Attacks
    Logical attacks occur when a smart card operates under normal physical condi-tions, but unauthorized persons gain access to sensitive information by examin-ing the bytes going to and from the smart card. One example is the so-called “timing attack” described by Paul Kocher 1 . In this attack, various byte patterns are sent to the card to be signed by the private key. Infor-mation such as the time required to per-form the operation and the number of zeroes and ones in the input bytes are used to eventually obtain the private key. There are logical countermeasures to this attack, but not all smart card manufacturers have implemented them. This attack does require knowledge of the smart card PIN, so many private key operations can be per-formed on chosen input bytes.
  • Physical Attacks
    Physical attacks occur when normal physi-cal conditions, such as temperature, clock frequency, voltage, etc, are altered in order to gain access to sensitive information on the smart card. Most smart card operating systems write sensitive data to the EEP-ROM area in a proprietary, encrypted man-ner so that it is difficult to obtain “clear text” keys by directly hacking into the EEPROM. Other physical attacks that have proven successful involve an intense physical fluctuation at the precise time and location where the PIN verification takes place. Thus, sensitive card functions can be performed even though the PIN is unknown. This type of attack can be com-bined with the logical attack mentioned above in order to gain knowledge of the private key. Most physical attacks require special equipment. 23 Messaging Magazine November/December 1999 …a smart card typically locks itself up after some low number of consecutive bad PIN attempts, for example 10. Thus, the dictionary attack is no longer a feasible way to access the private key if it has been securely stored on a smart card.
  • Trojan Horse Attacks
    This attack involves a rogue Trojan horse application that has been planted on an unsuspecting user’s workstation. The Tro-jan horse waits until the user submits a valid PIN from a trusted application, thus enabling usage of the private key, and then asks the smart card to digitally sign some rogue data. The operation completes but the user never knows that their private key was just used against their will. The coun-termeasure to prevent this attack is to use a “single-access device driver” architecture, through which the operating system enforces that only one application can access the serial device (and thus the smart card) at any given time. This prevents the attack, but also lessens the convenience of the smart card because multiple applica-tions can not use the services of the card at the same time. Another way to prevent the attack is to use a smart card that enforces a “one private key usage per PIN entry” pol-icy model. In this model, the user must enter their PIN every time the private key is to be used, thereby preventing the Tro-jan horse from gaining access to the key.
  • Social Engineering Attacks
    In computer security systems, this type of attack is usually the most successful, espe-cially when the security technology is properly implemented and configured. Usually, these attacks rely on the faults in human beings. For example, a hacker impersonating a network service techni-cian might approach a low-level employee and request their password for network ser-vicing purposes. With smart cards, this type of attack is a bit more difficult. Most people would not trust an impersonator wishing to have their smart card and PIN for service purposes. Any security system, including smart cards, is breakable. Consequently, the esti-mated cost to break the system should be much greater than the value of the data that the system protects. Independent security labs test for common security attacks on leading smart cards, and can usually esti-mate the cost (in equipment and expertise) to break the smart card. When choosing a smart card for an architecture, one can ask the manufacturer for references of inde-pendent labs that have done security test-ing. Using this information, designers can strive to ensure that the cost of breaking the system would be much greater than the value of any information obtained.

Wrapup
Parts 1 and 2 of this series focused on the state-of-the-art for smart cards, and their use in computer and network security sys-tems. Smart cards have proven to be useful for transaction, authorization, and identifi-cation media. Current state-of-the-art smart cards have sufficient cryptographic capabilities to support popular security applications and protocols. As their capa-bilities grow, they could become the ulti-mate thin client, eventually replacing all of the things we carry around in our wallets, including credit cards, licenses, cash, and even family photographs. By containing various identification certificates, smart cards could also be used to voluntarily identify attributes of ourselves—no matter where we are or to which computer net-work we are attached.