Donald J. Wood Winter 08 CSS 150 The Smart Card The smart card has many applications in today’s world of computers and technology. The technology behind the smart card has been in use since 1983, and was, before introduced into a U.S. military application, primarily used in Europe. In the below paragraphs, the smart card’s history, application, and technology will be defined. A smart card is a card which is embedded with either a microprocessor and a memory chip or only a memory chip with non-programmable logic. The microprocessor card can add, delete, and otherwise manipulate information on the card, while a memory-chip card can only undertake a pre-defined operation. (http://java.sun.com/products/javacard/smartcards.html) The smart card was first developed by German rocket scientist, Helmut Gröttrup and his colleague Jürgen Dethloff in 1968. The patent for the smart card was not issued until 1982, and the first mass use of the cards was for payment in French pay telephones, which started in 1983. Even before 1983, smart card applications were being invented. For example, Roland Moreno patented his first concept of the memory card in 1974, and in 1977, Michel Ugon from Honeywell Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. (http://en.wikipedia.org/wiki/Smart_card) Today, there are three categories of smart cards, which are primarily in use for information and computer security. 1 The first is the Integrated Circuit Microprocessor Cards. Integrated Circuit Microprocessor cards offer greater memory storage and security of data than a traditional magnetic stripe card. Integrated Circuit Microprocessor cards have cryptography built in and have been the main platform for cards which hold a secure digital identity, and can function in a variety of different elements. Just a few applications of this type of smart card provides is secure access to a network, or cards that secure cellular phones from fraud. The second is the Integrated Circuit Memory Cards. Integrated Circuit Memory Cards have no processor on the card with which to manipulate data. Integrated Circuit Memory Cards are dependent on a card reader for their processing, which is suitable for uses where the card performs a fixed operation. Integrated Circuit Memory Cards are used primarily for pre-paid, disposable-card applications like pre-paid phone cards, and are popular as high-security alternatives to magnetic stripe cards. The third is the Optical Memory Cards. Optical Memory Cards look like a card with a piece of a CD glued on top. The data stored on the Optical Memory Cards cannot be changed or removed. Therefore, this type of card is ideal for record keeping, for example medical files, driving records, or travel histories. (http://java.sun.com/products/javacard/smartcards.html) Now that I have discussed the different types of the smart card and a few of its applications, let’s discuss how this interprets into security of an operating system, specifically the security of the Department of Defense’s (DoD) computer operating systems. Let’s first discuss the use of the smart card. The smart card is the growing application in digital identification cards, which are used to authenticate the identity of an individual providing a more secure environment for computer operating systems. The most common example is in conjunction with a public key 2 infrastructure. The smart card will store an encrypted digital certificate issued from the public key infrastructure along with any other relevant or needed information about the card holder. Examples of this use include the U.S. Department of Defense Common Access Card (CAC), which is an Integrated Circuit Microprocessor Card. (http://en.wikipedia.org/wiki/Smart_card) The CAC not only stores an encrypted digital certificate issued from the public key infrastructure, which is used in relation to computer access, but also serves as the standard DoD identification card for active duty military personnel, reserve and guard personnel, civilian employees, and eligible contractor personnel. When combined with biometrics, the smart card can provide a two - or three - factor authentication. smart cards are privacy - enhancing technology, but this can also be problematic being as information of the card holder can also be stored on the CAC, which is can be incriminating to the card holder. (http://en.wikipedia.org/ wiki/Common_Access_Card) Before I can discuss the actual application in which DoD uses the smart card in relation to computer access and operating system security, associated terms (public key infrastructure and certifying authority) with the CAC and its application need to be defined. In cryptography, a public key infrastructure is an arrangement that binds public keys with respective to the user’s identity by means of a certificate authority. The certifying authority issues digital certificates which contain a public key and the identity of the owner. The 3 certificate authority also attests that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate via the verifying authority. A certificate authority's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the certificate authority's certificates. (http://en.wikipedia.org/wiki/ Certificate_authority) The user’s identity must be unique for each certificate authority. The binding is established through the registration and issuance process. Depending on the level of assurance the binding has, it may be carried out by software by a certificate authority or under human supervision. DoD usually controls this aspect under human supervision. The public key infrastructure role that assures this binding is called the registration authority. For each user, the user identity, the public key, their binding, validity conditions and other attributes are made un-forgeable in public key certificates issued by the certificate authority. The term trusted third party (TTP) may also be used for certificate authority. The term public key infrastructure is sometimes erroneously used to denote public key algorithms which, however, do not require the use of a certificate authority. (http://en.wikipedia.org/wiki/Public_key_infrastructure) Figure 1 4 As you can see in Figure 1, the user can gain access to particular information electronically using his CAC (whether to purchase goods or access a computer system). The user uses his smart card which his public key infrastructure/private or public key is verified by the registering authority, sent to the registration or certified authority, then sent to the verifying authority, and the user is allowed access to the information he wishes to gain access to because the user’s public key infrastructure/identity is authorized. Now that there is a clear establishment of terms associated with the use of the CAC, and how the entire process works, we can move on to the DoD computer and operating systems security and CAC applications. Though the CAC has many objectives, this new DoD identification (ID) card (CAC) is being issued to DoD personnel who need access to DoD facilities or computer network systems. DoD primarily uses the CAC in relation to network security by enabling encryption and cryptographically signing of email, facilitating the use of public key infrastructure authentication tools, and to establish an authoritative process for the use of identity credentials. Now let’s discuss the process on access to the DoD computer systems. The smart card interacts with different technologies associated with the smart card itself. Of course this means in order for the technology to work the user, in this case DoD, has to purchase not only the software, but also the hardware associated with smart card. The smart card interacts with the host computer and card reader, which actually "talk" to the microprocessor on the smart card itself. The microprocessor enforces access to the data on the card, and uses a limited instruction set for applications such as cryptography to authenticate the user attempting to gain access to the computer itself. This process requires a power source for the smart card to operate. Therefore, the smart card uses a serial interface and receives its power from an external source, the card reader. (http://computer.howstuffworks.com/microprocessor.htm) 5 Essentially the smart card reader is attached to the PC via USB, or the smart card reader is built into the PC keyboard, which is also connected to the PC via USB. The smart card or CAC is inserted into the smart card reader and then the computer/software and card reader “talk” to the smart card and authenticate the user’s identity and if the encrypted digital certificate issued from the public key infrastructure is valid through the certifying authority, the user is allowed access to the computer. With DoD, a Personal Identification Number (PIN) is programmed into the microprocessor, which is what the smart card software uses to authenticate the user. Figure 2 is an illustration of a card reader which is connected to the computer via USB and an illustration of a card reader which is built into a keyboard. Now let’s discuss some objectives of the CAC. Figure 2 There are several objections to the use of this smart card, including mission capability, and scalability. The CAC offers great computer security, which works well with mission capability because information can be stored on a computer increasing information security. There also problems with the CAC in relation to mission capability. Most CAC users remain at the same workstation, but an ever-increasing number of government websites are requiring the use of the CAC for authentication. The problem with this approach is many people who have a legitimate requirement to access these websites are required to access those sites from non-CAC enabled workstations, often while on a temporarily duty assignment or deployed, and at 6 workstations over which they have no administrative control, and of course, as with most government computer systems, they are prohibited from installing a CAC reader. Therefore, the username/password approach must be kept as a backup to CAC employment for these personnel. (http://en.wikipedia.org/wiki/Common_Access_Card) The U.S. Army has enjoyed username/password scalability, or single point access to many SSL-secured websites, through its Army Knowledge Online program for several years. The U.S. Air Force also enjoyed the same username/password scalability through the Air Force Portal. Both of these online sites now offer either username/password access or require a user to log-in using a CAC to perform certain functions that require stronger credential authentication than a traditional HTTP Basic access authentication. However, some authorities believe that passwordbased logins are obsolete: “Passwords are a flawed technology,” according to Tom Gilbert, CTO of Blue Ridge Networks, "They aggravate the users who have to remember them and the administrators who rely on them to secure their systems.” Similarly, “Passwords don’t scale,” said Mary Dixon, director of the Common Access Card Office in the Defense Manpower Data Center. (http://en.wikipedia.org/wiki/Common_Access_Card) However, with DoD and its mission capability and necessity for access to SSL-secured websites, it is important to keep the username/password access as a backup. The CAC card is far from perfect due to design flaws. A few of the common problems are the microchip can be damaged easily from foreign objects scratches such as sand. Looking at the card at a more technical level, the cards have certificate issues where users can't log on even though their computers are set up correctly. Also different brands of cards have posed problems with different systems, but as with any computer system, it would seem everything is a work in progress. 7 There are also problems with Non-Windows Support. The CAC is based on X.509 certificates with software middleware enabling an operating system to interface with the card via a hardware card reader. Although card manufacturers such as Schlumberger provided a suite of smartcard, hardware card reader and middleware for both Linux and Windows, not all other CAC systems integrators did likewise. In an attempt to correct this situation, Apple has done work for adding support for CACs to their operating system right out of the box using the MUSCLE (Movement for the Use of Smartcards in a Linux Environment) project. Some work has also been done in the Linux realm. Some users are using the MUSCLE project combined with Apple's Apple Public Source Licensed CAC software. Another approach to solve this problem, which is now well documented, involves the use of a new project, CoolKey, to gain CAC functionality. (http://en.wikipedia.org/wiki/Common_Access_Card) One of the problem resolutions to help solve these problems is CoolKey, so let’s discuss what CoolKey is and how it can actually improve CAC functionality. CoolKeys are part of complete public key infrastructure solution that provides smart card login, single sign-on, secure messaging, and secure email access. In the complete solution, users are issued CoolKeys by their employer. When the user plugs in the keys for the first time, they are automatically provisioned with certificates, keys, and a PIN unique to that user by the Red Hat Certificate System. Once the CoolKey is provisioned, the user can take the key to any system and use it to login (authenticate), send and receive signed and encrypted email, or participate in secure messaging or IRC communication. To accomplish that vision Fedora is focusing on building complete support for CoolKey on exactly one token. As the system is built out, they can add token support. CoolKeys are based on Java Card 1.2, but Fedora is testing with Aalto Egate Cyberflex cards, which are available in both smart card and USB Fob form factors. 8 (http://directory.fedoraproject.org/wiki/CoolKey) So as you can see CoolKeys can function in the same capacity as the current programs supporting the smart cards, and can also improve the smart card. I have discussed how the smart card can benefit DoD, and also addressed some common problems in relation to the smart card. But with any program used for accessing computer systems it has to be controlled. DoD considers the CAC a controlled item, and as of 2007, DoD has issued over 13 million smart cards. As of the same date, approximately 3 million un-terminated or active CACs are in circulation. DoD has deployed an issuance infrastructure at over 930 sites in more than 25 countries around the world and is rolling out more than 1 million card readers and associated middleware. The program that is currently used to issue CAC IDs is called the Real-Time Automated Personnel Identification System (RAPIDS). The system is secure and monitored by the DOD at all times. Users have to go through a special course and be certified to issue CAC Cards. Different RAPIDS sites have been setup throughout military installations in and out of combat theater to issue new IDs. (http://en.wikipedia.org/wiki/Common_Access_Card) The Real-Time Automated Personnel Identification System (RAPIDS) is the U. S. Department of Defense system used to issue the definitive credential within DoD. RAPIDS uses information stored in the DoD Defense Enrollment and Eligibility Reporting System (DEERS) when providing these credentials. Used together, these two systems are commonly referred to as a DEERS/RAPIDS system or DEERS/RAPIDS infrastructure. RAPIDS ensures that DoD identification credentials are provided only to personnel with a current and appropriate affiliation with the DoD. RAPIDS captures identifying characteristics that are unique and are used to bind an individual to the information maintained in DEERS and in line with the identifying credentials issued by RAPIDS. These include, but are not limited to: Photographs and 9 Fingerprints. The information is stored solely in the DEERS System. RAPIDS provides distinct identification that is used as proof of identity and DoD affiliation. The CAC is not only used as a Geneva Convention Card in accordance with DoD Instruction 1000.13. It may also act as an authorization card for Uniformed Service member's benefits and privileges. These privileges include the usage of the commissary on military installations or use of Army and Air Force Exchange Services. (http://en.wikipedia.org/wiki/RAPIDS) In conclusion without smart card technology the Department of Defense (DoD) could not implement the use of the CAC. Smart card technology allows for DoD provide secure access to computer systems and internet based data bases. The CAC replaces username/password access to secure internet sites or computer systems. The computer access process, common problems with the CAC, and how DoD issues the CAC to DoD personnel have been discussed. The CAC is a secure way to access DoD’s different data based systems, and ensures the individual requesting access is authorized to do so. 10 References Sun Developer Network. Documentation, smart card overview. Retrieved March 13, 2008 from http://java.sun.com/products/javacard/smartcards.html Wikipedia, the free encyclopedia. Documentation, Smart Card. Retrieved March 13, 2008 from http://en.wikipedia.org/wiki/Smart_card Wikipedia, the free encyclopedia. Documentation, Common Access Card. Retrieved March 13, 2008 from http://en.wikipedia.org/wiki/Common_Access_Card Wikipedia, the free encyclopedia. Documentation, Certificate Authority. Retrieved March 17, 2008 from http://en.wikipedia.org/wiki/Certificate_authority Wikipedia, the free encyclopedia. Documentation, Public key infrastructure. Retrieved March 17, 2008 from http://en.wikipedia.org/wiki/Public_key_infrastructure How Stuff Works, It’s good to know. Documentation, How Microprocessors Work. Retrieved March 17, 2008 from http://computer.howstuffworks.com/microprocessor.htm Fedora, directory server. CoolKey. Retrieved March 19, 2008 from http://directory.fedoraproject.org/wiki/CoolKey Wikipedia, the free encyclopedia. Documentation, Real-Time Automated Personnel Identification System. Retrieved March 19, 2008 from http://en.wikipedia.org/wiki/RAPIDS 11