Beruflich Dokumente
Kultur Dokumente
JEAN-DANIEL AUSSEL
Smart cards are portable tamper-resistant cryptographic devices that play a key role in digital iden-
tity by securely storing the card owner identity attributes and preserving its privacy, and by providing
strong authentication of the card owner before releasing identity attributes. Internet authentication
has traditionally been performed using Public Key Infrastructure (PKI) and one-time password (OTP)
smart cards, mostly for identifying and authenticating corporate users. On the other hand, a huge
number of smart cards are deployed by mobile network operators (MNO) to authenticate and identify
Jean-Daniel subscribers to the GSM and 3G networks, and by banks and financial institutions for payment. Large
Aussel is Head
deployments are also on the way for government identification cards or electronic passports. As a
of the Tools &
Application Labs result, card issuers like MNOs and banks can reuse their existing infrastructure and act as identity
R&D in Gemalto providers to third-party service providers, or service provider can use government cards to identify
and authenticate users.
The security of smart cards is based on a set of com- The security of the smart cards against physical and
ponents that protect both the physical card and stored logical attacks has been achieved thru the develop-
data or applications. The first component is the card ment of advanced counter-measures, and as a result,
body. Human-readable techniques (barcodes, holo- smart cards are the de-facto standard for digital secu-
grams, identity pictures) are used to prevent the card rity, and as such are the most deployed personal com-
body from being physically copied or counterfeited. puting device as shown in Table 1.
This offers a first level of security thru visual inspec-
tion, which obviously is not relevant for online digital
identity. Public Key Infrastructure Strong
Authentication
For protection against physical attacks, functional Public Key Infrastructure (PKI) smart cards are rou-
blocks are mixed, producing what is called a glue tinely used on personal computers for authentication
logic design. This makes it much more difficult for and identification of users, mostly in the corporate
an attacker to analyze the structure of the logic and world. PKI smart cards provide two-factor authenti-
locate functional blocks such as the CPU or coproces- cation, i.e. something you have, the smart card, and
sors. Buses are scrambled and buried, and thus inac- something you know, the card Personal Identification
cessible from outside the chip, so that connections Number (PIN). The main operating systems have
cannot be made to recover memory content. Memory
is also scrambled, to protect the chip from selective
access/erasure of individual data bytes. On top of the
physical scrambling, latest chips implement strong Personal Computing Device 2006 Worldwide shipments
in Millions of Units
ciphering thus preventing the reverse engineering of
memory and bus content. A current-carrying protec- Personal Digital Assistants (PDA) 18
tive layer is added at the top of the chip for power
Personal Computers (PC) 232
supply. If this layer is removed, the chip no longer
operates. Finally a set of sensors is activated to detect Mobile Phones 1000
Internet
Firefox Thunderbird Outlook
explorer
Figure 1 PKI aware applications interface to the smart card using the PKCS#11 or Microsoft CAPI interfaces.
Smart card vendors typically provide a PKCS#11 cryptoki library or a Microsoft CAPI service provider
smart card support for establishing VPN connections, identity. To do so, the 3rd party checks the certificate
most browsers are smart card enabled to perform validity by verifying that the certificate is effectively
secure connections using the Secure Socket Layer signed by the certificate issuer. This verification is
(SSL) or Transport Layer Security (TLS) protocols, done using the public key of the certificate issuer.
and several applications such as e-mail client are PKI
aware and can perform for example digital signature The PKI client, e.g. browser, mail client, or VPN
or mail encryption. client, interfaces to the smart card using two main
industry standards: Microsoft CAPI [3] and
PKI smart cards contain one or several X509 v3 [2] PKCS#11 [4], as shown in Figure 1. The use of stan-
certificates. A X509 v3 certificate is a digital certifi- dard APIs allows the plug-in of different implementa-
cate containing among other things subject identity tions of these cryptographic components, called cryp-
attributes, such as the common name, the public key tographic service providers (CSP) for CAPI and cryp-
of the subject, the certificate issuer, and the descrip- toki for PKCS#11. PKI smart cards are essentially
tion of the PKI algorithms, such as RSA or DSA, and limited to the corporate environment usage for secur-
finally a digital signature of the certificate by the cer- ing web access or establishing VPN connections.
tificate issuer. For strong authentication, the private The deployment in the consumer market is limited
key of the subject is stored securely inside the smart by the required issuance of smart cards and smart
card. The basic principle for authentication is to ask card reader, their associated device drivers, the post-
the user to sign a challenge with her private key, and issuance management of the cards, and the certificate
verify the signature with the public key of the user and certificate revocation list management.
which is stored in the certificate.
However, more and more identity smart cards with
For proof of identity, the user presents her certificate PKI features are deployed in several countries such as
containing the public key to a 3rd party. This certificate Belgium, Italy, Spain, Estonia, Austria. These identity
presentation is done programmatically by the client cards aim to provide to the citizen identification,
software. For example during the establishment of an authentication and signature features, for access to
SSL/TLS connection with a browser, the user certifi- a wide range of online services, such as online tax
cate is transmitted during the client hello message. The return. Companies like banks will also use the digital
3rd party then challenges the identity of the subject by identity of the citizen and the associated strong authen-
requiring the subject to sign a challenge with its private tication. The European Committee for Standardization
key. Successful authentication is obtained if the signed has standardized the signature card [5] and the Euro-
challenge can be recovered with the public key of the pean Citizen Card [6]. An ISO standardization effort
certificate. So far, this only proves that the subject is the has also started to standardize the cryptographic inter-
valid owner of the certificate, but it does not certify its face of the applications to the smart card [7].
Internet
Authentication server:
(performs user enrollment
and validation of OTP
authentication attempts)
OTP validation
PC with internet
access
Figure 3 Authentication with smart card based OTP. On the server side, an authentication server validates the
OTP passwords entered by the users on the service provider login page. On the user side, several devices can
be used to generate the OTP. From left to right, the first two devices are one-factor authenticators, i.e. some-
thing I have, and do not require a PIN. The first device is a smart card with a simple display and push-button,
the second device has in addition a USB interface that can be connected to the PC and perform automated
form-filling of the password in the browser. The third device is a two factor authenticator, where a PIN or a
challenge can be entered on the device to generate the OTP. In the fourth device, the smart card inside the
mobile phone equipment generates the OTP and uses the handset display and keyboard using the SIM toolkit
programming interface
Internet Financial
institution
online portal
OTP validation
PC with
Authentication Hardware
internet
server security
access
module
GemPocket
Figure 4 Authentication with OTP generated by EMV banking cards inside a dedicated reader device. The
device uses the on-card EMV application and keys to generate the OTP from the EMV transaction counter. The
authentication server uses the same hardware security module used for validating EMV payment transactions
Personal computer
(U)SIM
smart card
Home
location
register
Figure 6 EAP-SIM authentication message flow. The shared keys are only stored securely in the HLR or in the
SIM card. The radius server only retrieves a series of triplets from the HLR to optimize network connection.
On the PC side, all cryptographic operations are performed by the SIM card, as specified by the WLAN-SIM
specification
The radius server can retrieve a set of triplets from ods are mostly used for identifying users accessing
the HLR and perform authentication, as described web servers from a browser, but can be extended to
by the message flow of Figure 6. any client protocol, such as the Session Initialization
Protocol (SIP) for Voice-over-IP.
Multiple authentication triplets can be combined to
create authentication responses and encryption keys For network authentication, the EAP allows for arbi-
of greater strength than individual triplets. EAP-SIM trary authentication methods such as EAP-TLS, EAP-
also includes network authentication, user anonymity PEAP, EAP-SIM or EAP-AKA. The EAP messages
and fast re-authentication. are transported without interpretation over the net-
work components, e.g. the WiFi access point, and are
only interpreted by the supplicant and smart card on
EAP-SIM and EAP-AKA Authenti- the PC side, and by the radius server authentication
cation for Internet Services policy. In the case of WLAN-SIM, the EAP messages
EAP-SIM and EAP-AKA were initially designed to are even not interpreted by the PC supplicant but just
identify and authenticate card holders for wireless transmitted to the smart card that performs the com-
network access. This identity is the network identity plete EAP messages processing.
of the user. However, the identification of the users
to access internet services is not necessarily the same A web extensible authentication framework has been
as the network identity for several reasons. First, the built on this principle, for browser authentication
personal computer could be shared by several users. with EAP[13]. The extensible authentication frame-
Second, the internet services to access might be pro- work components are shown in Figure 7. When con-
vided by different business units or companies from necting to a service provider web site from a browser,
the internet provider, in which case the identity of the the user is directed to an authentication url that holds
network account cannot be retrieved. Finally, some an EAP gateway java servlet. By accessing the EAP
services require explicit user consent or proof of pres- servlet, the browser loads a signed ActiveX for Inter-
ence, and require more identity attributes than the net Explorer or a plug-in for Firefox, the Card Access
simple connection identifier. For these reasons, appli- Module (CAM). The EAP servlet and the CAM are
cation level authentications using EAP-SIM or EAP- then acting as gateways that carry transparently EAP
AKA have been developed to authenticate a user to messages between the smart card and the Radius
an internet service [18]. These authentication meth- server.
EMV
authentication
server
Sign-on request
auth. request
authentication request
check card
signature
ARQC, + issuer scripts
issuer scripts
Generate TC
TC
TC
TC
check
SAML token transaction
SAML token certificate
service
Figure 8 EMV authentication to a web server using the extensible authentication framework. The EMV
authentication is performed by completing a zero-amount EMV payment transaction
For the EMV strong authentication, a complete pay- For service providers, delegating identity and authen-
ment transaction with a zero amount is performed tication to identity providers provides a higher level
to authenticate the user, and the message flow is of security, cost saving by stopping the operation of
described in Figure 8. the existing authentication schemes, lowering thresh-
old for deployment since the identity provider man-
Although most browsers support natively PKI ages most of the infrastructure, simpler customer
authentication, this extensible authentication frame- management and the ability to reach more customers
work has the advantage to be open to new protocols, that are subscribers of the identity provider.
and hence allow the reuse of an existing infrastruc-
ture of cards, cryptographic devices and authentica- Finally for the end-users, having a centralized iden-
tion servers. Typically, financial institutions can tity provider provides a better control and manage-
reuse their issued cards and payment servers by ment of their identities, e.g. fewer passwords to
implementing an authentication based on the EMV remember, better protection and higher level of secu-
specifications, or mobile network operators can reuse rity with strong authentication, single-sign-on (SSO)
their existing HLR and deploy SIM cards for PC with framework that supports it, and universal appli-
authentication to their subscribers. cability to various services.
Compared to the OTP authentication, this framework Some of the recent identity frameworks include
can implement protocols with mutual authentication Liberty Alliance [20], OpenID [21], and Microsoft
of the card and server, such as EAP-AKA, and hence CardSpace [22].
avoid man-in-the-middle attacks.
Liberty Alliance is a consortium of industries that
defines a set of specifications for identity federation
Strong Authentication and Identity and single-sign-on. Identity federation in Liberty
Frameworks Alliance is based on the Security Assertion Markup
The strong authentication methods presented so far Language (SAML) defined by OASIS [23]. In Lib-
assume that the service provider authenticating the erty Alliance specification, single-sign-on (SSO) is
user is the card issuer, with the exception of PKI performed using browser redirection, as shown in
authentication with citizen cards emitted by govern- Figure 9.
ment or health care.
When the user is requesting a web page from the ser-
Deploying a strong authentication solution has a cost: vice provider that requires authentication, the service
procurement of the identity smart cards and devices provider redirects the authentication request to the
such as smart card readers, 24/7 operation of the identity provider (IDP). The IDP authenticates and
authentication server, deployment of drivers and mid- identifies the user, and returns upon successful
dleware for the client PCs, operation of a customer authentication a SAML token to the service provider
care center and card management system for post- using browser redirection. The service provider can
issuance operations, such as unblocking a PIN. optionally validate further the token offline, and gives
access to the required service if the SAML token is
On the other hand, several actors such as MNOs or valid.
financial institutions already have a huge installed
base of smart cards and devices such as handsets, as SSO requires a one-time initialization phase called
well as a server infrastructure and customer care cen- federation, in which the IDP and service provider
Single-Sign-On request
Authentication request
Authentication request
Authenticate
SAML token user
SAML token
SAML token
Validate
Token ok token
Access to service
exchange an opaque identifier to the user. This opac- MNOs such as Telenor, TeliaSonera and Orange to
ity ensures that the IDP and service provider do not operate pilot IDPs.
share the respective identity of the user.
An interesting variant of the EAP-SIM strong authen-
Liberty Alliance specifications do not specify the tication method for web access control has been
authentication methods. As a result, there is no stan- designed within the SIMStrong consortium [25],
dard strong authentication method implemented in which has the advantage of avoiding the deployment
the IDP products of the different vendors, nor is there of SIM cards with a USB form factor. In this solu-
a framework for plugging authentication methods. As tion, the Over-The-Air channel (OTA) is used to per-
a result, integrating a strong authentication method in form an EAP-SIM authentication between the radius
Liberty Alliance currently requires case-by-case inte- server and the SIM card inside the handset, as
gration with the different commercial IDP offers. In described in Figure 10.
the scope of the Celtic Fidelity [24] Eureka project,
the EAP-SIM/AKA method has been implemented in In this solution, called SIMStrong-over-SMS, when
IDPs from different vendors, and allowed several the end-user is redirected to the IDP for authentica-
EAP
-
Handset
Microsoft base smart card CSP Proxy plug-in to the MS base CSP
Manages
access to to forward calls to the mini driver on
.NET mini driver proxy the Gemalto .NET card
readers and
smart cards
MS smart card resource manager
Standard model
for interfacing
PC/SC
smart cards and
readers with
computers Gemalto .NET
Mini driver
tion an end-to-end EAP-SIM protocol is performed claims. Some cards are self-managed, i.e. the claims
between the SIM card in the handset and the Radius are not certified, but other claims are certified and
server. All EAP messages are exchanged over SMS managed by an identity provider. Self-managed cards
between the card and the IDP, and as standard radius are like user name/password chosen by a user to
messages over UDP between the IDP and the radius access a service, without any verification of the real
server. A SIM toolkit applet in the SIM card prompts identity of the user. Managed cards have an identity
for user-consent on the handset, and on consent and certified by an identity provider operating a Secure
successful authentication, the SAML token is Token Server (STS). To retrieve the claims of a man-
returned by the IDP to the browser, who is then aged card, the card-holder must authenticate to the
authenticated towards the service provider. STS, which returns an encrypted and signed token
that can be further presented to the Service Provider.
Windows CardSpace is another identity framework
released with Windows Vista and .NET framework Windows CardSpace authentication supports login/
3.0. CardSpace is a claim-based identity management password, Kerberos and X509 certificates, which
system, in wich a web service provider, called Rely- limits the possibility of integrating a strong authenti-
ing Party in the CardSpace framework, requests iden- cation protocol inside the CardSpace selector. Strong
tity claims from the user. The user can select a virtual authentication with smart cards can be performed
card thru a card selector that provides the required using either OTP or PKI.
Mobile
SIM card SMS gateway Secure token PC Relying party
network
server
operator
Get Information
card
Browse web site
Authenticate
Request security Prompt for claims user
Request token
Authenticate & authentication
retrieve claim A
in SIM u
t
Claim h
Security token
response
Send token to web site
Access to services
Figure 12 CardSpace strong authentication using the OTA channel. Upon authentication request from
CardSpace when selecting the managed card, the STS authenticates the user over the air and retrieves the
user’s claims inside the SIM card. A SIM toolkit applet prompts the user for consent to publish the identity
attributes
Windows CardSpace X509 strong authentication is 2 Housley, R, Polk, W, Ford, W, Solo, D. Certifi-
based on PKI, in which the STS authenticates the user cate and Certificate Revocation List (CRL)
using a challenge-response mechanism based on the Profile. IETF, April 2002. (RFC 3280)
X509 certificate of the user in the managed card and a
private key stored in the smart card. CardSpace client 3 Microsoft. Cryptography API. August 31, 2007
components are accessing the smart card thru a new [online] – URL: http://msdn2.microsoft.com/
API, the Crypto API Next Generation (CNG). Smart en-us/library/aa380255.aspx
cards providers typically write a smart card mini-driver
[26], also known as a card module, to interface their 4 RSA Laboratories. Cryptographic Token Inter-
smart card to the CNG. The CardSpace selector imple- face Standard. June 2004. (PKCS#11 v2.20)
ments the logics to perform the PKI authentication by
calling the Base Smart Card Cryptographic Service 5 CEN/ISSS. Fundamental specification : applica-
Provider (CSP). Figure 11 shows the current imple- tion smart card used as secure signature creation
mentation of X509 CardSpace using a .Net card, which device – Part 1 Basic Requirements, Part 2
is a smart card with an embedded .Net virtual machine. Optional Features. European Committee for
The base CSP performs the required cryptography with Standardization, March 2007. (CEN/ISSS EN
the .Net smart card using the associated mini-driver 14890-1&2)
proxy that forwards the calls to the .Net Mini Driver.
6 CEN/TC. European Citizen Card – Part 1 Physi-
Adding another type of authentication than OTP and cal, electrical and transport protocol characteris-
X509 to the CardSpace selector is not possible, since tics, Part 2 Logical data structure and card ser-
the selector is a closed-source component provided vices. European Committee for Standardization,
by Microsoft. However, using a second channel, such April 2007. (Technical Committee CEN/TC 224,
as the over-the-air channel for mobile network opera- Technical Specification 15480-1&2)
tors allow to perform any type of strong authentica-
tion in background between the STS and the card. 7 ISO/IEC. Integrated circuit card programming
This has been implemented for SMS strong authenti- interfaces – Part 1: Architecture, Part 2: Generic
cation [25] as illustrated in Figure 12. card interface, Part 3: Application interface, Part
4: API Administration. 2006. (ISO/IEC 24727-
1&2&3&4)
Conclusion
Smart cards are tamper-resistant devices that can play 8 M’Raihi, D, Bellare, M, Hoornaert, F, Naccache,
a key role for storing the identity attributes of the D, Ranen, O. HOTP : An HMAC-Based One-
user, or performing strong authentication for proof of Time Password Algorithm. December 2005.
identity. (RFC 4226, IETF)
Citizen cards are emerging in several countries, are 9 Mastercard. OneSmart Authentication. August 31,
based on PKI, and can provide identification, authen- 2007 [online] – URL: https://mol.mastercard.net/
tication and signature services. The electronic identity mol/molbe/public/login/ebusiness/smart_cards/
of these citizen cards is guaranteed by the authorities, one_smart_card/biz_opportunity/cap/index.jsp
and authentication can be performed online using the
card issuer certificates without requiring connection 10 Visa. Dynamic passcode authentication. August
to an identity provider. 31, 2007 [online] – URL: http://www.visaeurope.
com/aboutvisa/products/dynamicpasscode.jsp
Financial institutions and Mobile Network Operators
have issued a huge number of payment cards and 11 ETSI. Specification of the SIM Application
SIM cards and are operating the associated crypto- Toolkit for the SIM – Mobile Equipment Inter-
graphic server infrastructure. They are as such well face, GSM 11.14 v. 5.9.0. 1996.
13 Aboba, B. PPP EAP TLS Authentication 21 OpenID Specifications. August 31, 2007 [online]
Protocol. IETF, October 1999. (RFC 2716) – URL: http://openid.net/specs.bml
14 Haverinen, H, Salowey, J. Extensible Authentica- 22 Windows CardSpace. August 31, 2007 [online] –
tion Protocol Method for GSM Subscriber Iden- URL: http://cardspace.netfx3.com/
tity Modules (EAP-SIM). IETF, January 2006.
(RFC 4186) 23 OASIS. SAML v2.0 specifications. August 31,
2007 [online] – URL: http://www.oasis-open.
15 Arkko, J, Haverinen, H. Extensible Authentication org/specs/index.php#samlv2.0. (March 2005)
Protocol Method for 3rd Generation Authentica-
tion and Key Agreement (EAP-AKA). IETF, Jan- 24 FIDELITY – Federated Identity Management
uary 2006. (RFC 4187) based on LIBERTY. August 31, 2007 [online] –
URL: http://www.celtic-fidelity.org/fidelity/
16 ETSI. Smart Cards: Extensible Authentication index.jsp
Protocol support in the UICC, V6.2.0. September
2005. 25 Van Thanh, D et al. Unified SIM Strong Authen-
tication for CardSpace and Liberty Alliance.
17 WLAN Consortium. EAP-SIM Handler Specifica- 3GSM World Congress, Barcelona, February 12-
tion Version 1.1. August 1, 2004. 15, 2007. Available at http://www.simstrong.org.
18 Van Thanh, D et al. Offering SIM Strong Authen- 26 Microsoft. Smart Card Minidriver Specification
tication to Internet Services. SIMstrong White for Windows Base Cryptographic Service
Paper, 3GSM World Congress, Barcelona, Febru- Provider (Base CSP) and Smart Card Key Stor-
ary 13-16, 2006. age Provider (KSP), Version 5.06a. January
2007.
19 EMVCo. EMV 4.1 Specifications. August 31,
2007 [online] – URL: http://www.emvco.com/
specifications.asp. (June 2004)
Jean-Daniel Aussel is Head of the Tools & Application Labs R&D in Gemalto, in the Technology and Innovation division.
Gemalto is a provider of end-to-end digital security solutions, from the development of software applications through design
and production of secure personal devices such as smart cards, SIMs, e-passports, and tokens to the management of deploy-
ment services for its customers. Jean-Daniel holds a PhD from the INSA Engineering School in Lyon, France, and has been
working in the smart card industry successively in Bull, CP8, Schlumberger smart cards, axalto, and currently Gemalto, created
from the merge of the two smart card market leaders gemplus and axalto. Before working in smart cards and security, Jean-
Daniel has been successively working in digital signal processing at the Research Council Canada and Ultra Optec, a small
Canadian start-up, and later on designing personal computer and server operating systems at Prologue Software.
email: jean-daniel.aussel@gemalto.com