Smart Card Security, Part 3

As the card issuer, you must define all of the parameters for card and data security. There are two methods of using cards for data system security, host-based and card-based. The safest systems employ both methodologies.

Host-Based System Security

A host-based system treats a card as a simple data carrier. Because of this, straight memory cards can be used very cost-effectively for many systems. All protection of the data is done from the host computer. The card data may be encrypted but the transmission to the host can be vulnerable to attack. A common method of increasing the security is to write in the clear (not encrypted) a key that usually contains a date and/or time along with a secret reference to a set of keys on the host. Each time the card is re-written the host can write a reference to the keys. This way each transmission is different. But parts of the keys are in the clear for hackers to analyze. This security can be increased by the use of smart memory cards that employ a password mechanism to prevent unauthorized reading of the data. Unfortunately the passwords can be sniffed in the clear. Access is then possible to the main memory. These methodologies are often used when a network can batch up the data regularly and compare values and card usage and generate a problem card list.

Card-Based System Security

These systems are typically microprocessor card-based. A card, or token-based system treats a card as an active computing device. The Interaction between the host and the card can be a series of steps to determine if the card is authorized to be used in the system. The process also checks if the user can be identified, authenticated and if the card will present the appropriate credentials to conduct a transaction. The card itself can also demand the same from the host before proceeding with a transaction. The access to specific information in the card is controlled by (1) the card's internal Operating System and (2) the preset permissions set by the card issuer regarding the files conditions. The card can be in a standard CR80 form factor or be in a USB dongle or it could be a GSM SIM Card.

Threats to Cards and Data Security

Effective security system planning takes into account the need for authorized users to access data reasonably easily, while considering the many threats that this access presents to the integrity and safety of the information. There are basic steps to follow to secure all smart card systems, regardless of type or size.

  • Analysis: Types of data to secure; users, points of contact, transmission. Relative risk/impact of data loss
  • Deployment of your proposed system
  • Road Test: Attempt to hack your system; learn about weak spots, etc.
  • Synthesis: Incorporate road test data, re-deploy
  • Auditing: Periodic security monitoring, checks of system, fine-tuning

When analyzing the threats to your data an organization should look closely at two specific areas: Internal attacks and external attacks. The first and most common compromise of data comes from disgruntled employees. Knowing this, a good system manager separates all back-up data and back-up systems into a separately partitioned and secured space. The introduction of viruses and the attempted formatting of network drives is a typical internal attack behavior. By deploying employee cards that log an employee into the system and record the time, date and machine that the employee is on, a company automatically discourages these type of attacks.

(Click image for larger version.)

External attacks are typically aimed at the weakest link in a company's security armor. The first place an external hacker looks at is where they can intercept the transmission of your data. In a smart card-enhanced system this starts with the card.

(Click image for larger version.)

The following sets of questions are relevant to your analysis. Is the data on the card transmitted in the clear or is it encrypted? If the transmission is sniffed, is each session secured with a different key? Does the data move from the card reader to the PC in the clear? Does the PC or client transmit the data in the clear? If the packet is sniffed, is each session secured with a different key? Does the operating system have a back door? Is there a mechanism to upload and down load functioning code? How secure is this system? Does the OS provider have a good security track record? Does the card manufacturer have precautions in place to secure your data? Do they understand the liabilities? Can they provide other security measures that can be implemented on the card and or module? When the card is subjected to Differential Power attacks and Differential Thermal attacks does the OS reveal any secrets? Will the semiconductor utilized meet this scrutiny? Do your suppliers understand these questions?

Other types of problems that can be a threat to your assets include:

  • Improperly secured passwords (writing them down, sharing)
  • Assigned PINs and the replacement mechanisms
  • Delegated Authentication Services
  • Poor data segmentation
  • Physical Security (the physical removal or destruction of your computing hardware)

Security Architectures

When designing a system a planner should look at the total cost of ownership this includes:

  • Analysis
  • Installation and Deployment
  • Delegated Services
  • Training
  • Management
  • Audits and Upgrades
  • Infrastructure Costs (Software and Hardware)

Over 99% of all U.S.- based financial networks are secured with a Private Key Infrastructure. This is changing over time, based on the sheer volume of transactions managed daily and the hassles that come with private key management. Private Key-based systems make good sense if your expected user base is less than 500,000 participants.

Public Key Systems are typically cost effective only in large volumes or where the value of data is so high that its worth the higher costs associated with this type of deployment. What most people don t realize is that Public Key systems still rely heavily on Private Key encryption for all transmission of data. The Public Key encryption algorithms are only used for non-repudiation and to secure data integrity. Public Key infrastructures as a rule employ every mechanism of data security in a nested and coordinated fashion to insure the highest level of security available today.

PKI Public Key Infrastructure

The following images illustrate a typical PKI-based system:

(Click images for larger versions.)