Embed Size (px)
DESCRIPTION
Smart Access: Strong Authentication on the Web [email protected] TNC Dresden 5-8 October 1998. What’s the problem?. Authentication solutions. ROM. EEPROM. I/O etc. R A M. CPU. Introducing…the smartcard. IBM MFC smartcard: 8 bit P rocessor 2K ROM (OS) 10K EEPROM (Apps) - PowerPoint PPT Presentation
Citation preview
1 © SURFnet 1998
Smart Access:
Strong Authentication on the Web
TNC Dresden 5-8 October 1998
2 © SURFnet 1998
What’s the problem?
3 © SURFnet 1998
Authentication solutions
IP-based spoofing/proxies username /
passwordsniffing
SSL certificatesserver & client
CertificateAuthorities
4 © SURFnet 1998
Introducing…the smartcard
EEPROM
ROM
RAM
CPU
I/Oetc
IBM MFC smartcard:
•8 bit Processor•2K ROM (OS)•10K EEPROM (Apps)•<1K RAM•3,64Mhz clockspeed
5 © SURFnet 1998
Smartcard intro (Cont’d)
EF EF
MF
EF EF
DF
EF EF
DF
EF EF
DF
EF EF
DF
• MF Master File• DF Dedicated File• EF Elementary Files
6 © SURFnet 1998
Access conditions
For each command on a file:• ALW (Always)• CHV (CardHolder Verification)• PRO (Protected with key X)
– Secure handshake with MAC
• AUT (External Authentication)• ENC (Enciphered)
– PRO plus encrypted data
• NEV (never)
(triple) DES !
7 © SURFnet 1998
Student Smartcard
• College pass
• library pass
• loan/grant registration number
• membership data
• e-purse (Chipper)
8 © SURFnet 1998
Our model is ISI
WWW
SAS
ApplicationServer
ApplicationServer
Client
Client
trustedcommunication
lines
trustedcommunication
lines
APPLICATIONPROVIDER
ENVIRONMENT
9 © SURFnet 1998
ISI Protocol
10 © SURFnet 1998
Current applications
• Downloading of commercial software(Smart Server)
• Access to exam results database
• Student grants/loans system
• StudyNet:– registration for courses and exams– access to exam results
11 © SURFnet 1998
Issues
• Java implementations in browsers
• Support for smartcard readers (com port)
• Use of DES in public key world
• Scaling of DES-based two-party authentication
12 © SURFnet 1998
Tree-party Authentication
WWW
SAS
ApplicationServer
ApplicationServer
Client
Client
trustedcommunication
lines
trustedcommunication
lines
APPLICATIONPROVIDER
ENVIRONMENT
AS
13 © SURFnet 1998
Demo time!
• Setup Card Reader
• StudyNetFaculty of Arts, Utrecht University
14 © SURFnet 1998
References• http://www.surfnet.nl/surfnet/projects/home-office/• http://www.surfnet.nl/projecten/surf-ace/homeoffice/
(dutch)• http://www.iscit.surfnet.nl/• http://www.chipcard.ibm.com/
15 © SURFnet 1998
Be Smart!
16 © SURFnet 1998
17 © SURFnet 1998
Offline demo
18 © SURFnet 1998
Offline Demo (cont’d)
19 © SURFnet 1998
Offline Demo (cont’d)
20 © SURFnet 1998
Offline Demo (cont’d)
21 © SURFnet 1998
Offline Demo (cont’d)
22 © SURFnet 1998
Offline Demo (cont’d)
