1 © SURFnet 1998 Smart Access: Strong Authentication on the Web [email protected] TNC Dresden 5-8 October 1998
Feb 06, 2016
1 © SURFnet 1998
Smart Access: Strong Authentication on the
Web
TNC Dresden 5-8 October 1998
2 © SURFnet 1998
What’s the problem?
3 © SURFnet 1998
Authentication solutions
IP-based spoofing/proxies username /
passwordsniffing
SSL certificatesserver & client
CertificateAuthorities
4 © SURFnet 1998
Introducing…the smartcard
EEPROM
ROM
RAMCPU
I/Oetc
IBM MFC smartcard:
•8 bit Processor•2K ROM (OS)•10K EEPROM (Apps)•<1K RAM•3,64Mhz clockspeed
5 © SURFnet 1998
Smartcard intro (Cont’d)
EF EF
MF
EF EF
DF
EF EF
DF
EF EF
DF
EF EF
DF
• MF Master File• DF Dedicated File• EF Elementary Files
6 © SURFnet 1998
Access conditionsFor each command on a file:• ALW (Always)• CHV (CardHolder Verification)• PRO (Protected with key X)
– Secure handshake with MAC• AUT (External Authentication)• ENC (Enciphered)
– PRO plus encrypted data• NEV (never)
(triple) DES !
7 © SURFnet 1998
Student Smartcard• College pass• library pass• loan/grant registration number• membership data• e-purse (Chipper)
8 © SURFnet 1998
Our model is ISI
WWW
SAS
ApplicationServer
ApplicationServer
Client
Client
trustedcommunication
lines
trustedcommunication
lines
APPLICATIONPROVIDER
ENVIRONMENT
9 © SURFnet 1998
ISI Protocol
10 © SURFnet 1998
Current applications• Downloading of commercial software
(Smart Server)• Access to exam results database• Student grants/loans system• StudyNet:
– registration for courses and exams– access to exam results
11 © SURFnet 1998
Issues• Java implementations in browsers• Support for smartcard readers (com port)• Use of DES in public key world• Scaling of DES-based two-party
authentication
12 © SURFnet 1998
Tree-party Authentication
WWW
SAS
ApplicationServer
ApplicationServer
Client
Client
trustedcommunication
lines
trustedcommunication
lines
APPLICATIONPROVIDER
ENVIRONMENT
AS
13 © SURFnet 1998
Demo time!• Setup Card Reader• StudyNetFaculty of Arts, Utrecht University
14 © SURFnet 1998
References• http://www.surfnet.nl/surfnet/projects/home-office/• http://www.surfnet.nl/projecten/surf-ace/homeoffice/
(dutch)• http://www.iscit.surfnet.nl/• http://www.chipcard.ibm.com/
15 © SURFnet 1998
Be Smart!
16 © SURFnet 1998
17 © SURFnet 1998
Offline demo
18 © SURFnet 1998
Offline Demo (cont’d)
19 © SURFnet 1998
Offline Demo (cont’d)
20 © SURFnet 1998
Offline Demo (cont’d)
21 © SURFnet 1998
Offline Demo (cont’d)
22 © SURFnet 1998
Offline Demo (cont’d)