Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up




Smartcards: The Intelligent Way To Security

By Dan Backman
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/
 Imagine if logging into a network were as simple as using your ATM card. Insert a card into your computer, enter a PIN, and you're free from the hassles of remembering user names and passwords. Instead of identifying users with something they must know--passwords--smartcards tighten network security by employing something the user has--a physical object that can't be copied.

Through the magic of public key cryptography and X.509 certificates, these smart credit cards securely store private keys, as well as public key certificates. Because the embedded private key is the digital representation of a user's identity, the smartcard is key to digitally signed and encrypted messages, provides access to protected intranet sites and is a possible enabler to a single network sign on.

Unlike your ATM card, however, smartcards don't rely on a simple magnetic stripe to store a few bytes of data. They are deceptively complex: Smartcards look like standard credit cards with a small square grid of metal contacts on one side, but they contain a fully working computer inside. Built upon an embedded processor, a few kilobytes of RAM and cryptographic chips, smartcards are more than a storage medium for digital certificates and public/private key pairs (see "Types of Smartcards" on page 170).

Smartcards are becoming common in several markets, such as electronic banking and GSM mobile telephones, and they're now making a move toward becoming a network security commodity. Recent standards like RSA's PKCS#11 and PC/SC (Personal Computer/SmartCard, driven by Microsoft Corp. and various smartcard vendors) promise to make adding smartcard security as easy as adding another hard drive.

To evaluate the state of smartcard technology, we tested NetSign, a smartcard solution from Litronic, in Network Computing's Syracuse University lab. Litronic's product includes a smartcard reader/writer that plugs into any PC using a serial connection and a couple of bundled Schlumberger Cryptoflex cards (4-KB cards with on-board RSA crypto-engines). At testing time, Litronic supported only Netscape Communications Corp.'s Communicator 4.0's PKCS#11 interface, so our tests were limited to Netscape's browser and mail client.

Security Is Cryptography To understand the importance of smartcard technology, you must examine network authentication systems. Nearly every network security protocol takes advantage of some form of cryptography. Unix passwords are stored in a one-way hash, a function of DES (Data Encryption Standard), Windows NT Domain security relies on a challenge-response protocol to limit clear-text passwords from traversing the network, and key-distribution systems like MIT's Kerberos rely solely on private (symmetric) key cryptography to authenticate users.

All of these systems operate on the concept of a shared secret. In most cases, the user's password is used to derive a secret key, which is compared to an identical key stored in the user's security account on the security server. All modern network security systems store users' secret keys (passwords) in a secure fashion, but these systems are vulnerable if the server's key database is compromised.

A security system using public key cryptography, in contrast, can take advantage of the fact that encryption keys are asymmetric. This means that the server must store only the user's public key, negating the need to securely store the user's password on the server. In fact, the server's copy of the user's key becomes public information. Public key cryptography solves the problem of maintaining a database of users' keys on the security server, but it adds another layer of key management. Instead of a single key (or password), the security service requires two keys for every user. While users' public keys can be stored in a public directory service, users must have a secure way to store and access their private keys.


For the Side Bar on

Types Of Smartcards


Other Workshops

Baselining Your Service Provider
By Philip Carden

Related Links

Certificate Authorities: How Valuable Are They?

Bridging The Business-to-Business Authentication Gap

Guarding The Flank With RADIUS & TACACS+

Socks Version 5: The UnFirewall

What To Look For In Dial-In Authentication


Company Directory
to browse our data, starting with a particular company.

Network Computing Links
allows you to request additional product information from our advertisers.

Print This Page



Research and Reports

Hypervisor Derby
August 2011

Network Computing: August 2011

TechWeb Careers