home news blogs forums events research newsletter whitepapers careers


UBM Network Computing
TechWeb
HOT PICKS

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |
APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers






Smartcards: The Intelligent Way To Security

By Dan Backman
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/
 Imagine if logging into a network were as simple as using your ATM card. Insert a card into your computer, enter a PIN, and you're free from the hassles of remembering user names and passwords. Instead of identifying users with something they must know--passwords--smartcards tighten network security by employing something the user has--a physical object that can't be copied.

Through the magic of public key cryptography and X.509 certificates, these smart credit cards securely store private keys, as well as public key certificates. Because the embedded private key is the digital representation of a user's identity, the smartcard is key to digitally signed and encrypted messages, provides access to protected intranet sites and is a possible enabler to a single network sign on.

Unlike your ATM card, however, smartcards don't rely on a simple magnetic stripe to store a few bytes of data. They are deceptively complex: Smartcards look like standard credit cards with a small square grid of metal contacts on one side, but they contain a fully working computer inside. Built upon an embedded processor, a few kilobytes of RAM and cryptographic chips, smartcards are more than a storage medium for digital certificates and public/private key pairs (see "Types of Smartcards" on page 170).

Smartcards are becoming common in several markets, such as electronic banking and GSM mobile telephones, and they're now making a move toward becoming a network security commodity. Recent standards like RSA's PKCS#11 and PC/SC (Personal Computer/SmartCard, driven by Microsoft Corp. and various smartcard vendors) promise to make adding smartcard security as easy as adding another hard drive.

To evaluate the state of smartcard technology, we tested NetSign, a smartcard solution from Litronic, in Network Computing's Syracuse University lab. Litronic's product includes a smartcard reader/writer that plugs into any PC using a serial connection and a couple of bundled Schlumberger Cryptoflex cards (4-KB cards with on-board RSA crypto-engines). At testing time, Litronic supported only Netscape Communications Corp.'s Communicator 4.0's PKCS#11 interface, so our tests were limited to Netscape's browser and mail client.

Security Is Cryptography To understand the importance of smartcard technology, you must examine network authentication systems. Nearly every network security protocol takes advantage of some form of cryptography. Unix passwords are stored in a one-way hash, a function of DES (Data Encryption Standard), Windows NT Domain security relies on a challenge-response protocol to limit clear-text passwords from traversing the network, and key-distribution systems like MIT's Kerberos rely solely on private (symmetric) key cryptography to authenticate users.

All of these systems operate on the concept of a shared secret. In most cases, the user's password is used to derive a secret key, which is compared to an identical key stored in the user's security account on the security server. All modern network security systems store users' secret keys (passwords) in a secure fashion, but these systems are vulnerable if the server's key database is compromised.

A security system using public key cryptography, in contrast, can take advantage of the fact that encryption keys are asymmetric. This means that the server must store only the user's public key, negating the need to securely store the user's password on the server. In fact, the server's copy of the user's key becomes public information. Public key cryptography solves the problem of maintaining a database of users' keys on the security server, but it adds another layer of key management. Instead of a single key (or password), the security service requires two keys for every user. While users' public keys can be stored in a public directory service, users must have a secure way to store and access their private keys.


For the Side Bar on

Types Of Smartcards


Other Workshops

Baselining Your Service Provider
By Philip Carden

Related Links

Certificate Authorities: How Valuable Are They?

Bridging The Business-to-Business Authentication Gap

Guarding The Flank With RADIUS & TACACS+

Socks Version 5: The UnFirewall

What To Look For In Dial-In Authentication


Company Directory
to browse our data, starting with a particular company.

Network Computing Links
allows you to request additional product information from our advertisers.

Print This Page








Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Purchase Today: $299
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch


Microsite of the Week


Powerful Information at Your Fingertips



App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Media Kit  |   Briefing Centers
Other Techweb Sites:   InformationWeek Reports  |  Intelligent Enterprise  |  Light Reading  |  InformationWeek
Techweb  |  Dark Reading  |  Network Computing Germany  |   Byte & Switch  |  bMighty  |  Small Biz Resource  |  InformationWeek Analytics
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights