1 / 32

Smart Card Security in Wireless Network Transmission

Smart Card Security in Wireless Network Transmission. Presentation of project : 4 th april 2003. Jean-François DAHAN, Sébastien FORGET Olivier AMIOT, Nicolas BERROGAIN, Jianwei YU Erwan ASSELOOS, Rio SASMITA. Responsable : M. KOENIG, Maître de conférences, ESSI.

euclid
Download Presentation

Smart Card Security in Wireless Network Transmission

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Card Security in Wireless Network Transmission Presentation of project : 4th april 2003 Jean-François DAHAN, Sébastien FORGET Olivier AMIOT, Nicolas BERROGAIN, Jianwei YU Erwan ASSELOOS, Rio SASMITA Responsable : M. KOENIG, Maître de conférences, ESSI

  2. Smart Card Security in Wireless Network Transmission • Introduction • Objective • Problem and Solution • Implementation • Conclusion • Question

  3. Introduction E-gate ? The USB Smart Card platform for E-business Security, based on Java Card Technology E-Gate Smart Card Token format E-Gate Smart Card ISO format

  4. Introduction Benefit: Works on existing terminals Branding space Fits in wallet E-Gate Smart Card ISO format Plug-in token, SIM Format Integrated solution Key Ring format E-Gate Smart Card Token format

  5. Introduction Benefit: • Easy implementation • ISO/USB versatility • USB communication performance • Plug & play • High level cryptographic capability: digital ID, authentication • A cost effective device, fast communications speed • Can combine strong authentication with other applications on the same card E-Gate Smart Card

  6. Wifi network Wi-Fi and Access Point

  7. Problem and Solution • Authentication • Access to Network Jean-François, Sébastien • Certification • Data integrity Jianwei, Olivier, Nicolas • Cryptography • Confidentiality Rio, Erwan

  8. Objective Wi-Fi and Access Point

  9. Solution Problem and Solution • Authentication • Certification • Cryptography

  10. USB Communications Expected Signal Acknolegement APDU 2 V/cm 100 µS/cm

  11. USB Communications Measured Signal : Numerous Gaps 2 V/cm 10 µS/cm

  12. Development Environments • J2SE with Java 2 SDK v1.4 include JCE : Java Cryptographic Environment • JavaCard 2.1.1 Development Kit with SchlumbergerSema cryptographic extension • For compilation card applet Java 2 SDK v1.3 • SchlumbergerSema Cyberflex Access Software Development Kit

  13. Implementation SchlumbergerSema IOP API • API (C++) for communication with the windows device manager • For Java Application use IOP JNI API

  14. Implementation PC Client Installation • Activate Windows Smart Card communication service PC/SC device drivers • Communication program with proxy server • Web navigator with Java interpreterfor applet authentication

  15. Implementation Trusted Applet : Signature • Security policy : file java.policy • Applet sign = jar file • Applet encrypted with the private key

  16. Implementation Authentication

  17. Authentication • Server Side • Owns clients public keys • PC Applet Receives encrypted message from the server and sends them to the javacard applet for decryption • Javacard Applet Receives encrypted messages and decrypts it

  18. Authentication Protocol SHA Server private key Client private key Client public key Server public key 2 WWW 5 8 3 rdm 4 1 : PC wants to authenticate to the server 7 2 : PC sends user ID to the server 6 3: Server encrypts random message with server private key 4: Server sends the encrypted message 5: PC transmits the encrypted message to the card 6: Card decrypts the message with the server public key. If OK, the card makes a SHA encrypt of the random message using private key 7: The encrypted SHAis transmitted to the server 8: Server decrypts the message with the card public key.

  19. Implementation Certification

  20. Certification On Sender Side

  21. Certification = Receiver Side for Verification Decypher Digest from the Sender Encrypted Digest Signed Message = Public Key =? Comparison Original Message Local Generation of the Digest

  22. Certification Test Procedure Signatured Verification Calculated by the Client Certification Test (SHA and RSA) Achieved by the E-Gate Référence Calculation on the client Server Client Message Sent by the Client

  23. Certification Test Results

  24. Implementation Cryptography  Asymmetric Key  Session Key

  25. Asymmetric Key How does it work ? Server private key Client private key Server public key Client public key

  26. Asymmetric Key • On the client side • Client private key : in the card and never go out. • Messages encrypted by the card. • This solution is very secure but all performance depends on the performance of the card. How to measure this performance :

  27. Asymmetric Key Results : Encryption time with the card • Very bad performances => This algorithm can not be used

  28. Session key Session Key How does it work ? Server private key Client private key Server public key Client public key

  29. Session Key • Private key remains in the card • Exchange client/server with symmetric key in the computer. • Much faster and reliable • Results : Encryption time with the card

  30. Demonstration URL To change the browser properties Go to the URL Previous page To connect to the secure server

  31. Conclusion • Some solutions • Smart Card = Future Technology • A Good Team Project and Experiences

  32. Question

More Related