[ale] Smart cards

Michael H. Warfield mhw at WittsEnd.com
Fri Oct 7 10:00:31 EDT 2011


On Thu, 2011-10-06 at 21:41 -0400, Michael B. Trausch wrote: 
> On Thu, Oct 06, 2011 at 06:52:43PM -0400, Michael H. Warfield wrote:
> > On Thu, 2011-10-06 at 16:11 -0400, Michael Trausch wrote: 
> > > Just to clarify, I am not specifically looking for an OpenPGP smartcard...
> > > anything that'll do for auth is fine.
> >
> > Hmmm...
> >
> > I haven't quite done what you are looking to do but you might check
> > into the Aladdin eToken cards / tokens.  They have Windows software
> > which I believe MIGHT do what you want to do but you'd have to buy
> > that separately.  You'll need their pkcs11 driver to make the token
> > work with NSS, ssh, pgp/gpg, and pam but it can be done.  I've used
> > these with ssh (ssh-agent on Fedora has NSS integration and NSS
> > handles the pkcs11 side of the house when used with ssh-agent).
> > I've seen some code which, I think, logs you in when you insert a
> > smart card and locks your screen when you pull it out but have had
> > no experience with it.  The pam_usb module does something similar
> > but just uses a plain ole usb memory card on which some sort of key
> > is simply stored for that.

> I would like something whre you can essentially lock the system, yes.
> Well, actually, here is what I would _like_ to do, though I don't
> seriously know if this would be an attainable setup:

> * Be able to have my own CA (trusted roots aren't relevant here, I'd
>     be installing the root CA onto the systems I am managing).

That's fairly minor.  I do it around here.  Couple of CA management
systems out there but I just use the openssl stuff and scripts.

> * Be able to use that CA to initialize a smart card, such that the
>     smart card would be given to a person to use as their identity
>     card for network operations.

Backwards.

You use the smart card to generate the key on the card and it gives you
the private key you incorporate into an X.509 crs (certificate request).
You sight that certificate request with your CA to create a certificate
which you then install.

> * Be able to map a smart card's public key to a user, which is of
>     course a prerequisite for everything else.  In all probability
>     this can easily be solved by using the CN field to indicate the
>     user's name and domain in email format.

That's high level stuff.  Part of the X.509 DN or CN most likely.

> * Be able to use the card for networked workstation logins for
>     specially configured computers on the business network.

> * Be able to use the card to gain access to mountable filesystems in
>     a secure manner for computers e.g., at home or other locations.
>     Of course, when the card is removed the access to the filesystem
>     should be revoked, it should become
>     unmounted/disconnected/whatever.

That's rather unlikely.  That would be more on the order of the account
access.  If the user is logged in, he has access.  If the user is logged
out, he looses access.

> * It should be possible to use that smart card with e.g., Firefox so
>     that that identity card can go home with them, and they can gain
>     access without a username and password to the company site(s).

That's just certs and access control.  I know where you're going with
this but you have to avoid the problem I saw at the IETF with the
emergency responders working group that another area manager referred to
as "we like toast - make the Internet make toast" (referring to some of
the demands form the ITU and outside emergency responders).  Understand
your technology FIRST.  Then decided it what you want to do is
appropriate for the technology.

> * It should be possible to use that card to sign/encrypt mails
>     "internally" (being a self-signed CA means that it wouldn't
>     [rather, shouldn't] be used on the Internet, but interally the
>     cert can be validated); of course, we're talking about S/MIME
>     here, because that's the only thing that works out of the box for
>     all standard MUAs that I'm aware of (sorry, even though I am using
>     one right now, I don't consider terminal MUA to be standard
>     anymore...)

Signing is appropriate for the smart card.  You don't need it to encrypt
though.  Encryption only requires the public key/certificate of the
other person.  The pubic keys and certs are NOT stored on the smart
card.

> * It should be possible to do this regardless of the operating
>     system on the client system.  The card should be usable on
>     Windows, on OS X, and on Linux systems with a minimum of setup.

For some value of "should" (i.e. may require two or more copies of the
key on the smart card).  Be realistic and flexible here.

> * I don't want to know the private key.  I don't want them to know
>     the private key.  I want to be able to provision a new card and
>     associate it with their user account with relative ease (and
>     honestly, just signing their key with the CA would be sufficient
>     for that, as long as they correctly format their user at domain.tld
>     when they create the CSR).

With smart cards, you won't be ABLE to know the key (unless you are
generating keys externally and loading them onto the smart cards - which
is NOT a SMART move).

> * Also, I'd like it to be possible to have something better than a 4
>     digit PIN on the stupid thing.  I realize that many of the cards
>     out there will burn themselves out (much like a SIM card does)
>     after a certain number of failed attempts, but that doesn't really
>     mean much when people's 4-digit codes tend to be really
>     predictable if you know the person for any length of time.  Four
>     digit PIN numbers are evil.  EVIL.

Most of the smart cards I know support up to 8 digit pins but what's the
point?  You've got a 5 error lockout and then you must use the security
officers PIN to unlock it.  You can't brute force 4 digits with 5 shots.
Shoulder surfing is another matter but I and many many others can
shoulder surf 8 just about as easy as 4 (hint - you're more likely to
see memorable patterns even if nobody meant them).  They don't "burn
themselves out".  They merely "lock" and you can't unlock them without
the security officer pin or format them with the transport pin (which is
the same thing for some cards).

> Am I asking too much, do you think?

At first guess - yes.  Should take you about 5 years to put all these
pieces together in a single package and then you can start testing.  I
say that partly because you don't seem to really understand the
technology very well so you've got some misconceptions in there, which
I've tried to point out above.

> > All that said...  There are 2 types of Aladdin eToken cards.
> >
> > There are the 72K (yes, I said "K" - you don't need much space for
> > keys) Java tokens (smart cards in a USB format).  These use their
> > Java cardlet to actually implement the crypto stuff in Java.  They
> > reserve some of the space for updates to the Java cardlet so you
> > really only have about 64K available on the card for keys (which can
> > store a couple dozen private keys - you don't store public keys or
> > whole certs on them).  Those will run you in the $30-$40 range from
> > CDW (cdw.com).  I've got a couple of those and don't really care for
> > them.  People claim the Aladin middleware (which uses a proprietary
> > protocol to talk to the cardlet) is buggy and klunky.
> 
> Java.  On a card.  Sheesh.
> 
> I must be missing something, though.  How can you do authentication if
> there aren't any certificates involved, unless you are keeping a
> database with every single public key.  I'd like to just sign a
> certificate and they can present that client certificate (or use it in
> any other valid way, for that matter).
> 
> > There are also 32K and 64K CardOS cards which are slightly more
> > expensive (about $45 each for the 64K units I just bought a month
> > ago or so).  They still require an Aladdin pkcs11 driver but you can
> > locate that on the net for download.  I've used the 32K tokens in
> > the past with ssh.  Just starting to play with my new 64K ones now.
> > Last ALE meeting on ssh, I had a keyring full of these things.  They
> > can be formatted for use directly with OpenCT but the format is not
> > compatible with the Aladdin format, which you would need for any
> > Windows Software.  There are guides on the net on setting them up
> > and getting them working with Linux.

> So... cross-platform compatibility is a pipe dream?  In order to make
> it possible to use truly smart cards that never leak the private key,
> I'd have to give 1 user multiple keys so that they could use the right
> type based on whatever operating system they're using?

Pure cross platform in pure open sources is a pipe dream.

Pure cross platform with closed drivers is a semi pipe dream.  Can be
done but is "less that pure" and hasn't been implemented in a
prepackaged roll it in and use it out of the box form.  You'll have a
lot of work to do.

> Perhaps I am seeing why these things aren't ubiquitous....

No.  They're not ubiquitous because, to the business and end user
mindset, they are EXPENSIVE and it sounds like you are looking for an
enterprise solution here.  Expect to pay.

Passwords and pins - Free!  (Business heads don't see the cost of help
desk changing passwords).

Mag strip card < $.10
(That's why we see these in hotels now - cheaper than keys.)

Banking "chip and pin" cards (not true crypto cards) ~= $1.00

True crypto cards ~= $20 - $30 or more
(requires readers)

True USB crypto cards ~= $35 - $90 or more
(varies with size and features like memory)

Advanced enterprise packages > $100 / key (user) ++++++


You do the math.

You can look into Ironkey which has a nice ruggedized key that includes
LOCKED and integrated USB flash memory (not much, couple of gig).
Tamper proof (self destructs if physically broken into).  Works on Linux
and Windows.  Can be used for a lot of your dream (recurse back to my
"understand the technology" comments).  Can be "remotely locked" (part
of the proprietary drivers) if it's the enterprise edition.  I think
they just sold their hardware division off to someone else, so it may be
another name now.

Bruce Schneier likes to say "if you think cryptography can solve your
problem, you don't understand cryptography and you don't understand your
problem".  I think you need to understand what, precisely, you're trying
to do here and what, precisely, the technology is capable of in much
finer detail.  Some of what you are asking for is wrong (i.e. you don't
know how these cards work) or misinformed (you seem fuzzy on the crypto
terminology) or vague (remarks about remote storage).  It's hard to find
a solution under those criterion.

> > I've also heard that they CAN BE formatted for OpenPGP but I've
> > never done it and don't know anyone who has, but you say that's not
> > important to you.
> 
> It's not.  I use OpenPGP when I think to set it up.  I used to sign
> all my mail... I don't anymore, because nobody cares.  I used to
> encrypt mails that I sent out, but I often got the complaint that it
> was unreadable because keychains were lost or somesuch.  And besides,
> if I didn't sign it, one really cannot legally prove that I said it,
> at least with the way things sit at the moment (a federal court, if
> I'm not mistaken, recently ruled that an IP address alone is not good
> enough to identify a user on the Internet, and so anything left is
> circumstantial... well, mostly, but I digress).

> If someone really wants me to put a fill-fledged digital signature on
> something, I will.  But honestly, the last thing I used my PGP keys
> for was to sign the last release tarball for AllTray.

Ok...  As a cryptographer, that last paragraph makes no sense.  A
"digital signature" is not "full fledged" and what you are trying to do
is rife with "digital signatures".  You mean a "PGP" signature which
includes a lot of meta data.  Fact is, a digital signature is key to
everything you want to do.  You have to sign stuff.  That's HOW you know
the person has a private key.  You and them a challenge and they hand
you back the signature for the challenge signed by their private key.
You then validate that signature with their public key.  It's not "full"
it's "simple".

You take a big honking number give it to them.

They take that big honking number (plus probably some padding and nouces
and stuff to make it tougher to break) "sign it" to create another big
honking number and give it back.

You take THAT big honking number and verify it (decrypt it with their
public key) and get back the original big honking number.  They match,
they must have the private key, they're in.  It's simple.

It's worth noting that the same RSA keys at the heart of all this can be
used for PGP, SSH, X.509 certs, raw RSA (for IPsec and other things) and
many other things.  The RSA math is so simple it could be explained to a
decent high school student who has passed advanced math.

> I would personally like something like a smart card that simply has a
> built-in reader, so that you can just plug it in.  I don't want to see
> its filesystem, I don't want access to the private key, I want it to
> expose the same sort of interface that the readers themselves do.
> Alas, I haven't found any of those yet, either.

You have.  You just don't know what you are looking at.  That's exactly
what the Aladdin tokens are.  That's exactly what the OpenPGP keys are
(they have both keys and tokens but are really expensive from Germany).
AFA the "file systems" go on those keys, it's not something you would
want to look at.  It's not something you could read in the conventional
sense.  Keys like the Ironkey tokens have completely separate USB memory
and USB crypto storage areas and are not formatted the same at all.

> And I still haven't got a bloody clue on how one would get anywhere
> close to started with provisioning the damn things.

Gotcha.  You need to talk to an outfit like Ironkey.  Sounds to me like
you have a champagne taste on a beer budget, but you need to talk to the
big boys if you got a big job like this.

> Maybe I'm not smart enough for this one... or maybe I need to invent
> something that Just Works in a cross-platform manner?  Yeah, like I
> have time for that...

Or pay the money.  The Ironkey enterprise solutions are quite expensive
per user.

As they say...

You can have it cheap, working, or fast.  Pick two.  You don't get
three.

> --- Mike


-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111007/91f1c22f/attachment.bin 


More information about the Ale mailing list