Secure internet smartcards

Abstract

Smartcards have traditionally been isolated from computer networks, communicating exclusively with the host computers to which they are attached. As a result, users can only use smartcards on local hosts. This can be disturbing in typical office environments, where a user has multiple workstations, or uses remote workstations as well as local ones. The most straightforward way of addressing this problem would be a remote smartcard access mechanism that allows users to use remote smartcards as if they are local. However, there are two issues that are incurred by going remote, i.e., security and naming. Communication between an application and a smartcard goes through the Internet, and can be sniffed. Also, if a smartcard is identified by the name of the host, the smartcard’s name changes every time it moves from a host to another. In this paper, we describe middleware that solves these problems. Our work extends the Internet infrastructure for smartcards, which has recently been developed by Guthery et al. [9] and Rees et al. [20]. It addresses the security problem by encrypting communication with the session key established by the Simple Password Exponential Key Exchange (SPEKE). As a result, it is secure against off-line dictionary attack and man-in-the-middle attack. It also provides convenient naming by embracing the domain name service. We have implemented two applications, Kerberos and SSH, on this infrastructure to illustrate its usability. Thanks to the object oriented programming mechanisms of Java Card and the UDP based interface of the infrastructure, it is straightforward to implement such applications. The performance of this system is less than ideal, as it takes more than 10 seconds to complete an authentication session.