Smart Card Layout and Authentication Protocol for Access Control System in Military Application

Transcription

1 Smart Card Layout and Authentication Protocol for Access Control System in Military Application Vinod Vasudevan Department of Computer Science & Engineering Indian Institute of Technology Kanpur July 2009

2 Smart Card Layout and Authentication Protocol for Access Control System in Military Application A Thesis Submitted In Partial Fulllment of the Requirements For the Degree of Master of Technology by Vinod Vasudevan to the Department of Computer Science & Engineering Indian Institute of Technology Kanpur July 2009

3 3

4 Abstract Smart card technologies are increasingly nding their foothold in the eld of security due to the exibility, relatively low cost, robust security, versatility and variety they provide as compared to other available options such as USB tokens, PCMCIA cards etc. Our attempt is directed towards harnessing this growing technology and implementing it into the Armed forces for Access Control and Management. This work is centrally aimed at designing the architecture framework for such an implementation in the Indian Navy catering to both physical and logical access. The design of such a framework is made challenging by the fact that this implementation is envisaged across a large section of users who are not only distributed geographically but also categorized distinctly in their continuously changing roles of operation. Owing to these on-ground user requirements and the exibility provided by Public Key cryptography, the design of the application was done using asymmetric keys as per SCOSTA-PKI and SCOSTA-CL specications. SCOSTA-PKI and SCOSTA-CL which are compliant to ISO/IEC 7816 set of International Standards for smart cards dene specications for carrying out symmetric and asymmetric key operations. The design for our implementation utilizes asymmetric key operations such as encryption, decryption, authentication, digital signature and certicate verication based on SCOSTA-PKI standards. Establishment of a key management system including secure key generation, distribution and maintenance form a part of the work along with card layout design and authentication protocols. Attempt was made to stick to the already existing and proven system of security management and administration so that little changes need to be incorporated for the implementation and to motivate the user to accept the new technology.

5 Acknowledgment I would like to express my sincere gratitude to my supervisor Dr. Rajat Moona for his unreserved guidance and inspiration throughout the course of this work. I thank him for the patience he has shown over extended discussions during this period. This work would not have been possible without his support, encouragement and faith bestowed upon me. A word of thanks to Dr TV Prabhakar, Dr Manindra Agrawal and Dr Piyush Kurur for being gracious enough to lend their valuable time in clearing my queries from time to time. Their encouragement and advice have been crucial to this thesis. Lt Cdr Ankur Kulshrestha has been a perfect partner and colleague in our joint eort to develop an Access Control solution for the Indian Navy. His unending persistence and dedication was inspirational. His deep insight on the implementation aspects proved critical in shaping my work. He has been a true friend and associate during the course of my stay at IIT Kanpur. I would also like to express my gratitude to Dheeraj Gedam, Anshul Data, Rahul Kulkarni and Satyam Sharma for their support and help. Discussions with them were revealing and aided as the rst level for understanding SCOSTA and PKI framework. Thanks are also due to each of my batch mates and peers not mentioned here for their continued support. A special mention of thanks goes to my wife for being a tremendous support and motivation throughout this duration. Last but not the least, it was an honour to work in a cooperative environment ii

6 with zeal and enthusiasm for which I am thankful to the sta of Computer Science Engineering department, IIT Kanpur. They have provided me all the support needed for the successful completion of the project. iii

7 Contents 1 Introduction Motivation Thesis Statement Related Work Case Studies Common Access Card (CAC) Singapore Smart Card Standard SSID Organization of Thesis Background PKI Related Operations SCOSTA-CL and SCOSTA-PKI SCOSTA-CL Basic Data Structure Security Architecture Security Attributes Security Environment Security Algorithms Security Mechanisms SCOSTA-PKI iv

8 2.4.1 PKI Related Data Structures Password and Key repository Operations supported in SCOSTA-PKI Authentication Session Key establishment Authentication with Session Key Establishment Cryptographic Algorithms in SCOSTA-PKI Additional Commands in SCOSTA-PKI Additional Support for APDU in SCOSTA-PKI System Requirements Overview of Existing Security System Distribution of Naval Establishments Personnel Involved in Various I-Card Related Activities Existing Procedure for I-Card Making Access Control Setup Issues in the Existing System Proposed Design with Smart Cards Security Mechanisms Certicate Revocation List Entry Permissions Security levels Entities of Smart Card solution ROOT CA Level 1 CA Level 2 CA Level 5 users Unit Owner v

9 3.9.6 Zone Owners Level 3 users Level 2 user User Level Normal users User level Smart Card Layout Assumptions File structure of PKI Cards Mandatory Internal Files Mandatory Application Specic Files File Structure for Various Cards Normal User Card L1CA/L2CA/Unit Card File Structure Non-PKI Cards Mandatory Internal Files Mandatory Application Specic Files File Structure for Various Cards ROOT Cards Dependent card Casual Visitor card Implementation Design Specications Various Applications Involved Procedures Involved in various Applications Personal cards I-Card making Process vi

10 I-Card Revalidation Update Certicates by a Higher Authority Card Procedure for updating Entry Permission codes I-Card Checking At Gate Read/Update Card Holder Information Change Own PIN/Password Exclusive Cards Procedure for making L1CA/L2CA/Unit card Update L1CA/L2CA/Unit Card ROOT Cards ROOT Card Making Process ROOT CA Key Retrieval Changing Root Card Holder Information Key repository Certicates on Card Data Structure for Entry Permission Conclusion and Future Scope 66 vii

11 List of Figures 2.1 A Typical File Layout System Layout for Key Management Card layout of Normal user Card layout of L1CA/L2CA/Unit Card Card Layout of ROOT Card Card layout in Dependent Card Card layout of Casual Visitor Card viii

12 List of Tables 2.1 CRT templates in SCOSTA-CL Security algorithms in SCOSTA-CL Contents of Card Holder Information File (Normal user) Contents of Card Holder Information File (Normal user) Contents of Crad Holder Information File (Normal user) Access Rights in Normal user card Contents of Card Holder Information le1(l1ca/l2ca/unit Card) Access Rights of L1CA/L2CA/Unit Card Contents of Card Holder Information File (ROOT Card) Access Rights in ROOT Card Contents of Card Holder Inforamtion File 1(Dependent Card) Access Rights in Dependent Card Contents of Card Holder Information File (Casual Visitor Card) Access Rights in Casual Visitor card Proposed Application Modules Certicates on cards EP Update eld content ix

13 Chapter 1 Introduction Security, be it physical security or logical security, is a term synonymous to the Armed forces. Continuous eorts are being made in the direction to achieve utmost security and Armed Forces across the globe have channelized tremendous resources towards this goal. This work is a small step in line with these eorts and has been appreciated to be necessary and urgent in the present scheme of security requirement in the Indian Navy. The Indian Navy at present has a system in place for management and implementation of physical and logical access control. However, since this existing setup is predominantly based on human interactions and is prone to errors, smart cards are being looked into as an alternative solution to plug loopholes in the prevailing setup. Plastic cards have grown from simple memory cards to micro processor based smart cards to super smart cards with their own key pads and display [15]. The rapid progress made in this eld of technology has seen it increasingly being adopted by varied establishments such as e-commerce, telecommunications, security applications etc. Smart card technology with their myriad advantages such as security (tamper resistance), exibility, reliability, scalability, multi-utility on a single card, maintainability 1

14 and extremely portable storage have ensured them being adopted for a variety of commercial and non-commercial applications. Keeping in line with technology, the Govt. of India has adopted and specied standards for Smart Card technology [1]. Usage of asymmetric key based cryptographic operations [22, 27] has evolved signicantly and they presently are available on smart cards. Asymmetric key cryptography involves the use of key pair consisting of a private key and a public key both of which can only be used in a one-way operation for a given algorithm. For example, if a 2048-bit RSA public key is used for encoding operation then the corresponding private key can only be used to decode that encrypted data. A key dened for encoding cannot be used for decoding operations. The private key is specic to a user and therefore is used to identify the user based on operation performed by this key. Public key, on the other hand, are in the open domain and available to anybody in the system. This key is used to encrypt data that is meant to be decrypted only by the corresponding private key held by the intended recipient. Public keys are certied by certication authority which is a third party trusted by both sender and recipient. A public key operation is, therefore, performed only after it is extracted from a certicate after verication. Key management thus forms an integral and most important part of any asymmetric key cryptographic solution. But the most elementary criteria for robust implementation of PKI solution is safety and portability of private keys. Implementation of PKI based access control system on smart cards for the Indian Navy is the most suitable solution considering the hierarchy and varied authorizations to be exercised by a large number of personnel. The Access Control Solution has a distributed approach for key generation, card making and commissioning and maintenance of central database of personnel information collated. The users involved at every stage of these processes will be required to authenticate themselves and perform their part of operation using special keys that authorize them to do so. Every activity on the smart 2

15 card is logged and maintained in a database for audit purposes. 1.1 Motivation The identity card presently being used in the Indian Navy has no formidable security feature as would be desired. It relies only on visual security features of the card for identication without authentication. The cards can easily be duplicated and used maliciously. There is a need to move ahead and catch up with the developing smart card technology that provides state-of-the-art solutions for access control and identity management. The evolution of higher levels of security on smart cards by incorporating more advanced algorithms for various cryptographic operations is propelling their increased use in the eld of e-commerce, security, research etc. The use of smart card for a single application such as banking, access control, e-cash etc. have been proven beyond any doubt. But for an organization like the Indian Navy there is immense scope to incorporate many such applications on a single card. As far as the navy is concerned, a number of applications for canteen, medical information, travel details, pay and allowance details etc. developed and managed on the same card at a later date. of the individual can be It is possible to include multiple applications on a single card with dierent levels / requirements of security. For example, in a naval scenario, the same Smart Card based I-Card can be used to gain access to a ship, purchase items from Canteen, avail facilities of a Club membership with automatic billing, access a bank account (in liaison with a bank), reserve a ticket in train (in liaison with Indian Railways) and so on. Armed forces across the world are graduating to the smart card technology and have already gone ahead to implement a number of applications mentioned above. 3

16 It is, therefore, felt that there is an inherent need for the Indian Navy to catch up with the evolving technology. Indian Institute of Technology, Kanpur has successfully undertaken work on developing SCOSTA-CL and its subsequent implementation in National ID cards, Driving license and Vehicle Registration Cards [30], e-passports etc. The institute's current endeavor to build Public key Infrastructure on the existing SCOSTA-CL and thus develop SCOSTA-PKI specications for smart card technology was one of the most motivating factors for undertaking this work. Being government machinery, it was prudent to develop this application on approved National standards and with open technology rather than proprietary solutions to ensure availability of hardware from dierent vendors and prospects of future development in a logical and smooth manner. The existence of a mandate to develop all smart card based application for government projects on SCOSTA has further strengthened the cause of undertaking this development on SCOSTA-PKI and SCOSTA-CL. SCOSTA-PKI and SCOSTA-CL standards are compliant to ISO/IEC 7816 International Standards for Smart Cards in addition to other standards like ISO Type A and B [34, 35] for card communication, ITU-T standard X.509 [14] for Public Key Infrastructure (PKI) for single sign-on and Privilege Management Infrastructure (PMI), PC/SC standards for interface to computer terminal and so on. 1.2 Thesis Statement The goal of this thesis is to design the card layout and authentication protocol for a robust, secure and scalable architecture framework for Smart Cards based Access Control and Management using Public Key Infrastructure for implementation in the Indian Navy. The card layouts and application interfaces are based on SCOSTA-PKI and SCOSTA-CL standards for smart card implementation. The work carried out in 4

17 this thesis towards achieving the above goal may broadly be classied into the following. Design of various user card layouts: Designing layouts of various cards from ROOT CA through intermediate level cards in the issuing mechanism to the end user cards held by every authorized person. Some of the smart cards like ROOT CA and Level 1 CA are specic to an application but the various levels of user cards are general purpose cards for identication and authentication with access rights dened. Design of Protocols for Authentication: The protocols for authentication between a smart card and an interface device for all operations to be performed on the card. 1.3 Related Work Smart card implementations are typically based on the ISO/IES 7816 set of international standards [2, 8]. Although these standards are elaborate and address every aspect of smart card implementations, it was considered necessary to specify some of the ner details more elaborately and do away with any ambiguity before any smart card application was undertaken by the Government of India. This reasoning led to the joint development of SCOSTA specications [1] by IIT Kanpur and National Informatics Center. IIT Kanpur also developed the rst SCOSTA compliant OS in 2001 for smart cards which was used for the National transport application. This OS was, however, limited in its functionality to the requirements of contact smart cards. The SCOSTA compliant OS was subsequently enhanced for compliance to contactless smart cards with support for secure messaging to avoid the possibility of eavesdropping. Although SCOSTA-CL is a well dened specication and caters for any kind of 5

18 smart card implementation, it does not support asymmetric key based cryptography. Lack of support for PKI implementation restricts its usage in large user base scenarios where each user might be required to perform cryptographic operations. IIT Kanpur therefore started work to redene the SCOSTA-CL specications to incorporate PKI functionalities. Initial work on dening the specications for PKI based OS was carried out in a partial level by Venkat Rao Pedapati and Simil Dutta in 2007 [19]. Although this work was not compliant to the ISO/IEC 7816 standards, their development of modular exponentiation using crypto-processor in hardware was a major contribution to SCOSTA OS development. This work was then carried forward by Aditi Gupta in 2008 [16] to develop SCOSTA-PKI specications in compliance with ISO/IEC 7816 standards. Barring a couple of functionalities, it covered detailed explanation for most of the salient aspects of PKI implementation in SCOSTA. Work undertaken by Dheeraj Gedam [17] is underway at IIT Kanpur to plug these inadequacies and complete the SCOSTA-PKI compliant OS implementation. Apart from the constant work being undertaken by IIT Kanpur on developing PKI compliant OS based on the SCOSTA specications, a number of leading companies and eminent individuals have also concentrated their eorts in this direction. Work was done by Konstantinos Markantonakis and Keith Mayes to study the signicance of public key secure channel protocols in smart cards that supported multiple applications [20]. Helena Handschuh and Pascal Paillier carried out detailed analysis of the performance of smart card arithmetic crypto-processors with respect to some of the major public key cryptosystems [29]. 6

19 1.4 Case Studies This section includes a couple of case studies on similar implementation in government agencies across the world. The smart card technology has been used for varied purposes and the acceptance of this evolving eld indicates its potential to grow Common Access Card (CAC) CAC are smart card based identity cards issued by the United States Department of Defense to its personnel [32]. The DoD established a system which included electronic messaging, network identication and authentication (I&A) services, personal identication, electronic commerce functions, and physical access based on these cards. The CAC cards have been issued to serving military personnel, selected reserved personnel, civilian employees, non-dod government employees and state employees of National Guard and selected contractors. More than 1000 decentralized card issuance facilities have been set up by DoD across 27 countries and 2000 workstations which collectively have issued more than 17 million smart cards at the rate of approximately 10k cards per day [32]. The main motivation for adopting such a technology was to ensure information assurance and thus reduce the possibility of fraud related to identity management. The physical and logical access security was expected to open up the possibility of e- commerce and in the long run reduce paper work and transaction time thus improving the overall eciency of the system and cost reduction. Commercially O-The-Shelf (COTS) products were taken and twisted as per DoD requirements to manage cost constraints. Major challenge faced for this implementation was to seamlessly integrate ge- 7

20 ographically distributed and rewall protected military networks without hampering network performance. Establishment of a robust PKI based identication system for such a large user base over the internet is essential and challenging for exchange of sensitive information. Last but not the least, the users have to be educated and trained for migration from old system to the new smart card based system. Easily accessible help desks and eective public relations eorts were thought to be critical for a smooth transition to the new system Singapore Smart Card Standard SSID Singapore has taken a pioneering approach to the implementation of smart cards as its national ID card. With relevance to this objective, it released the National standard for smart card related application termed Singapore Smart Card ID (SSID) or SS 529 standards [33]. This standard is applicable to all government based smart card applications and the associated hardware. It species the data structure layout, security and access conditions for smart cards containing personal information etc. The Singapore government has already deployed an estimated 40,000 smart card readers in government and private organizations. Two of the most important government organizations that have already deployed SS 529 SSID compliant cards and readers include the Civil Aviation Authority of Singapore (CAAS) with card holder strength of 70,000 ID cards at Chengi airport and PSA Singapore terminals with strength of 100,000 ID cards for its port employees. The implementation here is limited to identication and physical access control. Another application based on these standards is the Singpass which is an online portal for card holders to interact with government machinery. The SS 529 SSID is a National standard in line with world standards for smart 8

21 cards and therefore the Singapore government is well placed to bring in a national smart card based IDS card for every activity from access control, personnel monitoring to e-commerce and computer logging. 1.5 Organization of Thesis The rest of the thesis is organized as follows. In Chapter 2 we build a background by discussing SCOSTA-CL and SCOSTA-PKI operating system standards in brief, which essentially is the base for work undertaken. We outline the existing Security and Access Control set up in the Indian Navy in Chapter 3. We also describe various levels of users, their authority of operation and give an insight into some of the security attributes in place. In Chapter 4, we explain the various cards required to be developed for the implementation of the management of the I-Card and the data layout of these cards. In Chapter 5, we describe the various protocols for authentication and for any operation that is required to be performed on a smart card. In Chapter 6, we draw conclusion of the work undertaken and discuss its scope in the future. 9

22 Chapter 2 Background PKI is increasingly being associated with Smart Cards considering the identity and data security that this combination provides. PKI based implementations of identity establishment for a system with large user base wherein each user may perform cryptographic operations is becoming increasingly feasible. Smart Cards with their inherent qualities of tamper resistance, fast cryptographic co-processors, support for multiple-applications, in-built memory, fast and reliable card interface techniques etc. has resulted in their greater acceptance. 2.1 PKI Related Operations PKI implementation requires a key pair used in tandem to carry out cryptographic operation. The key pair includes a private key and a corresponding public key. The private key is strictly private to the allotted user while the public key is in open domain certied by a trusted Certifying Authority (CA). The operations that a PKI system supports include the following. 10

23 Authentication: Challenge-response method is the backbone for authentication to verify and conrm the identity of an entity. A private key operation is performed by an entity to prove its identity. Condentiality: The sender encrypts plain text using the intended recipient's public key. This cipher text can only be decrypted by the receiver that uses the corresponding private key. Certicate Verication: Certicate is a standard data structure used to bind a public key to an entity along with some information such as name, period of validity, algorithm etc. Certicate verication is the process of extracting the public key of an entity using the public key of the CA. The public key thus obtained is trusted by the entity to carry out subsequent cryptographic processes. Integrity and Non-Repudiation: PKI uses Digital signatures to ensure non-repudiation and integrity of the signed data. The data is signed using signer's private key after computation of its hash. The signature verication of this data is done using the signer's public key. The hash value recovered using public key is compared with the hash computed on the received data. Upon a match the receiver is assured of the authenticity of the sender and integrity of the sent data. Session Key Establishment: Asymmetric key algorithms are computationally very intensive as compared to symmetric key algorithms. It is therefore a general practice in PKI implementations to use symmetric key for condentiality and integrity purpose for large data. The asymmetric keys are then used to exchange the symmetric keys. The symmetric keys for the purpose are established for a session between the concerned entities and discarded later. The key usage is restricted to the session that created it. 11

24 2.2 SCOSTA-CL and SCOSTA-PKI The design of entire solution architecture is based on SCOSTA-CL [1] and SCOSTA-PKI [16] specications for smart card operating systems. These specications are compliant to ISO/IEC 7816 set of standards [2, 8]. SCOSTA-PKI is built over SCOSTA-CL specications to cater for asymmetric key cryptography. It species a number of data structures and asymmetric key algorithms that have been incorporated to support PKI in SCOSTA. Some of the salient aspects of these specications are mentioned below. 2.3 SCOSTA-CL SCOSTA-CL is generic specication based on ISO/IEC 7816 international standards and is dened for Smart Card implementations by Government of India. An OS compliant to these specications support symmetric key cryptography in contact and contactless cards. Some of the salient aspects dened by SCOSTA-CL are as follows Basic Data Structure MASTER FILE DEDICATED FILE ELEMENTARY FILE DEDICATED FILE DEDICATED FILE ELEMENTARY FILE ELEMENTARY FILE ELEMENTARY FILE Figure 2.1: A Typical File Layout 12

25 SCOSTA-CL supports two categories of les referred to as Dedicated Files (DF) and Elementary Files (EF).The les are arranged in a tree organization with Master File (MF) as the root. Master File is a kind of DF which must exist prior to the creation of any le on the card. The Master File will have DFs and EFs as its children in the tree. The DFs can further have child DFs and EFs. The size of each of these le is static as dened at the time of creation. Data is stored in EFs in one of the following formats dened in ISO/IEC standard. Transparent EF Linear EF with xed records. Linear EF with variable size records Cyclic EFs with xed size records. Each le is referenced by a 16-bit le identier. The EFs may also have an additional 5-bit short ID. The DFs may also carry a unique name for referring independent of their location in the le system tree. Depending on the format in which data is stored in these les, it may be referenced either by a record number (1 Byte) or by a record ID (1 Byte) in case of records or as a stream of 8-bit data units Security Architecture SCOSTA-CL species access control mechanisms for command and data in compliance to ISO/IEC , ISO/IEC and ISO/IEC standards. It supports security specications at global level, le specic level and command specic level. The security denitions for a card are specied using the following mechanisms. 13

26 Security Attributes Security Attributes of a le are specied in the FCP using Access Mode byte and Security Condition bytes as described in ISO/IEC The AM and SC bytes for a le can be specied either in Compact format or in Expanded format. Security attributes of commands can only be specied in expanded format Security Environment Security attributes may refer to certain security conditions for access control. These conditions are dened in a data structure known as security environments. In SCOSTA- CL the security environment denitions can be stored in a separate EF or in the FCP of a DF. A security environment, as per SCOSTA-CL, is dened using Control Reference Templates (CRT). These CRTs [Table 2.1] are used to dene the conditions and requirements for various card operations. CRT Condentiality Template (CT) Cryptographic Checksum Template (CCT) Authentication template (AT) Digital Signature Template (DST) Hash Template (HT) Remarks Encryption and Decryption. Cryptographic Checksum computation and verication of INTERNAL, EXTERNAL and MUTUAL AUTHENTICATION Digital Signature computation and verication. Hash computation Table 2.1: CRT templates in SCOSTA-CL 14

27 Security Algorithms SCOSTA-CL compliant OS supports various algorithms [Table 2.2] for message digest, condentiality, integrity and authentication. CRT Template to which applicable CT CCT CCT AT (AUTH) AT (AUTH) HT Algorithm 3DES (Enc and Dec) 3DES based CBC Residue (CC Computation and Verication) ISO/IEC Algorithm 3 for MAC using 3DES 3DES based challenge response ISO/IEC Key Establishment Mechanism 6 using 3DES SHA-1 as dened in FIPS-140 Table 2.2: Security algorithms in SCOSTA-CL Security Mechanisms SCOSTA-CL compliant OS supports security mechanisms in compliance to ISO/IEC These security mechanisms include PIN/Password for user authentication, entity authentication (INTERNAL, EXTERNAL and MUTUAL) using keys, data integrity by cryptographic checksum computation and verication, data encipherment and decipherment mechanisms, Hash computation and Secure Messaging to ensure integrity and condentiality during data exchange. 2.4 SCOSTA-PKI SCOSTA-PKI is built upon SCOSTA-CL, and therefore, specications dened in SCOSTA- CL are subset of SCOSTA-PKI. SCOSTA-PKI species additional requirements for PKI 15

28 implementation on smart cards. A SCOSTA-PKI compliant OS supports asymmetric key cryptography only if certain data structures are present in the card PKI Related Data Structures As per SCOSTA-PKI asymmetric key cryptography will be supported on the card only if following data structures are present in the card. Directory of Application (EF.DIR): EF.DIR is an internal transparent elementary le under the Master File and is identied by a pre-dened le identier 2F00. It contains a list of applications supported by the card stored in pre-dened templates. These templates indicate the application ID and some other information along with path to the corresponding DF.CIA. Cryptographic Information Application (DF.CIA): DF.CIA is a directory le of all cryptographic information pertaining to an application. These cryptographic information are stored in various elementary les under the DF.CIA. CIA Information le (CIA.Info EF): CIA.Info le is a mandatory le in DF.CIA (File ID 5032) that contains information about the card and its capabilities as specied in ISO/IEC [9]. The mandatory elds within this le indicate version number and card characteristics. Object Directory le (EF.OD): EF.OD is a mandatory le under DF.CIA (File ID 5031) that contains references to other CIO EFs of the application. CIO Directory les: These les under the DF.CIA are all optional, transparent and for internal use by the OS. They store cryptographic information that refers to actual cryptographic objects like keys and passwords which are themselves stored in some other elementary les. 16

29 2.4.2 Password and Key repository The directory les reference the Password and Keys, for the application, stored in dierent EFs. SCOSTA-PKI denes a format for storing the keys in their respective les whereas PINs and passwords are stored as per SCOSTA-CL specications. There can be upto 31 records in each repository le with each record containing one cryptographic object Operations supported in SCOSTA-PKI SCOSTA-PKI species certain aspects of PKI operations that a compliant OS must support. Some of these operations that require explicit mention are as follows Authentication SCOSTA-PKI supports two algorithms for authentication (INTERNAL/EXTERNAL/MUTUAL), one being a digital signature based and other being encrypted challenge response based algorithm. Either of these algorithms can be implemented on smart cards. Authentication (INTERNAL, EXTERNAL and MUTUAL) based on these algorithms may broadly be explained as below. Signature based authentication: In this algorithm, a challenge is sent to the entity to be authenticated for its signature. The authenticating entity upon receiving the signed challenge veries the signature using the signer's public key. It then compares the value obtained from signature verication with the hash computed on the previously generated challenge. If they match then only the entity is considered authentic. 17

30 Encryption based authentication: In this algorithm, the entity to be authenticated is issued with a challenge encrypted with its public key. This challenge is decrypted by a user holding the corresponding private key and sent back to the authenticating entity. The authenticating entity compares this response with the previously generated challenge. If they match then only the entity is taken as authentic Session Key establishment The computationally intensive asymmetric key based cryptography often establishes a symmetric session key to exchange large encrypted data items [22, 27]. SCOSTA-PKI species a mechanism to establish session key using asymmetric key pairs. The session keys are symmetric keys and may be used for condentiality, integrity or authentication mechanism based on TDES symmetric key cryptography. SCOSTA-PKI species establishment of at least two session keys during a session one for condentiality and other for integrity. Multiple session keys may exist provided they are derived for dierent purposes Authentication with Session Key Establishment SCOSTA-PKI species algorithm for asymmetric key based mutual authentication along with session key establishment. This process generates at least two session keysone for condentiality and another for integrity. The session keys generated thus are for symmetric key use. The condentiality key may be used for encryption, decryption and secure messaging. The integrity key may be used for computation and verication of cryptographic checksum and for secure messaging with message integrity. 18

31 2.4.4 Cryptographic Algorithms in SCOSTA-PKI In addition to algorithms specied by SCOSTA-CL specications, SCOSTA-PKI also supports asymmetric key based algorithms for condentiality, digital signature, authentication and session key derivation. All symmetric key based operations in SCOSTA- PKI are carried out as per TDES algorithm specied in SCOSTA-CL and all asymmetric key based operations are carried out by RSA algorithm Additional Commands in SCOSTA-PKI Some commands of SCOSTA-CL have been suitably enhanced to handle the PKI functionality. These enhancements were essentially made in the command headers to represent PKI related information. ENVELOPE: In SCOSTA-PKI, the ENVELOPE command is supported and is used for transmitting a command APDU in T=0 protocol for extended Lc eld as dened in ISO/IEC [2] and ISO/IEC [3] standards. GET CHALLENGE: A smart card generates a challenge when a GET CHAL- LENGE command is issued to it. This challenge is either in cipher text or plain text depending on the algorithm specied in the command. Ref: ISO/IEC for INS = `0x84'. INTERNAL/EXTERNAL/MUTUAL AUTHENTICATE: These commands carry out the authentication of entities and can specify the algorithm to be used for authentication. Ref: ISO/IEC for INS = `0x88' MSE SET for key derivation: MSE SET can be used for key derivation and setting of other SE parameters as dened in SCOSTA-CL specication. MSE 19

32 SET operation can be used to establish symmetric session keys using asymmetric keys. Ref: ISO/IEC [4] for INS = `0x22' PSO ENCIPHER: This operation deciphers the data transmitted in the command data eld and returns the plain text as response. Ref: ISO/IEC [7] for INS = `0x2A'. PSO DECIPHER: This operation enciphers the data transmitted in the command data eld and returns the cipher text as response. Ref: ISO/IEC [7] for INS = `0x2A'. PSO COMPUTE DIGITAL SIGNATURE: A digital signature is computed by using an algorithm that takes the hash of the message as input and computes the digital signature on it. Ref: ISO/IEC [7] for INS = `0x2A'. PSO VERIFY CERTIFICATE: Certicate verication is carried out by issuing this PSO command. A certicate in X.509 format is passed on to the card in data eld of this command to verify the certicate information. Ref: ISO/IEC [7] for INS = `0x2A' Additional Support for APDU in SCOSTA-PKI SCOSTA-PKI species support for extended length formats for Lc and Le in command APDU as elaborated in ISO/IEC This change in format from SCOSTA-CL is required to handle large data in commands of sizes greater than 255 bytes. PKI cryptography involves handling X.509 certicates and RSA keys in RSA algorithms that are usually larger than 255 bytes. The design of this implementation is based on RSA keys of 2048 bit size. 20

33 Chapter 3 System Requirements The Indian Navy infrastructure is geographically distributed with huge complexity of the system. The I-Card must work across such infrastructure and must provide enhanced security. 3.1 Overview of Existing Security System The Indian Navy is a large organisation that comprises of various establishment, units, oces, aoat ships and vessels, platforms, stations, controlled areas including residential areas spread over across the country. We refer to such establishments as units. Identication and verication of personnel requiring access to any of these units is done manually by checking the I-Cards issued to the person. Instead of technology, there is excessive reliance on manual verication methods that are susceptible to errors due to fatigue, loss of concentration and inability to verify persons when approached in large numbers. In the prevailing security scenario, a requirement exists to improve and augment 21

34 the existing procedure by a Smart Card based system for authentication and Access Control. There is a nagging need felt to plug the loopholes in the internal security system and adopt new technologies for the purpose. 3.2 Distribution of Naval Establishments The Indian Navy has its operational, training and administrative establishments spread across the country with the main concentration of personnel and infrastructure being in Mumbai, Vishakhapatnam, Kochi, Delhi and Port Blair. Additionally, there are an excess of two hundred units spread across the country which also need to be brought under the realm of a central and standard identication and verication system for access control. 3.3 Personnel Involved in Various I-Card Related Activities There is a well dened hierarchy of operation for smooth and accountable execution of responsibilities in various branches of the service. The maintenance of internal security, including I-Card issuance and management, is the responsibility of personnel in the Provost branch of the Indian Navy. Various personnel involved in the process of I-Card related activities may be classied as below. I-Card Making Authority: The senior-most serving ocer of the Provost branch, referred to as Naval Provost Marshal, is the I-Card issuing authority responsible for all I-Cards made in the navy. The signing authority, referred to as Commander-at-Arms, is the person who actually makes all cards and signs each 22

35 of them on behalf of the card issuing authority. There is one such ocer at all card making locations. Regulating Authority: The regulating authority consists of personnel who are in charge of all I-Card related management and security issues. They collect personal information for I-Card and distribute the cards to the card holder. Subsequently, they are responsible for ensuring safety of these cards by conducting regular inspection of cards and card holders in their respective units. Every unit has an ocer, referred to as Regulating Ocer, who is in charge of security management of the unit including matters concerning I-Cards of personnel of that unit. The Regulating Ocer is assisted by a hierarchy of personnel to help in his duties which include reporting loss of I-Card, checking I-Cards for damage and misuse, verify the identity of card holder along with the validity of cards at regular intervals etc. 3.4 Existing Procedure for I-Card Making I-Cards are made only at designated locations under strict control. A person may apply for making a new I-Card if he is a new recruit or if he got promoted or lost/damaged his old I-Card. Dierent users carry dierent I-Cards depending upon whether he is a Naval person, civilian employee, Security personnel, dependent, casual visitor or part of support system in residential areas. The card issuance procedure is more or less similar but the authorities involved may be dierent. In case of service personnel, printing of I-Cards is done centrally at one place. These cards are paper based I-Cards with visual features like watermark [38] and guilloche pattern [39]. Strict accountability and control is maintained over the printed blank cards. They cards are distributed to the card issuing units in Mumbai, Kochi 23

36 and Vishakhapatnam as per their requirements. To make a new I-Card for service personnel, a request is made to the Regulating Ocer of the unit. All details to be reected on the new I-Card along with photograph are furnished in this application which is carefully scrutinized by the head of the applicant's department and Regulating Ocer. The Regulating Ocer forwards this request to the relevant card issuing unit which prints the personal details on the blank card and sends it back to the unit for card personalization. The unit upon receiving this card gets the applicant to furnish his signature and nger print on the card. This completed document is sent back to the card issuing unit which is now signed by the card signing authority with his name and designation. A record of the new card is also made in their archive. The card is laminated and sent back to the unit where the regulating Ocer issues it to the applicant after the old or temporary I-card is revoked. All other I-Cards for Civilian Employees, Dependents and support sta are made and issued by the Regulating Ocer designated for various units. The printing of these cards is done locally and are held with the regulating ocer under his responsibility. Every individual applies for an I-Card with his personal details and photographs which is scrutinized carefully by the regulating sta. The personal details are printed on blank cards and signed by the Regulating Ocer. Control on these cards is maintained by issuing them with limited validity. Temporary I-Cards for defence personnel may be issued in case they are not in possession of a permanent I-Card. These cards are issued to personnel undergoing training or to those who have lost or damaged their permanent I-Card. The procedure for making a temporary I-Card is similar to making the Civilian employees cards as mentioned above. 24

37 3.5 Access Control Setup The prevailing system for access control heavily relies on manual methods of identication and verication. Every individual required to gain physical access presents his I-Card to a sentry at the gate for identication. The sentry visually identies this person based on the photograph carried on his I-Card. The procedure remains unchanged even in case of high security conditions. The movement of personnel at entry/exit points to high security areas is manually logged in registers which makes then very cumbersome for reference in future. As far as logical access control is concerned, there is no established concept of logical access control to the Naval network or any computer. At best these assets are protected by passwords. 3.6 Issues in the Existing System The existing system as explained above has a number of weaknesses which need to be taken care of for enhanced security. They are enumerated below. There is accountability on issuance of I-Cards by the I-Card issuing unit. But there is no mechanism to check the presence of a malicious card in the system. The security attributes on the present cards are all visual and easily replicable. A duplicate card can be easily made. Physical access to a unit is entirely dependent on the manual identication carried out by sentries. Failures due to human error, fatigue and trac handling during peak hours are an alarming bottleneck. No concept of a well dened logical access control. 25

38 System has no mechanism for authenticating an entity. The holder of the paper based I-Card with noticeable visual security feature such as photograph is always considered authentic and granted access. 3.7 Proposed Design with Smart Cards The shift from paper based I-Cards to Smart Cards in line with the prevalent technology is likely to improve the security situation considerably. The entire implementation shall include setting up of hardware and software at all applicable locations as per implementation plan. Every user issued with a smart card will be allowed physical or logical access only after he has been correctly authenticated by the system. Hand-held or wall mounted devices would be used to read and authenticate smart cards at gate for physical access and IFDs at computer terminals for logical access. Dierent types of smart cards are required to be designed in this solution to cater for key management and dierent users in the hierarchy. In addition to a number of advanced visual security features that various technologies such as hologram, laser dots etc. provide, the smart cards will also incorporate high level security for authentication in electronic form with optional biometric verication. This is achieved in the following manner. PKI based implementation for authentication, digital signature and condentiality for user holding unique set of keys. Knowledge based authentication mechanism for individuals by means of PIN/Password. Optional enhanced security feature for logical access by using biometric verications. 26

39 Card stores the information of units, access to which is permitted to the cardholder (Entry Permissions). Only certain users with pre dened permissions on card can change card information Each card will carry two public-private key pairs that would be used for all asymmetric key based operations performed by the card. The authority to perform these operations is assigned based on the key usage information stored in certicates held by the card. A detailed key management plan for the PKI implementation has been designed which elaborates on all entities and operations performed by them. Details of the entities involved and their roles are described later. It is proposed to implement a distributed database with a system to manage all user information and access logs. This data could be made available to authorized users. The central server will refer to this database for data update every time a relevant data is modied or log is obtained. Industrial strength encryption techniques such as RSA, triple DES or AES will be used for storing data. Based on CRL alerts received from any unit, the central server would disseminate lost card information to all other units through CRL updates and globally shared database. 3.8 Security Mechanisms The security mechanisms in line with user requirements that can be implemented using these cards have been described in following paragraphs. 27