Prepared by: Dagney Benton
Software and Computing Department, McMaster University, Hamilton, Ontario
Crypto cards are credit card sized "tokens" that contain in them a complete single-board computer that is used to secure electronic data. The Crypto Card has a built in cryptographic processor chip with key transport, encryption, and digital signature algorithms. The Digital Signature Algorithm (DSA) and the SHA-1 hash table are used together to electronically sign and verify signed data. The Key Exchange Algorithm (KEA) is used for secure, electronic key distribution. The card also uses non-volatile memory to store a random number generator that has to be identical to the random number generated by the server, under that user's login identification. The card is also mechanically and electronically tamper-evident. A Crypto Card also contains a permanent real-time clock chip with battery backup that provides 7 years of reliable and tamper-evident battery power. Also, when initializing the Crypto Card, one of the most attractive options is the Multilanguage option. The user can pick which language the Crypto Card recognizes.
The Crypto Card producers target large companies and corporations that have a large number of telecommunication systems and that may have information that they wish to keep confidential. The Crypto Card lowers the risk of sending this data across a network by encrypting all the data before it leaves the computer and enters the network. This is the major reason why large corporations find the Crypto Card so appealing. Currently, many large corporations have multiple branches World Wide, so they have many employees working on different products, or different components of the same product, all over the world. These employees may need to communicate with one another about the product so they need to get information from one branch to another over networks. The information they are transferring across the network may contain a prototype of some new product, or simply a preliminary design of a new product that has not yet been patented because of the preliminary stages it is in. However, some other company could retrieve this information off the network and steal the rights to it. By using Crypto Cards the data is encrypted across the network, so even if someone retrieves the information off the network they will not be able to use the information. The Crypto Card system is easy to implement into the corporation's security system, it simply uses a remote user management administration system. It is used to manage a large number of users and their "tokens" in multi-platform environments, such as Unix, Linux, BSD, and Windows, it has open-development support, ISDN, and dial-up and intranet environments.
The user can implement many cryptographic functions that allow them to personalize their security system to best suit their needs. Some of these functions include different encryption algorithms, sign and verify signature algorithms, and different cryptographic modes. The user can only access these functions after they have successfully entered their PIN number. Card removal automatically logs the user off the computer so no one else can access the contents of that user's computer without their card and PIN number. There are separate administrator-settable user and administrator PIN numbers, and the PIN numbers are encrypted in the card. As mentioned before, the cards are mechanically and electronically tamper-evident. Each card uses a sonically welded frame that cannot be opened without special tooling to break the welds and they cannot be re-welded once opened. They are also electronically tamper-evident, for example, when a user enters an incorrect login sequence 10 times, the card automatically locks out the user. Also, if there is an administrator login failure 10 times, the contents of the card will be automatically erased.
First, the customer purchases the required number of Crypto Card tokens, initializes them by zeroing them out so the user can put in their own PIN number, and initializes them to the server and user name that it is associated with. Then the administrator issues the tokens to the appropriate users. There is no stand-alone authentication server to purchase because the authentication algorithm can be implemented into the already existing network server. Each user has their own PIN number that is kept by the administrator, which will be used in the authentication methods. On top of the user's PIN number, the Crypto Card generates it's own "one time only password", which is a randomly generated number that is generated constantly. When the Crypto Card is put into the computer, and after the user has entered the correct PIN number, the server checks to see if the randomly generated number in the card matches the random number generated by the server. If it does match, the user can continue, if it doesn't the computer locks. If the card is the correct card for that machine, and the user is the authorized user, the card is simply not synchronized with the server. In this case, the only way the user can get into their computer is to resynchronize their card with the machine. The administrator has to give the user the number that has been generated by the server at that time, and the user inputs that number manually into the card, then the card should generate it's numbers in synch with the server again. This "one time only password", is used as it says, only one time, it is regenerated every clock cycle. There are also other security features that make it very difficult to gain access to the system, if you are not an authorized user. For example, if someone stole a Crypto Card, they would need to know that particular PIN number, they would also have to know exactly which computer it belongs to because the "one time only password" has to match the server's randomly generated number for that computer. Finally, the serial number of the card has to match the serial number given to the computer that particular card is meant to be used with.
There are many more features that Crypto Card producers wish to implement into their cards, and most of them are quite feasible within the next few years. The one that is possibly the most valuable and that would probably be the most appealing to large corporations is the "Under Duress" feature. This feature could be used if a user is being forced to do something to the system by an intruder. The user could secretly login to this mode by logging in as usual, but by putting in an "Under Duress" password, the system enters a fake operating environment. The system will run normally and do everything the user asks it to, just as it normally would. At the end of the session, it will look as though the session is completed and has been saved, but it really would not save the session, so whatever the user did to the system during that session would not affect the system. Also, Crypto Cards seem to be moving more toward general usage Smartcards, with the Crypto Card features and functions also implemented. If the Crypto Card does become a more general usage Smartcard, there could be future applications to be implemented on to the Smartcard. Biometrics could be implemented into the Smartcard, by putting someone's fingerprint into the Smartcard it will add an almost unbreakable security feature, because no one else could use that card but the authorized user. Another future application of a Smartcard of this type is to use the card not only for your computer security, but also as your building security. Security management would know who has had access to the building and if someone has been accessing systems that they are not authorized to access, security will be aware of who this person is and where they are.
In conclusion, the Crypto Card is a very secure way of keeping private information private over a network. It would also be very difficult to access the system if you are not an authorized user. I also believe that by heading toward the more general usage Smartcards with Crypto Card applications the more secure the card would be. As a recommendation of my own, Smartcard producers should implement a way of canceling cards when a user loses their card, as Banks do when a customer loses their credit card. Smartcard thieves could be caught the first time they attempt to use the card and they would not be able to gain access to the system as soon as the user has notified the administrator of their lost card. I do think this technology is a big step in securing privacy, and with the possible future applications implemented, security will keep getting better.
MR. DAN BEAUREGARD, SOFTWARE ENGINEERING AND MANAGEMENT LEVEL IV, EMPLOYEE OF CRYPTO CARD