advances of usb strong authentication tokens · bank = aol ? “demonize-t” ... one time password...
TRANSCRIPT
Giesecke & Devrient
Advances of USB Strong Authentication Tokens
Michael PoitnerDirector New Business
CTST 2009New Orleans, May 5th, 2009
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 2 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Table of Contents
Secure USB Token – A new smart card form factor
Threats, Attacks and Security Measures
Functions and Applications for secure USB Token
New use cases for strong authentication token
Smart card features of secure USB Token
Features of Starsign Mobility Token Classic
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 3 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Secure USB Token - A new ‘smart card’ form factor
Smart Cards Secure USB-Token
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 4 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Table of Contents
Secure USB Token – A new smart card form factor
Threats, Attacks and Security Measures
Functions and Applications for secure USB Token
New use cases for strong authentication token
Smart card features of secure USB Token
Features of Starsign Mobility Token Classic
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 5 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Man-in-themiddle attacks
DNSSpoofing
Passwordsniffers
Phishing
Pharming
HijackingRerouting
ID Theft costs user $500 and 30 hours per
incident (US FTC)
$5.000.000.000 in remote payment fraud
Liability can be shifted to issuing
banks… how will they pass-on the losses?
Phishing successful 5-10% of the time
Crack once, use everywhere Yahoo = Lotus ? Bank = AOL ?
“Demonize-T”Trojan horse
forwards password keystrokes to
hacker websites
70% of users would “trade their
password for chocolate”
Increased numbers of active
phishing sites 27000 in June 07
Threats while using the Internet
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 6 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Typical Types of Attacks against Smart Cards and USB Token
Physical manipulationUltra-High/Low
TemperatureRadiation (Light, Radio,
X-Ray, α-/β-/γ-Ray)
Logical attacksPIN retry
SPA/DPA/TimingSide channel
Electrical stimulation and analysis
VoltageSpikes
Frequency
Inspection and Reverse-engineeringProbingGrinding
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 7 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
The highest level of security can be only achieved with the combination of Hardware and Software Security
Proprietary CPU (features), layout scramblingUltra-small semiconductor structures (below 0,18 μm)Fuses, counter measures against power and timing attacksActive metal shields, hidden structures, non-metal connectionsEncrypted memory, ROM, hidden structures, encapsulated EEPROM cells, MPU, MMUScrambled, hidden and encrypted busses, Random wait statesSensors (Voltage, Spikes, Frequency, Light, Temperature,...)True Random Number GeneratorsCrypto-coprocessors (DES, AES, RSA, Elliptic Curves)
Secure software layersIdentification (PIN, Biometrics)System-AuthenticationSecure (encrypted) MessagingLog filesState machine (Security state, Card Life Cycle)Use of True Random Numbers (Key generation, Authentication, ...)Symetric/Asymetric cryptography (DES, AES, RSA, Hash, ...)Firewalls, Sandboxes (Java Card)Security evaluation, certified development/quality process
Hardware Security Software Security
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 8 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Table of Contents
Secure USB Token – A new smart card form factor
Threats, Attacks and Security Measures
Functions and Applications for secure USB Token
New use cases for strong authentication token
Smart card features of secure USB Token
Features of Starsign Mobility Token Classic
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 9 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Functions and Applications for secure USB Token go beyond classic smart card applications.
Application Smart CardSecure USB Token
User authentication and network access Secure log-on Secure VPN access Email signing/encryption Memory encryption Single sign-on Contents & rights management Biometric credential matchOptical personalisation (Picture, Name)Physical AccessOne time password calculation and displayNo driver installation ( )No administrator installationSecure Data Storage (Encryption on host)Secure Data Storage (Encryption on device)Secure Application Execution Platform (Servlets, Browser, OS, …)Auto Start
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 10 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Table of Contents
Secure USB Token – A new smart card form factor
Threats, Attacks and Security Measures
Functions and Applications for secure USB Token
New use cases for strong authentication token
Smart card features of secure USB Token
Features of Starsign Mobility Token Classic
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 11 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Use Cases of Strong Authentication Token
Classic smart card use cases (Logon,…)Secure portable identity
Use your credentials on any computerNo installation and admin rights neededApp: Remote desktop access
Secure Data StorageStore data in read-only, encrypted and public partitionsApp: Company USB-Drive to prevent data leakage
Secure Application Execution PlatformHardened browser runs from the token with a fixed URLApp: Secure eBanking
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 12 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Table of Contents
Secure USB Token – A new smart card form factor
Threats, Attacks and Security Measures
Functions and Applications for secure USB Token
New use cases for strong authentication token
Smart card features of secure USB Token
Features of Starsign Mobility Token Classic
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 13 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Typical ‘smart card’ features of a secure USB Token
Java Card 2.2.1, Global Platform 2.1.1
EEPROM: 72 - 144kByte
Asymmetric cryptography: RSA up to 2048 bits, Elliptic Curve (e.g. Suite B), DSA, …
Symmetric cryptography: DES, 3DES, AES up to 256 bits
Hash algorithms (SHA1, SHA2, MD5, RIPE MD-160, …)
Supported Interfaces: PKCS#5, PKCS#11, PKCS#12, PKCS#15, CSP for Microsoft® CryptoAPI, PC/SC 1.0, G&D GSI host library APDU interface, G&D GSI PC/SC driver, X.509 V3
Hardware certification: Common Criteria EAL 5+
Software certification: FIPS 140-2 level 3, Common Criteria EAL4+
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 14 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Table of Contents
Secure USB Token – A new smart card form factor
Threats, Attacks and Security Measures
Functions and Applications for secure USB Token
New use cases for strong authentication token
Smart card features of secure USB Token
Features of Starsign Mobility Token Classic
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 15 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
StarSign® Mobility Token Classic
Zero Host Footprint No Installation, No Admin Rights, Auto StartSecure Post Issuance Firmware UpdatePlatform for On-Token-Execution of 3rd Party ApplicationsTransparent On-Token EncryptionFlash storageSmart Card via Mini UICC plug-in for volume personalization3 partitions for read-only (CD-ROM like), private (encrypted) as well as public
No-Install/No-Admin USB-Token architectureConfigurable Flash Partitions (Read-only, encrypted, unencrypted)Flash encryption on the token
Advances of USB Strong Authentication TokenMichael Poitner, NB USMay, 5th 2009, Slide 16 of 10 Advances of USB Strong Authentication Token CTST 2009.ppt
Q&A – Contact Details
Michael [email protected]: +1-650-312-1241Mobile: +1-571-236-6942