strong authentication infrastructure requirement: trusted input devices national id workshop...
DESCRIPTION
The Problem 11/27/013 Hi, I’m Bill Gates, Would you please give me access to my bank account ? Password / PIN (PC) Sure, Trust Me! SMARTTRANSCRIPT
Strong AuthenticationInfrastructure
Requirement: Trusted Input Devices
National ID WorkshopCarnegie Mellon UniversityNovember 28, 2001Lark M. Allen / Wave Systems
The Problem
Personal Computers are untrusted devices Input, processing, and output cannot be protected or
hidden from interception, observation, and hacking
Therefore: Authentication processing in PCs cannot be trusted, regardless of the identity tokens utilized
11/27/01 2
The Problem
11/27/01 3
Hi, I’m Bill Gates, Would you please give me access to my bank account ?
Password / PIN
(PC)
Sure, Trust Me!
SMART
EU Is Addressing the Problem
France: 1999 Cyber-Comm specification for trusted smart card readers for consumer usage Banks, Credit Card and Smart Card Companies Authentication of smart card and keypad input
performed in reader Secure output – LCD display on reader
EU: July, 2001 FinRead specification for trusted reader devices Banks, Governments, Technology Companies Programmable, multi-application/services platform
through Java applets Global Trust Authority as source of trust for system Integrated services business model for deployment
11/27/01 4
EMBASSY Trusted Client Systems
Processor
Memory
Interfaces/Storage
Clock
Crypto
MusicDRM
Digital Signature
Video PPV
Trust Assurance Network
Digital Signature
Digital Signature
Music DRM
MusicDRM
Hard Disk
Digital Signature
Video PPV
Video PPV Application
EMBASSYCHIP/
Trusted OS
MusicDRM
‘Sovereign and Protected Place in a Hostile Territory’
Strategic: Independent Trust Domains
EMBASSY Device Trust
Domain
Shared, Multi-PartyTrusted Devices
SERVICE CTrust Domain
Applet CApplet B
SERVICE BTrust Domain
SERVICE A Trust Domain
Applet A
StrongAuthentication
ContentProtection Services
Delivery
E-CommercePrivacy
Protection
PlatformSecurity
SecurePeer-Peer
ConditionalAccess
DistributedTransactions
Secure Applets
Trusted Operating System
EMBASSY Trusted Client Chip
Trust Assurance Network
Developer Kits
EMBASSY Trusted Client Applications
EMBASSY-enabled Devices• PC USB secure input devices• Interfaces to support multiple inputs:
• Key matrix• Smart cards• LCD - output• Biometrics• GPS• Mag stripe• Serial devices
• Keyboards (Samsung, PC OEMs)• Smart Card Readers (SSP/Litronics,
SCM, Securelink/CPS)• PC/SC and EMV-Compliant• New platform for services and
security applications to PCs