Presentation is loading. Please wait.

Presentation is loading. Please wait.

Some Perspectives on Smart Card Cryptography

Published byErika Heath Modified over 9 years ago

Similar presentations

Presentation on theme: "Some Perspectives on Smart Card Cryptography"— Presentation transcript:

1 Some Perspectives on Smart Card Cryptography
Burt Kaliski, Chief Scientist RSA Laboratories SCIA IC Card & System Security Meeting November 16–17, 1998 RSA Data Security, Inc.

2 Introduction The emerging world of e-commerce depends on security services: user authentication key distribution data integrity and confidentiality digital signatures / nonrepudiation Smart cards and cryptography are helpful tools for implementing these services © RSA 1998

3 Smart Cards and Cryptography
Smart cards carry the keys, perform cryptographic operations ideal for “personal” cryptography Other tokens also considered in many designs: PC cards palmtops © RSA 1998

4 Cryptography Choices 1. Public key vs. symmetric 2. Algorithms
3. Protocols © RSA 1998

5 Public Key vs. Symmetric
A classic choice: scalability vs. speed symmetric cryptography up to 100x faster but management of public keys much easier Open system or closed? Benefits can be combined © RSA 1998

6 A Hybrid Approach Registration with public-key cryptography:
smart card establishes symmetric key via server’s public key User authentication, key distribution, data protection with symmetric key Digital signatures combine public-key cryptography with hashing © RSA 1998

7 Public-Key Algorithms
Three families considered in standards: discrete logarithm (DL): Diffie-Hellman, DSA, MQV elliptic curve (EC): analogs of DL integer factorization (IF): RSA, RW Tradeoffs in key and data size, security, speed © RSA 1998

8 Symmetric Algorithms Encryption algorithms:
DES, triple-DES, AES “exportable” alternatives Integrity-protection algorithms Hash functions Tradeoffs primarily in security, speed © RSA 1998

9 Protocols Many to choose from for each service Examples:
time-based vs. challenge-response user authentication key transport vs. key agreement Tradeoffs in algorithms supported, number of messages © RSA 1998

10 Implementation Considerations
Many kinds of physical attacks to contend with, beyond the cryptography: timing analysis power analysis reverse engineering Logical attacks especially of concern in multi-application environments © RSA 1998

11 Crypto-Coprocessors Cryptographic operations in smart cards are often accelerated with coprocessors typical: modular exponentiation All three families can be accelerated with a modular arithmetic coprocessor RSA (mod n) DL, EC over GF(p) for odd p What’s in a coprocessor today may be standard tomorrow © RSA 1998

12 RSA Cryptography Cryptographic operations based on the RSA algorithm
PKCS #1, IEEE P1363, ANSI X9.31, X9.44 (draft) standards Key pair generation, encryption / decryption, signature / verification Example times given for several smart card chips most with 8-bit CPUs, coprocessors © RSA 1998

13 Key Length Typical RSA key length: 1024 bits
Security about 280 against best methods comparable to 160-bit ECC, 80-bit symmetric in terms of operations … but RSA-breaking methods require much more memory © RSA 1998

14 Private-Key Operations
Signature generation and decryption with private key (n,d): y = xd mod n with Chinese Remainder Theorem: yp = xd mod p-1 mod p yq = xd mod q-1 mod q y = [(yp-yq)q-1 mod p] q + yq Typical: two 512-bit modexps ms on example smart cards © RSA 1998

15 Public-Key Operations
Signature verification or encryption with public key (n,e): y = xe mod n e = 3, 17, common Typical: a few 1024-bit modmults 5-265ms on smart cards with e = 216+1 except in two cases,  50ms coprocessor not needed for small e © RSA 1998

16 Key Pair Generation Public key (n,e) Private key (n,d)
where n = pq de  1 mod lcm (p-1, q-1) Typical: two 512-bit prime generations est seconds on examples © RSA 1998

17 Key and Data Sizes Nominal: about 1024 bits for signature, ciphertext, public key (+ e); 2560 bits for private key But many optimizations available: 100 bits for private key with seed, offsets bits overhead for signatures with message recovery © RSA 1998

18 Example Timings Source: H. Handschuh and P. Paillier, “Smart Card Crypto-Coprocessors for Public-Key Cryptography,” RSA Laboratories’ CryptoBytes, Summer 1998 ( © RSA 1998

19 RSA and ECC Advantages ECC advantages RSA advantages
signature generation / decryption speed key pair generation speed key agreement, forward secrecy key and data sizes GF(2m) option RSA advantages signature verification / encryption speed certificate-based key management parameter generation speed (none) security analysis For more reading: M.J. Wiener, “Performance Comparisons of Public-Key Cryptosystems,” RSA Laboratories’ CryptoBytes, Summer 1998 ( © RSA 1998

20 Interfaces and File Formats
Interoperability is more than just the same algorithms and protocols Other aspects to consider: physical interface (ISO 7816) programming interface (PKCS #11) information formats (PKCS #15) © RSA 1998

21 PKCS: The Public-Key Cryptography Standards
Informal, intervendor specifications Coordinated by RSA Laboratories, developed with the cryptography community More information: © RSA 1998

22 PKCS #11 / Cryptoki Programming interface for cryptographic tokens
“Logical token” has objects, operations, access rights, independent of physical implementation Currently v2.01, revision in progress © RSA 1998

23 PKCS #15: Information Formats
Common formats for cryptographic objects file formats in case of smart cards Coordination with several groups: WAP Forum DC/SC Forum SEIS (Sweden) Draft available for comment © RSA 1998

24 Conclusions Smart card security has many choices
RSA cryptography a practical solution Interoperability also includes interfaces, file formats © RSA 1998

Download ppt "Some Perspectives on Smart Card Cryptography"

Similar presentations

Revised 08/16/1999 IEEE P1363: Standard Specifications for Public-Key Cryptography Burt Kaliski Chair, IEEE P1363 August 17, 1999.

Revised 08/16/1999 IEEE P1363: Standard Specifications for Public-Key Cryptography Burt Kaliski Chair, IEEE P1363 August 17, 1999.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
7. Asymmetric encryption-

7. Asymmetric encryption-
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.

Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.

Similar presentations

Ads by Google