Reduce the risks
Your company might still consider smart cards to be a futuristic technology. To help make them a present reality, Windows 2000 (Win2K) will offer highly integrated support for smart cards. In this article, I introduce you to smart cards, show you why they're important, and explain how they work and how to start using them in Win2K. Specifically, I show you how to set up smart-card-based logon using Gemplus' GemSAFE smart card and GCR410 smart card reader. But smart cards aren't perfect, so I also show you some of their inherent risks.
Smart cards enable public key infrastructure (PKI), which in turn facilitates e-commerce. PKI lets you achieve a level of trust for electronic transactions that equals or surpasses that of the paper- and signature-based world. PKI can provide message integrity, privacy, and nonrepudiation. You can't deny you sent a message if you've signed it with your digital certificate because your public key verifies your signature. If a public key successfully verifies a signature, the only person who could have sent the message is the person with the private key. (For more information about PKI and public and private keys, see "Related Articles in Windows NT Magazine," page 87.) The cornerstone of PKI security is that the private key associated with a digital certificate must remain private. An intruder can use a private key to easily forge transactions.
How Smart Cards Work
Smart cards protect private keys, which are so crucial to PKI. Without smart cards, private keys reside on the local workstation, where they're vulnerable to intruder and physical-access attacks. When you store your certificate on a smart card, the processor inside the smart card generates the corresponding private key directly and permanently inside the smart card. The smart card processes any information that you need to encrypt by using your private key.
This procedure might sound impractical if you need to encrypt and email a file of several megabytes—how can a smart card's relatively slow resources accomplish that encryption? Because, in keeping with PKI's strategy, you don't encrypt actual data with private and public keys. Instead, the system generates a much faster symmetric session key to encrypt the file. The system sends the session key and the file, which the smart card first encrypts with the private key. The recipient decrypts the session key with your certificate's public key, then decrypts the data. This way, you're pushing a fairly small amount of data through the smart card.
Smart cards also let you take your private key with you. If you move from one workstation to another without a smart card, you might not have access to your certificate, depending on the PKI software you're using. With a smart card, however, you can go to any system that has a smart-card reader and log on, initiate transactions, sign and encrypt email, and so on. Eventually, when truly public PKI exists, you might perform the same actions at Internet kiosks in an airport. By sequestering the private key within the smart card, you sidestep many risks. In "Protect Your Passwords," October 1998, I described the many ways to steal Windows NT passwords that are stored on the local system. As intruders turn their attention to PKI, I anticipate similar incidents of intruders stealing locally stored private keys.
Smart cards also reduce password risks. Users often neglect to create quality passwords; therefore, intruders can easily guess those passwords. Passwords are also vulnerable to network eavesdropping and intruder programs. Smart cards provide much stronger two-factor authentication: The user must physically have the smart card and must know the card's personal identification number (PIN). Even when a user misplaces the smart card, an intruder has only a few chances to guess the correct PIN before the smart card permanently locks itself. As soon as the user reports the lost card, the PKI software can revoke the certificate and render it invalid even if the intruder discovers the PIN.
Smart cards are tamper-resistant—you can't cut them open and physically extract the private key, and you can't copy them like their magnetic-strip forebears. Additionally, smart cards are human-friendly: We're conditioned to trust and carefully handle credit cards and automated teller machine (ATM) cards, and we're accustomed to using a PIN. User acceptance of smart cards is crucial to making universal PKI a reality. (For more information about the advantages—and disadvantages—of smart cards, see the sidebar "Smart Cards or Dumb Cards?")
NT doesn't offer built-in smart card support, but you can add the support with products such as GemSAFE. After you install the product, you can use the smart card for secure emailing and Web browsing. Also, applications that support PKI standards can then use smart cards for encryption or digital signatures. For example, Microsoft Office 2000 lets you digitally sign Microsoft Word macros, and Adobe Acrobat 4.0 supports digital signatures. Win2K embraces PKI and smart cards at the OS and directory levels, thus facilitating universal usage throughout the system. With Win2K, you can use smart cards for logon, email encryption, on-disk file encryption, Web access, and more.
Previous
Register
