Muscle Flexes Smart Cards into Linux
As smart cards work their way into our lives through cellular phones, stored-value and authentication systems, they will also make their way into our general computing environment. Linux provides a secure multi-tasking environment perfect for smart cards. Project MUSCLE (Movement for the Use of Smart Cards in a Linux Environment) is a virtual team of developers working to integrate smart cards, readers and security in an open fashion for the Linux environment. As the acronym implies, the MUSCLE team is trying to integrate all necessary smart-card hooks into the Linux world. See sidebar for contact information.
Several different MUSCLE projects are underway, such as an effort to integrate smart-card tokens with Pluggable Authentication Modules (PAM), interfaces for scripting languages such as Perl, and creating drivers and implementing APIs for different cards and readers. MUSCLE expects the following benefits from these activities:
Integrating smart cards into PAM will allow cross-platform authentication between an array of different operating systems.
Perl integration provides another environment for smart card use, in particular for those accustomed to the ease of string manipulation in Perl.
Standardizing card and reader APIs under Linux gives developers a common interface for integrating a wide variety of smart cards and readers with a wider variety of host computers.
Creating a Linux cryptographic API will handle cryptography for other PKCS-11 type devices as well as for smart cards.
Virtualization of the smart-card file system would allow a smart-card to be mounted as any other file system under Linux. This might allow the manipulation of the smart-card file system in an easy-to-use, familiar fashion.
Developing a means of using different biometric sensors with smart cards under Linux is another interest. Biometric fingerprint scanners such as American Biometric's hot new BioMouse and BioMouse Plus could easily make Linux the operating system of choice for high security applications such as banking.
MUSCLE posts all source code under the GPL on the web site http://www.linuxnet.com/smartcard/index.html, along with the author name, date and purpose. All code posted is covered under the GNU public license, allowing it to be freely distributed as long as the rules are followed. This is where open development occurs. For more information on the GNU public license, visit http://www.gnu.org/.
MUSCLE currently has support for the Schlumberger Reflex 62 and 64 card readers. These readers rely on the serial port for data communication and get their power from the keyboard or mouse port. The current drivers support all of the necessary functionality of the Reflex 62 and 64 readers, including PIN verification (Reflex 64 only). These drivers rely on the termios library for serial functionality and can be placed on any Com port. Currently, all Schlumberger CryptoFlex card functionality is supported, including ISO-7816 functionality and cryptographic functions (file reading and management, RSA signing, key and PIN verification, authentication, seek and other administrative functions).
Public interest in smart cards will spur technology growth and increase the need for a better user interface. An embedded operating system such as Linux can offer the ease of a UNIX-style operating system along with full functionality of the card. For example, to retrieve information about the file system directory structure, embedded Linux would allow a simple ls command to be used instead of the hex command 0xF0 0xA8 0x00 0x00 0x00. Currently, smart cards are not capable of an embedded operating system. Until they can, familiar shell commands such as ls could be accomplished on the smart card by virtualizing the shell—interpreting shell commands into their smart card hexadecimal counterparts. This would provide an easy way to personalize the card to fit customer needs.
What will customer needs be in the next millennium? Some people predict less emphasis on materialism. Exercise machines might be as prolific as ATMs, and the gold card may be less attractive than one with more brains. Securing the future always involves flexibility and change. Smart cards appear to combine it all.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|diff -u: What's New in Kernel Development||Aug 20, 2014|
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
- diff -u: What's New in Kernel Development
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Monitoring Android Traffic with Wireshark
- Tech Tip: Really Simple HTTP Server with Python
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- RSS Feeds
- Readers' Choice Awards 2013
- Linux Security Threats on the Rise
- Cooking with Linux - Serious Cool, Sysadmin Style!