Muscle Flexes Smart Cards into Linux
Credit card companies successfully marketed the silver card, the gold card and the platinum card. Precious metals represent wealth, and we were supposed to associate that notion with something less tangible—card security.
In today's society, better security for electronic commerce is a priority for corporations, banks and merchants. Even as computers become faster, methods of authentication once thought secure become easier to subvert. At the same time, modern communications allow hackers to advertise their exploits, making details of such activity easy to come by, even for amateurs. An easy-to-use exploit script is usually just a web site away. As current security methods become easier to crack and subvert, developers search for different and better ways of authentication.
We all use magnetic-stripe cards every day to get money from the bank, to shop, to fill the gas tank and to enter the office building. It's not uncommon for a person to carry ten or more different cards at any given time. Are the cards secure? Consider the following common credit card scenarios:
You pay your restaurant bill with a credit card and leave the receipt on the table.
You make a department store purchase with a credit card and later throw the receipt in the trash.
You send your mother flowers purchased over the Internet using a credit card number.
Card receipts contain all the necessary information for anyone to assume the same purchasing power (indeed, the same identity) as the actual card holder. In any of the above scenarios, it is only a matter of time before your identity and potentially your bank account is compromised. Authentication using magnetic-stripe tokens is plainly insecure.
Another example of weak authentication is the computer password—the most common method of authentication in computing today. Being the only person who knows a secret word or pass phrase gives us a misplaced sense of security about data access. We don't think about the adolescent cracking our password while we sleep, yet dictionary-based password crackers (software that tries common dictionary words) are available on the Internet. A software package such as Crack 5.0 easily reveals passwords in a matter of minutes—at most a few hours—that were once thought secure. Most hackers obtain initial access into a system through accounts with no password at all or a password set to match the user name. (Many system administrator packages set the default account name to match the user name, and the default never gets updated.)
You can strengthen current security mechanisms, but the ultimate solution may be an entirely new design. Soon magnetic-stripe credit cards, passwords and PINs could be things of the past, replaced by token-based authentication systems enabled with biometric sensors—a secure token storing cryptographic certificates and keys, and terminals with biometric sensors to qualify key access (e.g., from your fingerprint).
One such token is the smart card. Smart card technology has been reliably demonstrated in Europe for many years. A smart card is a special-purpose storage device about the size and thickness of a credit card, containing a thin microprocessor capable of storing data. When inserted into a suitable reader, the microprocessor is powered up, and instructions are passed between the host computer or terminal and the smart-card microprocessor.
Your wallet today: some cash, a few credit cards, an ATM card, a phone card, a driver's license, employee badge, a piece of paper with all your PIN numbers written on it and a reminder to buy milk.
Your wallet in the future: a single smart card with biometric authentication.
What can you do with that smart card? A single card has the potential to replace:
bank cards, ATM cards, phone cards, gasoline cards, credit cards in general
driver's license, passport, employment identification
physical access to your home, your car, your office
medical records and services
With biometrics, you might even be able to remember that you are allergic to dairy products or penicillin. Biometrics are measurements taken from a person to identify them later, such as fingerprints, retinal patterns, face photos, finger lengths, voice prints or typing and writing patterns. Measurements can be digitized for storage on a smart card and for use in conjunction with digital certificates and authentication.
Smart cards are true computing devices containing a CPU, ROM, EEPROM and RAM—all packed into a flexible plastic card. The technology of the microprocessor is comparable to that of a full-sized desktop computer in the late 1970s. Smart cards have an operating system, an I/O channel, static and dynamic memory and an instruction set used to program the card. In the future, the technology may evolve so that entire operating systems (such as Linux) could be run from the card. Right now, smart cards mainly provide secure, portable storage for cryptographic keys and a wide assortment of authentication information.
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
- Using Salt Stack and Vagrant for Drupal Development
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Validate an E-Mail Address with PHP, the Right Way
- A Topic for Discussion - Open Source Feature-Richness?
- Drupal Is a Framework: Why Everyone Needs to Understand This
- New Products
- The Pari Package On Linux
- New Products
- Home, My Backup Data Center
- This is the easiest tutorial
2 hours 34 min ago
- Ahh, the Koolaid.
8 hours 12 min ago
- git-annex assistant
14 hours 12 min ago
- direct cable connection
14 hours 35 min ago
- Agreed on AirDroid. With my
14 hours 45 min ago
- I just learned this
14 hours 49 min ago
15 hours 19 min ago
- not living upto the mobile revolution
18 hours 10 min ago
- Deceptive Advertising and
18 hours 46 min ago
- Let\'s declare that you have
18 hours 47 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.