Muscle Flexes Smart Cards into Linux
Credit card companies successfully marketed the silver card, the gold card and the platinum card. Precious metals represent wealth, and we were supposed to associate that notion with something less tangible—card security.
In today's society, better security for electronic commerce is a priority for corporations, banks and merchants. Even as computers become faster, methods of authentication once thought secure become easier to subvert. At the same time, modern communications allow hackers to advertise their exploits, making details of such activity easy to come by, even for amateurs. An easy-to-use exploit script is usually just a web site away. As current security methods become easier to crack and subvert, developers search for different and better ways of authentication.
We all use magnetic-stripe cards every day to get money from the bank, to shop, to fill the gas tank and to enter the office building. It's not uncommon for a person to carry ten or more different cards at any given time. Are the cards secure? Consider the following common credit card scenarios:
You pay your restaurant bill with a credit card and leave the receipt on the table.
You make a department store purchase with a credit card and later throw the receipt in the trash.
You send your mother flowers purchased over the Internet using a credit card number.
Card receipts contain all the necessary information for anyone to assume the same purchasing power (indeed, the same identity) as the actual card holder. In any of the above scenarios, it is only a matter of time before your identity and potentially your bank account is compromised. Authentication using magnetic-stripe tokens is plainly insecure.
Another example of weak authentication is the computer password—the most common method of authentication in computing today. Being the only person who knows a secret word or pass phrase gives us a misplaced sense of security about data access. We don't think about the adolescent cracking our password while we sleep, yet dictionary-based password crackers (software that tries common dictionary words) are available on the Internet. A software package such as Crack 5.0 easily reveals passwords in a matter of minutes—at most a few hours—that were once thought secure. Most hackers obtain initial access into a system through accounts with no password at all or a password set to match the user name. (Many system administrator packages set the default account name to match the user name, and the default never gets updated.)
You can strengthen current security mechanisms, but the ultimate solution may be an entirely new design. Soon magnetic-stripe credit cards, passwords and PINs could be things of the past, replaced by token-based authentication systems enabled with biometric sensors—a secure token storing cryptographic certificates and keys, and terminals with biometric sensors to qualify key access (e.g., from your fingerprint).
One such token is the smart card. Smart card technology has been reliably demonstrated in Europe for many years. A smart card is a special-purpose storage device about the size and thickness of a credit card, containing a thin microprocessor capable of storing data. When inserted into a suitable reader, the microprocessor is powered up, and instructions are passed between the host computer or terminal and the smart-card microprocessor.
Your wallet today: some cash, a few credit cards, an ATM card, a phone card, a driver's license, employee badge, a piece of paper with all your PIN numbers written on it and a reminder to buy milk.
Your wallet in the future: a single smart card with biometric authentication.
What can you do with that smart card? A single card has the potential to replace:
bank cards, ATM cards, phone cards, gasoline cards, credit cards in general
driver's license, passport, employment identification
physical access to your home, your car, your office
medical records and services
With biometrics, you might even be able to remember that you are allergic to dairy products or penicillin. Biometrics are measurements taken from a person to identify them later, such as fingerprints, retinal patterns, face photos, finger lengths, voice prints or typing and writing patterns. Measurements can be digitized for storage on a smart card and for use in conjunction with digital certificates and authentication.
Smart cards are true computing devices containing a CPU, ROM, EEPROM and RAM—all packed into a flexible plastic card. The technology of the microprocessor is comparable to that of a full-sized desktop computer in the late 1970s. Smart cards have an operating system, an I/O channel, static and dynamic memory and an instruction set used to program the card. In the future, the technology may evolve so that entire operating systems (such as Linux) could be run from the card. Right now, smart cards mainly provide secure, portable storage for cryptographic keys and a wide assortment of authentication information.
Webinar: 8 Signs You’re Beyond Cron
11am CDT, April 29th
Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.Join us!
- March 2015 Issue of Linux Journal: High-Performance Computing
- Not So Dynamic Updates
- Users, Permissions and Multitenant Sites
- April 2015 Video Preview
- New Products
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- Non-Linux FOSS: MenuMeters
- DevOps: Everything You Need to Know
- Tighten Up SSH