Security is the
main concern for smartcards.
The BasicCard
support the following crypto functions:
DES and
TripleDES algorithm
The DES
algorithm is the internationally recognised Data
Encryption Standard, defined in the ANSI standard
documents X3.92-1981 (Data Encryption
Algorithm) and X3.106-1983 (Data
Encryption Algorithm Modes of Operation).
For a fuller treatment, including 'C' source
code, see Bruce Schneier's Applied Cryptography
(Second Edition, John Wiley & Sons, Inc.,
1996).
As you can see from the dates of the ANSI
documents, the DES algorithm is no longer
young. In fact, the original DES algorithm
is usually referred to as Single DES, and
must now be regarded as less than completely
secure. Special-purpose hardware can be
constructed for several tens of thousands of
dollars, that can break Single DES
encryption in less than a day. For this reason, a
stronger version, Triple DES, has become a
de facto standard in the banking world.
This algorithm is generally believed to be safe
against all currently feasible attacks.
AES: The
Advanced Encryption Standard
The BasicCard
supports the Advanced Encryption Standard defined
in Federal Information Processing Standard FIPS
197.
This standard is available on the Internet, at http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf
AES uses the Rijndael algorithm as its
cryptographic primitive. The Standard specifies
three permitted key lengths: 128 bits, 192 bits,
and 256 bits. All three key lengths are available
to Terminal programs, BasicCard programs are
restricted to 128-bit keys.
EC161:
The Elliptic Curve Library
The EC161
library implements 161-bit Elliptic Curve
Cryptography.
The following
operations are supported:
- private/public
key pair generation;
- session key
generation;
- digital
signature generation;
- digital
signature verification (Terminal program
only).
This
implementation follows the proposed standard IEEE
P1363:
Standard Specifications for Public Key
Cryptography.
Elliptic Curve
Cryptography is a branch of Public Key
Cryptography that is especially suitable for
Smart Card implementation, for two reasons:
- the
generation of private/public key pairs is
simple enough to be implemented in a
Smart Card;
- it requires
much smaller key sizes than other
well-known methods for the same level of
security.
The library EC161
uses points with 161-bit prime order; this is
currently considered equivalent in security to
1024-bit RSA.
RSA is the
established standard for public key encryption.
The name RSA
is derived from the names of the inventors of
this algorithm, which are: Ron Rivest, Adi
Shamir and Leonard Adleman. RSA is
known since 1978 [1,2]. In the long time since
invention of RSA the principle of RSA was not
broken. However RSA encryption with key length up
to 512 bits was broken some time ago. RSA
encryption with key length of 1024 bits is not
broken and because of that recommended to be used
today. The principle and security of RSA is based
on the fact that with today's knowledge it is not
possible to find the prime factors of a big
number (n=pq, where p and q are prime numbers) in
suitable time.
Short details:
Public Key: n=pq (p and q are big prime numbers)
e relative prime to (p-1)(q-1)
Private Key: d e-1 mod ((p-1)(q-1))
Encryption: c = me mod n
Decryption: m = cd mod n
Literature:
[1] R.L. Rivest, A. Shamir, and L.M. Adleman,
A Method for Obtaining Digital Signatures
and Public-Key Cryptosystems, Communications
of ACM, v. 21, n. 2, Feb 1978, pp. 120-126
[2] R.L. Rivest, A. Shamir, and L.M. Adleman,
On Digital Signatures and Public Key
Cryptosystems, MIT Laboratory for Computer
Science, Technical Report, MIT/LCS/TR-212, Jan
1979v. 21, n. 2, Feb 1978, pp. 120-126
SHA1: The
Secure Hash Algorithm Library
The Secure
Hash Algorithm as defined in the Federal
Information Processing Standards document FIPS
1801. The algorithm takes an arbitrary
message as input, and outputs a 20-byte hash of
that message. It is supposed to be
computationally infeasible to invert this
algorithm. More specifically:
given a 20-byte hash, it is computationally
infeasible to construct a message with that hash;
it is computationally infeasible to construct two
different messages with identical hashes.
FIPS 180-1 is available on the Internet, at www.itl.nist.gov/div897/pubs/fip180-1.htm.
The SHA1 library was implemented as
an adjunct to the EC161 Elliptic
Curve library. In the first place, it is
specified in the proposed IEEE standard P1363 as
one of the approved hashing algorithms for use in
Elliptic Curve digital signature generation; and
in the second place, it provides a source of
cryptographically strong pseudo-random numbers,
for the generation of keys and signatures.
IDEA:
International Data Encryption Algorithm
The IDEA
library implements the International Data
Encryption Algorithm, a block cipher with a
128-bit key size. This algorithm is
cryptographically as strong as Triple DES, but is
faster than Single DES.
Note: The International Data Encryption Algorithm
may be used free of charge for non-commercial
purposes. For commercial use, permission must be
obtained from the patent holders:
Ascom Systec Ltd.
Gewerbepark
CH-5506 Maegenwil
Switzerland
Internet: http://www.ascom.com
e-mail: IDEA@ascom.ch
The SG-LFSR
Algorithm (only supported in the
Compact BasicCard)
This algorithm was designed by D. Coppersmith, H.
Krawczyk, and Y. Mansour ("The Shrinking
Generator", Advances in Cryptology
CRYPTO '93 Proceedings, Springer-Verlag,
1994). It uses two Linear Feedback Shift
Registers, A and S, to generate a stream of bits:
the registers are run in parallel until register S
generates a 1 bit, at which point the bit
generated simultaneously by register A is used as
the next bit in the stream.
The Compact BasicCard implements this algorithm
with Linear Feedback Shift Registers A and
S of length 31 and 32 respectively. In
order for the system to be secure against attack
with registers of this size, it is necessary to
use generating polynomials PolyA and PolyS
that are unknown to the attacker. To this end, we
supply a program for the generation of random
cryptographic keys and primitive polynomials.
C++ source code for the SG-LFSR algorithm
is provided in the BasicCard development kit.
|