AES for Java Card

AES for Java Card 2.2.x

With the acceptance of Rijndael's algorithm for higher strength symmetric key cryptography, AES was introduced in Java Card 2.2.x as an addition to the open specifications that has fairly extensive API for cryptography. The AES API was introduced in line with existing and widely used SPI for DES. This API is now widely used in various identity management applications. The author was instrumental in designing and finalizing it, and getting it through for its introduction in Java Card 2.2.x

AES was needed for different purposes, however the first application to adapt the technology was the upcoming (now prevalent) 3G networks. It was desired that to be used for different purpose to maintain the privacy on the wireless network. The API is explained better here in this presentation. The observation was that the AES standard implementation turned out to be more efficient than that of DES. At the specified block size AES was also observed to be more efficient on smartcards than DES.
---

Contact or (Contact)less

FIPS 201 -- Card Biometric Data and Privacy Concerns

FIPS 201 has defined the access to cardholder's biometric data as "Upon CHV Verification". This implies each time a physical or a logical access system accesses the card's biometric data, the card holder will need to enter the user PIN. Additionally, according to the PIV specifications, the biometric template which are stored in the credentials can be retrieved only from contact side. The biometric template could be more than just fingerprint like condensed facial image, iris scans etc.

The approach to add verification of PIN before use of biometric template may be a overkill and hinder some of the easiest access control systems especially for physical access. A medium confidence access system may verify the biometrics of the holder either through data on the card or through data stored in the back-end system like the biometric server. A secure and valid credential whose signature can be verified is supposed to be an authentic credential.

Some of my thoughts on the subject which lingered more than a week in my mind are noted below. Comments on the items below will be much appreciated.

• Don't cardholders' leave their fingerprint(s) on numerous objects which they touch like keyboards, mousepads, door knobs etc. etc. ?? Bad guys can easily pick up the fingerprints and make a dummy finger and card which be used to fool the PACS. The intruders can easily make the dummy and use it to falsely open the door. The PIN entry and its verification by the card, may not even be asked by the PACS.
  
• The privacy concerns about misuse of biometrics are probably valid for authentication of the card holder. A remote authentication of the user using biometrics only shouldn't be allowed by the logical access system. A PIN + biometric (2-factor authentication) could also be weak authentication mechanism if the PIN is verified only by the card. For this two factor authentication scenario, the PIN match MUST be performed by the secure server.
  
  
• Verification of identity doesn't require same level of security as authentication ... Authentication is proving who you claim is really who you are ... Verification is identifying someone whom I already know and have means to verify since I trust some data in the secure part of the system. Typically, for full authentication a PKI is involved.



• CHUID can be read over air interface ... Why restrict minutia, if CHUID is all available to be read without card holders verification? Well, the argument that I have heard is that CHUID can be protected by keeping the card in a RF insulatoted jacket. Well then can't we apply the same arugment in favor of the biometric data? As we all know, PIV defines some low assurance verification methods which uses only CHUID, this may be as insecure as letting the biometric template be read over the contactless interface.



• What happens in case the reader is slot - neither contact nor contactless? A slot reader is a good alternative to contact/contactless interfaces. Its widely used in applications where high throughput is required. A good example of such a device is a public telephone and the prepaid smart card reader which is part of the installed public phone.

• Well, just like other biometrics, the bad guys can easily capture the card holder's other biometrics like the facial image and iris image. The cardholder may not even notice such a theft. With video cameras becoming increasingly popular these days at public places, this is becoming more and more easier.



• Even with the PIN verification, a system design is needed to make dispel the privacy concerns and fears about the use of biometrics with the card. Some dialog, between the card holder, the requestor's authenticity and log of permissions granted by the card holder for the use of the biometrics are steps in right direction ....
  
  

---