information assurance... smart card interoperability steve haynes [email protected]...
TRANSCRIPT
Information Assurance . . .
Smart Card Interoperability
Steve [email protected]
Phone - 703-653-7140
Were We’ve Come From
BC (Before
Computers)
Mainframe Minicomputers Client/Server PCs Corporate Net/Internet
Location
Technology
Central Data Centers
Regional Data Centers
Desktops across the company
Limited Across the world
Management Approach
Centralized Admin. Team
Several Centralized
Admin. Teams
Pager-based fire fighting
Centralized Computing
Decentralized Computing
IT Security Management
First Civilization
Age of Empires
Dark Ages Age of Enlightenment
Time
Internet/Extranet
Unlimited Across the
world
Mission Survivability
AD(Assured
Doubt)
Objective?
“Most people overestimate what is going to happen in two years and underestimate what is going to happen in 10 years.”
Bill Gates - Microsoft
Were We’re Going
High
Low
PotentialDamage
Low HighProbability of Occurrence
Access
2003
Access Cost
2005
Access Speed
WirelessAccess
Nation-StateAttack
TerroristAttack
CriminalActivity
Hackers
1999
Mission Statement
Information AssuranceInformation Assurance: Conducting those : Conducting those
operations that protect and defend operations that protect and defend
information and information systems by information and information systems by
ensuring ensuring confidentialityconfidentiality, , integrityintegrity, , availabilityavailability
and and accountabilityaccountability. This includes providing . This includes providing
for for restorationrestoration of information systems by of information systems by
incorporating incorporating protectionprotection, , detectiondetection and and
reactionreaction capabilities. capabilities.
Objective?
Too Much AccessSecurity
Access
• Exposure to riskLoss of confidentiality
Loss of integrity
Loss of resources
• Intentional theft• Accidental loss
Objective?
Too Much Security
• Loss of productivity
• Sense of restriction
• Uncooperative usersToo much time to access (passwords)
Write passwords down
Bypass security
Access
Security
AccessInformation Assurance
ComfortConvenienceCustomizationIndependencePrivacy
Balance:
ConfidentialityIntegrityAccountabilityAvailabilityRestoration
Objective?
Smart Card
PKIBiometrics
Technical Applications:Data storage access
via Internet
Disposableanonymous
64 bits - 64K bits
Reusablepersonalized
PIN
MemorySingle app.- stored value
(chip cards)
Standardprocessor
1-16K memory
2 Processorcrypto engine
(Mondex)
MicroprocessorMulti-app. capability(“really smart” cards)
Smart Cards
Note: All Smart Cards have microprocessors.For the most part they have been used as memory cards.All Smart Cards have the capability but due to limited apps, and memory, they are used as storage cards.
Functional Applications:
• Stores Data • Routs Transaction To Where Data Is Being Stored• Converts & Manipulates Data into Interactive Information• Assures Information is Protected• Combines Physical And Technical Access Control• Transmits Transactions Securely• Authenticates Access • Combines Multiple Card Requirements (API)• Role Based Access Control• Single-Sign-On• PKI• Biometrics• Privacy
Smart Cards
Objective?
The true attraction of a smart card is not a purse to carry electronic
money, but a purse to carry around all the various pieces of information that currently take up one dedicated
card apiece
Interoperability
WS: Win9X/NT/2000
Data Servers
PDC / BDC
Mail Server
File Servers
FTP Server
HTTP Server
Router
WS: Win9X/NT/2000
Data Servers
PDC / BDC
Internet
File Servers
FTP Server
HTTP Server
Mail Server
Remote User
Mail Server
FTP Server
HTTP Server
FTP Server
HTTP Server
Mail Server
Remote User
Router
Router Router
Data Storage Internet Access
Data storage access via Internet
Information Assurance
Smart Card
Disposableanonymous
64 bits - 64K bits(Danmont)US$0.70
Reusablepersonalized
PIN(no FSI)US$1-3
MemorySingle app.- stored value
(chip cards)
MicroprocessorMulti-app. capability
(“really smart” cards)
Standardprocessor
1-16K memory(Proton, most FSI)
US$3-6
2 Processorcrypto engine
(Mondex)US$8-15
PKIBiometrics
Information Assurance
Private
Objective?
So ...A smart card may look as a
card, but it is actually the smallest portable computer
in the world !!!
A Smart Card is a Multi-applicationsolution business
Application 1
Application 3 Application 4
Application 2
Provide the “best practice” infrastructure
Integration Approach
Questions: What do I do if my card is lost or stolen ? How are they replaced ? Who provides customer service and how is it made seamless
to the employee using it ? Who is going to develop, certify, install and upgrade the
applications ? How are privacy, accuracy and security insured ? What are the industry (hardware & software) standards? Who can integrate all this to make it work?
Challenges
Electric utilities
Consumer electronic companies
Consumersoftware
companies
Cablecompanies
Informationproviders
RetailersBank/
financialservices
Communicationscompanies
The poor
consumer
Database creation
Transactions Payments
Disintermediation
Build and manage “Communities of Interest”
The consumer demands :• Comfort• Convenience• Customization• Independence
Smart Cardcan hide the complexity
and end the confusion
Implementation Approach