Security dons chip, card mantles By Junko Yoshida EE Times (12/27/01, 11:52 a.m. EST)
[Last few paragraphs in particular]
Security has long been a bugaboo for anyone involved in the development of next-generation chips, systems and networks. There is no quick fix for digital security and certainly no single bulletproof cryptographic formula. But the industry is rolling out a variety of technologies, including identification tags and RF labels for objects, along with smart cards that can deny or allow access to goods and services. Security experts are increasingly aware that the limits of security lie not in the mathematics of cryptography but in the hardware, software, networks and people applying cryptography for security. "Security is a chain; it's only as secure as the weakest link," noted Bruce Schneier, chief technology officer and co-founder of Counterpane Internet Security Inc. and author of Secrets & Lies: Digital Security in a Networked World. Nonetheless, chip vendors, software developers and system companies are making strides to develop security technologies that not only guard critical data against theft but also rapidly detect burglars and respond to alarms. "As a content owner, we are not just concerned about the quality of copy protection systems; we are also concerned with the response time it takes to revoke the access rights once the copy protection system is broken," said Alan Bell, senior vice president for technology at Warner Bros. (Burbank, Calif.). "Software-based encryption/decryption may be easier to break, but it may be capable of offering a very rapid response. Being able to move fast [to block access] could be as good a protection as any." For its part, Philips Semiconductors has assembled bits and pieces of security technology under the umbrella heading of identification, said Karsten Ottenberg, senior vice president and general manager of business unit identification. The goal is to design a chain of security mechanisms "by installing our identification technologies, such as smart cards, at a number of access points — such as cell phones, PDAs, PCs and set-tops — while tagging IDs to objects like luggage, currency and important documents," he explained. In the aftermath of the Sept. 11 terror attacks, the demand for broader security measures has grown around the globe. Ottenberg said his company has entered discussions with several countries for security projects that involve tags and labels, national ID cards, access cards and airline security measures. Of those, airline security is the most pressing project. One goal is to replace the bar-coded luggage tags currently in use with "smart tags" whose chips can be programmed with identification numbers as well as such detailed information as the luggage's check-in time and the passenger's destination. The RFID chip is placed between two layers of paper, inside the airline baggage tag. In a project undertaken by Philips Semiconductors and British Airways, an IC was attached to an antenna inside the label for communication with a scanner up to 1.2 meters away. Because smart labels use radio frequency for communication, they do not require a direct line-of-sight transmission. The technology allows several smart labels to be scanned simultaneously, speeding the baggage-handling process. The information on smart labels can be reprogrammed, eliminating the need to print and attach new labels. "One could record the weight of a bag onto the smart tag, for example, [to] track whether the baggage has mysteriously 'gained weight' as it has traveled from one gate to another within the airport," said Ottenberg. In essence, the smart tag can "improve security by tracking down where the bag has been and by not depending on people for screening once baggage is checked in." Companies such as Infineon Technologies have been working on similar RFID technology. The goal for Infineon's new RFID chips is to embed heightened security features that enable the company and its partners to produce identification systems that are resistant to counterfeiting or tampering. In personal identification applications, security features can authenticate the access status of a cardholder. The features also support secure storage of cash value amounts, allowing use of the chips in cards for prepaid payment applications. Infineon claims that its products boost available memory and use secure memory sectors on-chip to provide enhanced ID capabilities and application flexibility. The secure version of Infineon's RFID chip incorporates such advanced features as a mutual authentication algorithm based on 64-bit keys and secret key pairs to limit unauthorized access to data. The first step for any computer security system is identification and authentication: You have to be able to prove that you are who you say you are. Common means for providing such proof are passwords, biometrics and access tokens. Smart cards that enable access to goods and services are designed in such a way that secrets within the card stay within the card, and people outside the card can't affect those secrets. Without a secure perimeter built around the smart card, the fall-back is a tedious back-end processing system, such as an online verification system that checks the validity of cards and credit lines via modem. But smart cards aren't necessarily better than memory cards with limited security engines or none at all. It all depends on the application. "The smart card's tamper resistance is always breakable, given enough time and money," Schneier cautioned. "So systems should not be built whose security relies on tamper resistance. "Most people can't reverse-engineer a smart card, so the cards are secure enough against most attackers. But both smart cards and memory cards assume that the reader is trusted, and they can be defeated by a malicious reader." Memory cards and smart cards with differing levels of security are emerging. Philips Semiconductors' offerings, for example, include a dual-interface card with a cryptographic engine that can be used for both contact and contactless cards; a simple memory card, with 1 to 4 kbits of memory and some level of embedded security; and an ultralight memory card, with only a 512-bit memory and no embedded security algorithm. STMicroelectronics, Infineon and Philips Semiconductors are upgrading their current smart cards from 8-bit or 16-bit microprocessor cores to 32-bit cores. While both ST and Infineon are designing solutions based on proprietary 32-bit cores, Philips has chosen to use a MIPS core, according to Ottenberg. Some believe a proprietary microprocessor core is more secure than an open-architecture processor like MIPS, Ottenberg acknowledged. But he asserted that the flexibility and convenience of the widely available MIPS tool set far outweigh the perceived security advantage of proprietary cores. Open architecture is growing even in the security market, particularly with the use of Java technology. One example is the Java-embedded smart card, which can hold multiple digital IDs that run multiple applications on any smart-card reader equipment, said Albert Leung, Java card business-development manager at Sun Microsystems. Third parties might assign digital identities for banking access, driver's licenses or building entry. The credentials would not only identify the user but would validate the extent of the user's rights and privileges, meaning the smart card would have to perform a range of applications. With Java technology in place, banks and other entities would no longer need to tie their smart cards to specific network or reader infrastructures, Leung said. Further, with Java technology banks could provide enhanced consumer security attributes, including biometrics-based security applications.
Secure versions of flash memory cards are also appearing. The MultiMediaCard Association (MMC) recently announced that it's spinning two SecureMMC platforms. One will enable secure storage and retrieval of digital information for mobile e-transactions; the other will target content protection, managing users' access to copyrighted content. SecureMMC can offer enterprise data protection through robust security measures based on public-key infrastructure and tamper-resistant SecureMMC hardware, according to MMC executive director Andrew Prophet. The tug-of-war over copy protection persists between content owners seeking to dictate security measures in PCs and OEMs reluctant to relinquish control of key system design technologies. Counterpane's Schneier claimed that copy protection "doesn't work, period." Any copy protection scheme, even those based on hardware, can be broken, Schneier said. "Breaks don't even have to target the encryption" to defeat a copy protection scheme like the content-scrambling system, Schneier said. Since the software DVD player must decrypt the video stream in order to display it, the break attacks the video stream after decryption, he said, calling that "the Achilles' heel of all content protection schemes based on encryption." This weakness persists because "the display device must contain the decryption key in order to work."
Taking a cue from Hollywood studios, however, chip companies and system vendors are adding encryption/decryption features to high-speed digital interfaces such as IEEE 1394. "We are concerned about content protection beyond set-tops, so that our content won't be hijacked after it's been downloaded and decrypted" at the set-top box, said Warner Bros.' Bell
