Previous Table of Contents Next


Capabilities List

A relatively orthogonal way of looking at this same authorization model (that is, one represented by an access control list) is called a capabilities list. In most instances, the way this variant of the model is implemented, the capabilities list is passed along to the server essentially merged with the identity authentication. That is, there is assumed to be an administration function that decides, external to the actual server, what capabilities (privileges) a specific identity is to have with respect to the object of interest.

In both variants, the security procedures followed are essentially the same; first authenticate the identity, and then go to an authorization list to determine what privileges that identity has with respect to the object of interest.

Privacy

The final concept of security to be dealt with is privacy, which is keeping the details of a transaction secret from everyone not involved in the transaction. The cryptographic mechanisms previously discussed are adequate to provide transaction privacy. In general, the major design factor (that is, deciding which mechanism to actually use) is one of performance in the actual operational environment.

As mentioned previously, public-key cryptography is significantly more processor intensive that is symmetric key cryptography. Consequently, most systems make use of symmetric key algorithms to encrypt the information flow between two disparate points involved in the same transaction. Actually, however, public-key mechanisms are still quite useful in even this case. Specifically, public-key mechanisms are useful in order to exchange the symmetric key needed by both ends of the communication channel. Such shared secrets are well-recognized risk areas in security systems. The longer and more often that the same symmetric key is used, the better chance for an attacker to figure out what it is and use that knowledge to compromise the privacy of the transaction channel.

If public keys are well-known throughout the specific security system, then the mechanisms discussed earlier (in which one end of the transaction channel can generate a random symmetric key and send it, encrypted by the other end’s public key, knowing that only the other end possesses the private key necessary to decrypt the message containing the secret symmetric key) can be used.

If public keys are not well-known throughout the system, or even if they are, another mechanism exists which is useful specifically for distributing secret symmetric “session” keys (so named because a new key can be generated for each session in which a transaction of some type is to occur) among disparate participants in the transaction. The mechanism is known as the Diffie-Hellman protocol. It has the nice feature that by agreeing in advance to make use of a common algorithm— each end of the channel can calculate a secret key based on information that they can exchange in the clear. The mechanism cannot be used actually to encrypt information, but rather just to exchange a secret symmetric key which can then be used to encrypt the actual transaction information.

Bulk Encryption

The encryption of transaction information is often referred to as bulk encryption. In general, smart cards are not involved in bulk encryption processes. The data transfer rate across the I/O port from a smart card reader to the card is very low (on the order of 10 Kbps) relative to typical transmission speeds across local area or even wide area networks. Consequently, most cryptographic operations that are actually performed on a smart card are related to establishment of identity.

The dominant algorithms used for bulk data encryption include the DES algorithm, the Triple-DES algorithm, the RC4 algorithm, and the IDEA algorithm.

Summary

This chapter covers the abstract concepts that are collectively referred to as security. It lists characteristics of security and discusses various mechanisms for realizing those characteristics. The chapter also discusses the role played by smart cards in these various concepts.


Previous Table of Contents Next