This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
1Abstract- With the emergent use of private and public networks to access information resources, government and private agencies are now replacing password-based user authentication with stronger, multi-factor authentication systems that reinforce data security. Smart Cards provide a secure, portable platform for this type of multi-factor authentication systems. Modern smart cards improve the security and performance through Public Key Cryptography mechanisms by providing secure storage for private keys and accelerating cryptographic operations. However, these smart card cryptographic systems are vulnerable to traditional mathematical attacks such as Differential and Linear Cryptanalysis attacks, Differential Power Analysis (DPA) attacks, fault attacks, replay attacks, side channel attacks, etc. Organizations implementing smartcard solutions must realize that these attacks should be counter measured which is an ongoing research that requires more than just a few actions. This paper proposes a Smart card technology embedded with Steganographic techniques and Cryptographic algorithms, which are more secure than existing Cryptographic Smart card. The challenging factor of Steganography is that the existence of hidden key or password in the image is not known by perceiving it with the naked eye. This unique ability significantly supports the addition of active security methods to the smart card and provides enhanced security for different applications.
Password-based User Authentication is normally used to secure the data in the computer systems. Nowadays, the risk of passwords being compromised is becoming greater and greater because it's becoming easier to download tools that will crack them. Passwords are no longer adequate, as threats against them increase. Those emerging threats are intimately linked to emerging technology such as Wi-Fi and Web services. Most common feature of the published research papers on Password-based User Authentication reveals that the user's identity is transmitted in plaintext over insecure networks during the authentication process, which may disclose the identity of the logging user once the login messages were eavesdropped; hence user confidentiality is not preserved. The leakage of the user confidentiality may also cause an unauthorized entity to track the user's login history and current location [5, 7]. Mostly, it is extremely important to provide secrecy so that the adversary cannot trace user activity. Therefore, user secrecy is an important feature that a practical authentication scheme should achieve.
With the emergent use of private and public networks to access information resources, government and private agencies are now replacing password-based user authentication with stronger, multi-factor authentication systems that reinforce data security. Smart Cards provide a secure, portable platform for this type of multi-factor authentication systems. A smart card's usefulness is based on its intrinsic portability and security. It can provide identification, authentication, data storage and application processing.
CRYPTOGRAHIC SMART CARDS
The major security threats to Smart Cards are the awkward malicious behaviors. As in any field, security standards should be incorporated in these cards to maintain high security. There are various symmetric and asymmetric cryptographic approaches proposed for Smart Card security. Deploying Symmetric Encryption algorithms in Smart cards are generally cheaper to implement than using Asymmetric Encryption algorithms. But the problem of Scalability exists in Symmetric encryption systems as the secret key has to be agreed and shared in advance securely which will lead to generate a large number of keys that might disclose the secure transaction between the card users and card readers. Modern smart cards improve the security and performance through Public Key Cryptography mechanisms by providing secure storage for private keys and accelerating cryptographic operations. All Public Key Cryptography systems employ some sort of invertible mathematical functions for performing cryptographic operation. For example, RSA, Diffie-Helman (DH), or the Digital Signature Standard (DSS) employ modular multiplication. RSA signatures and verifications are supported with a choice of 512, 768, or 1024 bit key lengths. The algorithms typically use the Chinese Remainder Theorem (CRT) in order to speed up the calculation process. Even when 1024 bit keys are used, the time needed to perform one signature is typically less than one second. Usually the EEPROM region that contains the private key is designed in such a way that the sensitive key data never leaves the chip. In this case, even the card holder can't access the key material. The usage of the private key is protected by the user's PIN, so that possession of the card alone does not give the right to sign with that card. Also, the cryptographic strength of the key pairs generated in smart cards may not be very high. Due to the lack of computing power, a relatively weak random number source as well as relatively weak algorithm for selecting large prime numbers is used in smart card key pair generation.