Secure Internet Smartcards

Peter Honeyman
Center for Information Technology Integration
University of Michigan
Ann Arbor

Smartcards have traditionally been isolated from computer networks, communicating exclusively with the host computers to which they are attached through a serial port.

This era is ending, in part due to the flexibility and programmability of JavaCards. Researchers are now beginning to communicate with smartcards using Internet protocols.

At CITI, we are building a middleware infrastructure that allows secure access to remote smartcards, communicating encrypted payloads over UDP/IP. Session key establishment uses SPEKE, a PIN-based encrypted key exchange protocol. We also provide each card with an Internet domain name, assuring a unique name regardless of card location.

We have built two sample applications that use this infrastructure: Kerberos and SSH. These authentication protocol clients highlight the security and convenience benefits of using Internet smartcards for personal key storage and cryptography.