T. Kato et al.

: A Secure Flash Card Solution for Remote Access for Mobile Workforce

561

A Secure Flash Card Solution for Remote Access for Mobile Workforce
Takatoshi Kato, Member, Takashi Tsunehiro, Motoyasu Tsunoda and Jun Miyake, Non-member
Abstract We developed a secure remote access system using a secure flash card for mobile workforce. The developed flash card has a tamper resistant module, which contains user authentication information and security keys. An authentication server and a client exchange their authentication information by using a key that is stored in the tamper resistant module of the flash card. Transactions between the flash card and the client are encrypted, and a processor encrypts and calculates the signature inside the tamper resistant module; thus, the system is highly secure. This remote access system also provides improved usability and increased information traceability. 1
Index Terms Flash memory, personal authentication, public key infrastructure, remote access.
I.

INTRODUCTION

ECENTLY, with the increasing use of mobile applications such as mobile personal computers, sophisticated cell phones, and personal digital assistants, confidential information is being downloaded to these devices via a remote access gateway and used away from places users are based at such as offices or homes with increasing frequency. A lot of key-exchange and protocol-tunneling technologies over remote access gateways have been developed and applied for remote access [1][2][3][4]. These developments are causes for the following concerns: i) confidential information leaking to a third party by illegally accessing the remote access gateway at users base locations , or ii) confidential information theft from channels or mobile information devices. Personal authentication devices that include a tamper resistant module (TRM) are key components to protecting the confidential information and are therefore gaining importance as users require more ubiquitous mobile equipment. Access keys for the remote access gateway and confidential information is generally encrypted or locked with a password
Takatoshi Kato is with the Systems Development Laboratory of Hitachi Ltd. Yokohama, 244-0817, JAPAN (e-mail: katou@sdl.hitachi.co.jp). Takashi Tsunehiro is with the Systems Development Laboratory of Hitachi Ltd. Yokohama, 244-0817, JAPAN (e-mail: tsunehir@sdl.hitachi.co.jp). Motoyasu Tsunoda is with the Research & Development Group of Hitachi Ltd. Yokohama, 244-0817, JAPAN (e-mail: mtsuno@rd.hitachi.co.jp). Jun Miyake is with the Memory Business Unit of Renesas Technology Corp. Tokyo, 100-0004, JAPAN (e-mail: miyake.jun@renesas.com). Manuscript received June 19, 2003

in an effort to prevent illegal access. If a key for recovering either is stored on a device without a TRM it may be discovered by analyzing the data stored on the device. In this case, the access keys or the confidential information cannot be assumed to be infallibly secure. Smartcard is one highly effective device to store keys for decoding access keys or confidential information [5]. Storing the access keys or confidential information on the smartcard is possible but inefficient, because the memory capacity of the smartcard is limited and quite expensive. Thus users need to store encrypted data to other devices. In this paper, we describe a secure remote access system using a secure flash card that has a TRM and a large memory. The secure flash card handles security functions including personal identification numbers (PINs) or pass-phrase verification functions and encryptions or decryptions. The secure remote access system does not require any additional hardware except for a memory slot. Thus, the proposed system is easy to implement into existing secure access systems and it is inexpensive. In the next section we describe the design goals and structures of the proposed secure access system. Section 3 describes implementing a prototype, and Section 4 summarizes this study. II. DESCRIPTION OF SYSTEM A. Design Goals We have defined and summarized the fundamental principles of the secure remote access system in the following basic design goals: 1. The system provides cipher communication between servers and clients from locations distant from their base networks, such as intranets, by using public key infrastructure (PKI) base personal authentication. 2. The system provides users with efficient means of cipher communication from a database in their intranet that meets the demands of users mobile equipments. The client can easily download and store confidential information from the database. 3. The clients do not need an additional exclusive authentication device. 4. Transaction between the client and secure device is efficiently encrypted. 5. The system minimizes false acceptance and rejection ratios while preserving its usability.

0098 3063/00 $10.00 2003 IEEE

562

IEEE Transactions on Consumer Electronics, Vol. 49, No. 3, AUGUST 2003

TRM memory card interface

cryptography engine security keys flash memory RAM ROM

processor

flash memory control

A symmetric key is used to encrypt confidential information and an asymmetric key is used to encrypt the symmetric key. The private and public media keys are stored in the secure flash card, and the private and public player keys are stored in the client. Each key pair establishes a secure channel between the server and the client. If the server encrypts the confidential information, the client can receive the license and the contents separately. Unlike the simple password lock / unlock function of standard memory cards, the security functions of the proposed flash card can be applied to manage hierarchical contents protection. Users can use a number of flash memory areas to store their licenses. Each area is allocated a different PIN or passphrase. Thus, users can safely store their own applications and application data in the flash card. Moreover, as users can store their information used to connect their clients and virtual private network (VPN) gateways, the usability of the system is significantly increased. C. Software Structure Fig. 3 shows the software structure of the proposed system. The applications represent an application programming interface (API) that is defined by an operation system or a generic application that calls the secure flash card functions. The applications can access the file system of the secure flash card through the file system interface in the secure flash card driver. Security functions such as authentication and encryption are processed in the security
secure flash card

Fig. 1. Block diagram of proposed secure flash card. The cryptography engine and security keys are stored in the TRM.

B. Secure Flash Card Structure A block diagram of the developed secure flash card is shown in Fig. 1. The card contains a flash memory that stores users confidential information and a processor that operates memory-card commands and added security functions, such as user authentication, certificate verification functions, encryption and decryption functions for symmetric or asymmetric keys, and concealment data storage functions. These security functions are recorded in the TRM area of the LSI. Thus, confidential information is protected from illegal external access. Users can use the contents protection functions to store

terminal

encryption content
symmetric key encrypted content

decryption

symmetric key

license
media public key media private key

player public key

player private key

Fig. 2. Contents protection scheme of proposed secure flash card. Contents are protected by a PKI. Contents and licenses can be distributed separately.

confidential information on the secure flash card. Fig. 2 shows the contents protection scheme of the flash card. A license, which is a key used to encrypt contents, is stored in the TRM, and the contents are stored in the large-capacity flash memory.

manager and transmit to secure flash card functions of the device driver software. The secure flash card driver includes the following functions:

T. Kato et al.: A Secure Flash Card Solution for Remote Access for Mobile Workforce
secure remote access client application authentication, encryption / decryption file system manager secure manager

563
separate distribution of license key & content
password protection for data access option of erasing all data for password input errors

f unct i on of f l ash car d

password protection

enables various data distribution routes such as CD-ROM, data broadcast, etc.

var i ous f unct i ons r eal i zed by pr oposed secur ef l ash car d
secure flash card driver flash card functions secure flash card functions
security class co-storage of both management secure and normal data double or triple level PIN setting
PIN set (unset) is applicable to all each files security database management controlling license keys allocation control

expiration date or access time permission control can be set for license keys

terminal authentication
permits sending license keys to authenticated terminal device only

I/O

Fig. 5. Features of the proposed secure flash card.

R / W

secure flash card

Fig. 3. Software structure of proposed system The client includes a file system manager and secure manager. Security functions, such as authentication and encryption / decryption, are transmitted to the secure flash card function in the secure flash card driver.

Device information notification functions: provides device information such as reader / writers (R / Ws) name and card and card type. Event notifications function: informs about loading and ejecting the card. Fig. 4 presents an example authentication flow between the server and the client of the proposed system. The server and client exchange session keys at first. After the encryption communication is established, the server sends information to receive the signature to the client. The client sends the information to the card after a secure channel between the client and the card is established. The card has the certificate and the client validates it. The client and card also establish a secure channel and the card sends the signature to the server. D. Additional Features
The proposed secure flash card has a zeroization function to reduce the risk of leaking stored confidential information. Any attempt to figure out the PIN is noted by a securely stored counter in the TRM. If the number of attempts reaches limit the card can be locked or all data stored in the flash memory can be erased. Even if the power turns off during the erase procedure, it will resume after the power is supplied again. By setting this limit, the potential danger of false acceptance can be dealt with, as listed as a design goal . Other additional features of the developed flash card are shown in Fig. 5.

server

client

card

requiring authentication exchanging session key requiring signature

card authentication and exchange session key transmitting PIN / pass-phrase and information for signature

transmitting signature transmitting key for encryption

transmitting signature

Fig. 4. Sequence diagram of authentication between server and client in proposed system. Secure channels are established between the server and client and between the client and card. The signature is made in the card and transmitted to the server via the clients. The users private key for the signature is not disclosed outside the card.

Application protocol data unit (APDU) protocol control functions: sends, receives, and cancels ISO7816-4 [6] APDU command.

564

IEEE Transactions on Consumer Electronics, Vol. 49, No. 3, AUGUST 2003

III. PROTOTYPE To evaluate the feasibility of the proposed system we are developing and testing an experimental secure remote access system. The client is a notebook personal computer mounted with a secure command acceptable R / W. Fig. 6 shows the external view of the prototype of the secure access client. Fig. 7 shows the system design of the secure remote access system with the proposed secure flash card. The user is authenticated to use the secret information stored in the TRM area after a PIN-verification between the authentication server in the office and the client. Following the authentication, a secure channel is then established between the VPN gateway and the client over the Internet . The flash card stores authentication information such as the gateways certificates, the users public and private key pairs,

secure flash card

Fig. 6. Prototype of secure flash card and remote access client. The client mounts a secure command acceptable R / W.

office
authentication server
VPN

home community area

personal authentication Internet secure flash card

gateway intranet personal computer

+
secure channel

database

personal mobile digital phone assitant

personal computer

Fig. 7. System design of the secure remote access system. Secure channel is established between VPN gateway and client. After the authentication, users can access personal computers and database safely.

application 1 (WIM) memory access system operating system

application 2

...

application n

application dispatcher

cryptography system

flash memory command interpreter

secure command interpreter common (memory card) I / F secure flash card

flash memory command

WIM command

Fig.8. Architecture of proposed secure flash card. The card has a flash memory command interpreter and a secure command interpreter. User can use a number of applications on the operating system. In the prototype, we loaded the WIM application and confirmed security functions such as small-capacity non-volatile memory access.

T. Kato et al.: A Secure Flash Card Solution for Remote Access for Mobile Workforce

565

client
smartcard application

client
smartcard application

command -APDU

wrap command-APDU by secure command and transfer to the card

command-APDU
security command token secure command command encapsulated data

response -APDU

unwrap response-APDU and transfer to smartcard application

response-APDU
security command token secure command command encapsulated data

memory card physical driver

memory card physical driver

memory card interface

memory card interface

secure flash card controller

secure flash card controller

unwrap command-APDU by secure command

security command token secure command command encapsulated data

wrap response-APDU by secure command and transfer to the client

security command token secure command command encapsulated data

command-APDU smartcard function (TRM)

response-APDU smartcard function (TRM)

flash memory

flash memory

Fig. 9. Command-APDU and response-APDU encapsulation.

and / or a security policy information. The authentication information is encrypted, and licenses for the decryption are stored in the TRM of the flash card. The application can also get security information such as users public and private key pairs and send security functions via a standard cryptography application interface. Users can bring together their security information and contents in the same media, thus the usability should improve significantly . In the experimental system, the authentication application conforms to the wireless application protocol (WAP) identify module (WIM) [7][8]. Fig. 8 shows the application architecture of the secure flash card. A normal flash memory command is received at the common memory card interface (I / F). A flash memory command interpreter sends the command to the access controller. The access controller handles the normal flash memory command and loads or stores the data in

the large-capacity non-TRM flash memory. In contrast, the security functions such as authentications or encryptions and decryptions are received at the common I / F and transmitted to the secure command interpreter in the TRM. The application dispatcher in the operation system of the processor sends a command to application 1. As shown in Fig. 8, the WIM application loads in application 1. Fig. 9 shows command-APDU and response-APDU encapsulation. As is shown in Fig. 9, command-APDU and response-APDU is wrapped or unwrapped in the secure command. Thus, in the experimental system, users can seamlessly switch from using the large-capacity flash memory to the secure non-volatile memory.

566 IV.

IEEE Transactions on Consumer Electronics, Vol. 49, No. 3, AUGUST 2003

CONCLUSIONS

The proposed secure flash card is an apposite personal mobile security device that effectively improves the security of mobile information devices. The flash card safely stores large amounts of encrypted confidential information. Secure remote access systems using this flash card can prevent confidential information from being accessed illegally, and it provides safe document management . The proposed system does not require additional hardware except for a memory slot and is, thus, inexpensive. ACKNOWLEDGMENT We thank Mr. Kazushi Nakagawa and Mr. Nagamasa Mizushima of Hitachi Ltd. for supporting the research involved in developing the prototype. We also thank Mr. Takashi Totsuka of Renesas Technology and Mr. Akira Muramatsu of Hitachi Ltd. for their support along with their many productive discussions. REFERENCES
[1] [2] [3] [4] [5] [6] [7] [8] A. Kara, Secure remote access from office to home, IEEE Communications Magazine, vol. 39, no. 10, pp. 68-72, Oct., 2001. D. Harkins and D. Carrel, The internet key exchange (IKE), RFC 2409, http://www.ietf.org/rfc/rfc2409.txt, Nov. 1998. T. Dierks and C. Allen. The TLS protocol, Version 1.0, RFC 2246, http://www.ietf.org/rfc/rfc2246.txt, Jan. 1999. S. Kent and R. Akinson, Security architecture for the Internet Protocol, RFC2401, http://www.ietf.org/rfc/rfc2401.txt, Nov. 1998. D. Scheuermann, The smartcard as a mobile security device,, Electronics & Communication Engineering Journal , vol. 14, no. 5, pp. 205-210, Oct. 2002. ISO / IEC 7816 Identification cards - integrated circuit(s) cards with contacts. Wireless identity module specification. WAP-260-WIM-2010712-a, July, 2001. T. Tsunehiro, H. Ishihara, H. Mano, Development of the SecureMultiMediaCard with WIM function, eBusiness and eWork Conference and Exhibition, Oct. 2001.

Motoyasu Tsunoda was born in Tokyo, Japan. He received the B.E. degrees from Tsukuba University, Japan in 1988. He joined Hitachi Ltd. in 1988. He was engaged in the research and development of architecture for storage devices, such as hard disk drive, flash memory. Since 2003, he has been with the Research & Development Group of Hitachi Ltd.

Jun Miyake was born in Ibaraki, Japan. He received B.E. degree from Waseda University, Japan in 1984. He joined Hitachi Ltd. in 1984. He was engaged in the designing and development of semiconductor memory device, such as DRAM and graphics memory. Since 2003, he has been with the Memory Product Marketing Department Memory Business Division of Renesas Technology Corp., and been engaged in the product marketing of secure memory card.

Takatoshi Kato (M02) and was born in Tokyo, Japan. He received B.E. and M.E. degrees from Waseda University, Japan in 1993 and 1995, respectively. Since April 1995, he has been with the Systems Development Laboratory of Hitachi Ltd. His research interests include flash card application, computer and network security, and digital signal processing. He is a member of the Institute of Electronics Information and Communication Engineers (IEICE). Takashi Tsunehiro was born in Okayama, Japan. He received B.E. and M.E. degrees from Okayama University, Japan in 1976 and 1978 respectively. He joined Hitachi Ltd. in 1978. He was engaged in the research and development of mini-computer and CAD systems. Since 1993, he has been with the Systems Development Laboratory of Hitachi Ltd., and been engaged in the research and development of file systems using flash memory. He is a member of the IEICE and the Information Processing Society of Japan (IPSJ).