What is the Cryptographic iButton?
The Cryptographic iButton is a revolutionary new secure computer encased in a durable 16mm stainless steel button that safely store private keys and transmits the certificates required to conduct electronic commerce over the Internet.
What effect will this iButton have on electronic commerce on the Internet?
When an electronic commerce transaction is initiated, the consumerĖs personal account information is transmitted directly from the iButton to the vendor in an uncrackable encrypted form.
Can the iButton also be used for Intranet security applications?
Yes. The iButton provides positive authentication when users remotely log on to corporate networks that contain sensitive information. The iButton is also used for sending and receiving secure electronic mail.
Pairing the iButton with a Personal Identification Number (PIN) replaces ineffective password-only schemes with a two-factor and high-powered 1024-bit public key based challenge and response authentication scheme. The iButton also makes single sign-on easier.
Why is secure communication important for the Internet?
The widespread adoption of the Internet is causing it to develop into a new channel for selling goods and services, particularly electronic properties. However, while the number of Internet connections is growing, most vendors have not yet realized appreciable revenues.
Insecure electronic communication between customers and vendors is a big reason for the lack of revenue. Prospective buyers do not feel confident enough today that their personal information can be safely transmitted to the vendors electronically. So they donĖt purchase.
Deploying iButtons adds the missing link that enables secure transmission of personal account information.
How does the iButton help ensure secure communication?
Secure communication has two components: safe key exchange and bulk encryption/decryption. PCs and workstations today are quite capable of performing bulk encryption/decryption using symmetric algorithms such as DES. However, they are not optimized to support the public key cryptography commonly employed for safe key exchange.
The iButton contains optimized hardware that can process 1024-bit RSA, DSA, or Diffie-Hellman encryptions or decryptions up to 100 times faster than a PC or workstation. The iButton also stores the private keys using methods orders of magnitude safer than a PC or workstation.
Using an iButton in conjunction with a PC or workstation increases the performance of secure communications. iButtons also increase the overall safety of the security scheme, since it stores the private keys rather than the insecure PC or workstation.
Can you tell me more about the iButton?
The Cryptographic iButton is a very personal computer designed specifically for the safe exchange of information over the Internet or Intranet.
Personal information is safely stored in the iButton. Public key encryption is used to securely transmit this information out of the iButton and over the Intranet or Internet, or vice versa. iButton communication can be trusted even if the client computer, software, and communication link cannot be trusted.
How do I use an iButton?
A service provider co-issues an iButton to an individual. A convenient access point called an iButton Dot Receptor is attached to the userĖs computer (typically the parallel port for a PC) to establish the signal path by which the iButton will communicate with the host.
The host computer (PC or workstation) is assumed not to be trustworthy, and therefore acts just as a communication gateway to transfer information from the iButton to the Web site or network server. This is achieved by touching the iButton to the Dot Receptor when appropriate.
When users want to access Internet or Intranet services, they first connect to the service providerĖs web site to request login. Software applets (login authentication) provided by the service provider will be downloaded to the user so that communication is secured. When personal information needs to be transferred, these applets (programs) will instruct the user to touch their iButton to the Dot Receptor.
The iButton then sends the personal information, using public key encryption, through the PC, out over the Internet or Intranet, and to the Web server (or network server), where it can be safely decrypted.
Sensitive information can also come from the Web server or network server to the iButton in the same manner, making challenge and response techniques easy to implement. This is useful for high security user authentication.
Why is the iButton better than existing solutions?
The iButton is the most secure, durable, and physically protected electronic device available today.
The iButton employs proven public key encryption with 1024-bit key sizes to securely transfer personal information and symmetric sessions keys over unsecured transmission lines. It supports three popular public key methods: RSA, DSA, and Diffie-Hellman.
The iButton is housed in a stainless steel case which allows it to operate under human-tolerable conditions with no special restrictions. It can be treated as an ordinary personal possession, attachable to items already carried, worn as jewelry, or carried as part of an electronic wallet.
The advanced physical security of the iButton makes it an ultra-safe storage vault for private keys. Keys can either be downloaded into the iButton or generated on-chip. Storing private keys in the iButton solves the current problems of deploying private keys and maintaining their secrecy.
Exposure of the private key renders any public key system unsafe. Generating the keys inside the iButton means they never have to be revealed to anyone, including the person who uses the iButton.
Do I need to create special secure channels to distribute the iButtons?
No. Distribution of the iButtons can be done safely using common channels that exist today such as mail, courier, or even retail chain stores.
Information is loaded into the iButton prior to deployment and kept inactive under a cryptographic seal until a remote activation process is initiated. The activation process uses public key cryptography to remove the seal.
Remote activation can be implemented over the Internet. A user can connect to a web server to initiate the activation process.
How fast is the iButtonĖs Public Key encryption/decryption process?
The iButton can process a 1024-bit RSA, DSA, or Diffie-Hellman encryption or decryption in less than 1 second. Contact between the iButton and its reader can be momentary.
What about digital signatures?
The iButton is also capable of performing digital signature and hashing functions. Popular algorithms such as RSA, DSS (Digital Signature Standard), and hashing algorithms such as SHA-1 are supported.
What about certificates?
The iButton can also process certificates.
What is the expected life of an iButton?
The iButton is expected to give more than 10 years of service.
Why are the private keys safe?
The state-of-the-art physical security designed into the iButton acts as an attack shield when storing private keys in the iButton memory. The iButton also employs SRAM technology capable of forgetting the private keys very rapidly if the iButton is attacked. This process is called zeroization.
Physical security then is a matter of detecting intrusions and performing zeroization. A number of events can trigger zeroization, including subjecting the iButton to low temperature.
Using SRAM and a tamper response scheme is far better than using EPROM technology (commonly used in traditional hardware security devices) because a would-be attacker must penetrate past the barriers and rapidly read the fast-erasing SRAM in order to discover the secrets.
EPROM technology lacks fast-erase capability, giving the attacker much more time to read the contents of the EPROM memory after its barriers have been penetrated. The secrets stored in devices that are based on EPROM technology are extremely vulnerable to exposure.
How are random numbers generated?
Random numbers are generated by taking samples of the fastest-moving bits of the on-chip true-time clock each time the iButton is used and putting them into a cryptographic "melting pot." This pot is constantly "stirred" during execution by a specially designed cryptographic algorithm. Any time a random number is needed, it is drawn from the pot.
This process is designed to make optimum use of the entropy drawn from the randomly timed sequences and other factors.
Why do I have to use electronic authentication hardware at all?
There were two fundamental assumptions made when software-based security solutions such as passwords were originally developed: that there was physical control of the information and users did not posses sufficient computing power to attack the security.
However, the adoption of distributed systems in an open computing environment has caused the data to spread rapidly (loss of the physical control) and places sufficient computing power in the hands of users to successfully attack the security. These developments violate the fundamental assumptions of software-based security and have, in effect, rendered them useless.
Security in a distributed and open computing environment must consist of something the users bring and something they know. The iButton is the "bring something" and a Personal Identification Number is the "know something."
DoesnĖt my PC use software today that has security features?
Many new protocols (such as SSL and S/MIME) are rapidly becoming defacto standards for safe transmission of data via software techniques. However, applications that leave security keys on the hard disk allow even amateur attackers to uncover their secrets. Standard PC utilities are excellent tools to help hackers perform these types of attacks.
Removing the secrets from the PC and placing them in the iButton eliminates these vulnerabilities and enhances the use of SSL, SMIME and other leading protocols.
What about system performance using public key cryptography?
PCs and workstations are not optimized to perform the complex mathematics required when using public key cryptography. The iButton can perform these tasks up to 100 times faster than even the latest PCs or workstations. Therefore, using the iButton allows for the adoption of public key cryptography without sacrificing overall system performance.
Performance is most critical when considering employing public key cryptography for server-based applications. Multiple iButtons, called iButton Arrays, are particularly cost-effective for these applications, because they can be added to an existing server in a massively parallel fashion to off-load the server from performance and safety issues.
What new services could become available using iButtons?
Some services are not effective when a "computer-centric" secret key is used. This is because people donĖt always maintain a 1:1 correspondence with the computer that houses their key. Using the iButton makes keys portable without security risk and eliminates the 1:1 correspondence restriction.
For example, leaving the private key on the PC or workstationĖs hard disk makes retrieving encrypted e-mail very difficult from any other machine. If the key is exposed (to make it portable) security is weakened. Suppose an employee leaves their office and wants to check their e-mail from home. They canĖt.
But storing the private key in the iButton instead of the PC or workstation makes it portable and safe. Secure e-mail becomes practical, as well as mail forwarding. The employee can use their iButton in conjunction with their home computer to retrieve their e-mail. And if they are traveling, they can have their e-mail forwarded to their destination, so that it will be there when they arrive. Encrypted e-mail means no one else can read them, removing the fear of unauthorized access.
How does the iButton compare with a Smart Card?
The iButton uses SRAM technology and is capable of performing rapid zeroization. Smart Cards are based on EEPROM technology which is stable for years and allows ample time for discovering the secrets it keeps. Smart Cards cannot perform zeroization. Therefore, iButtons are safer than Smart Cards.
The iButton is housed in a rugged stainless steel can, which makes it very durable. Smart cards are manufactured using brittle material and are prone to easy breaking. Therefore, replacement costs using iButton systems are far lower then the replacement costs using Smart Card systems.
The iButton contains a true-time clock, which is a real-time clock that is tamper-evident. This allows transactions to be time-stamped and also allows service providers to automatically time-expire their services.
Smart Cards do not contain a clock. Time-stamped iButton transactions are therefore more secure than Smart Card transactions. In addition, managing timed services is easier using the iButton, since it can automatically expire.
Are you vulnerable to the attack published recently that reveals Smart Card security shortcomings?
No. The basis of the attack is differential analysis between a good transaction and one that was forced to be bad. Smart Cards are vulnerable to this attack because they may make public the results of the transaction, good or bad. One can first process a good transaction and then one that is bad, and perform the cryptanalysis.
The Cryptographic iButton does not work on the same principle. When an error occurs it is possible to keep its contents private, and only reveal that an error has occurred. Since the erroneous data is never revealed the attacker does not have a key ingredient to perform the cryptanalysis.
Will I have to carry lots of iButtons so I can access all my services?
Personal information for many different services can be maintained within one iButton. It is designed so that its memory can be partitioned into blocks of random size that operate independently from one another. This means multiple service providers can place their individual services into the iButton with no fear that one service provider can access the services of another.
It is estimated that up to 100 "money registers" can be managed inside the iButton.
How hard is it to make my PC communicate with iButtons?
iButton Dot Receptors attach to the parallel port of the PC in minutes and do not consume any resources. iButton Dot Receptors retail for $15 each.
How do I incorporate iButtons into my application?
Dallas Semiconductor provides a set of tools that allows software developers to rapidly integrate the Cryptographic iButton into their applications. The three main goals of the tools are:
A Graphical User Interface- (GUI) based tool called iButton Group Builder is also available for programmers who wish to interface to the iButton in a more graphical manner. iButton Group builder uses drag and drop graphical representations of iButton resources into an iButton memory graphic. The tool will automatically create the objects that are used in the scripts to perform the desired operations.