TLS-Tandem: a smart card for WEB applications
Pascal Urien
Department of Networking and Computer Science
Telecom ParisTech - 37/39 rue Dareau - Paris, France
[email protected]
Abstract— This demonstration shows a WEB application offering
multimedia contents, whose access is fully controlled by a smart
card according to an innovative context, named TLS-Tandem.
Credentials required by the WEB site, and used by the smart
card (certificates, private keys), are distributed via AJAX
facilities.
Keywords- Security, WEB, smart card
I. INTRODUCTION
WEB applications deal with software entities located on
servers, which interact with laptops and other terminals via the
HTTP protocol. These services are the center gravity of the
worldwide WEB community; numerous sites provide various
kinds of services such as email, research engine, multimedia
files, social information, and geographical data. Most of today
WEB applications are secured by passwords and are financed
by adverting inserts. We believe that this fact could
dramatically change with the deployment of mobile internet
accesses. Due to the scarcity of electromagnetic resources,
radio networks are usually controlled by mobile operators and
for security and profitability reasons may require tamper
resistant devices. Environments such as 3G+/4G already work
with SIM modules; other communication technologies
(WIMAX, …) could use USB token, including smart cards.
The first part of this demonstration shows a WEB
application offering multimedia content (music, movies…),
whose access is fully controlled by a smart card according to an
innovative context, named TLS-Tandem, more precisely
detailed in [4]. User’s authentication requires a X509 certificate
and a RSA private key. The client’s PC is not pre-configured
for this operation, its owner holds a smart card and runs
specific software, stored in a
HTTP
Socket server
127.0.0.1:8080
TLS
PHASE II
2
http://127.0.0.1:8080/xampp/index.php
Get CipherSuite
Get Key-Block
4 3
ps.exe
NO Certificates
NO Private Keys
Figure 1. The Acces Control Demonstration
978-1-4244-2309-5/09/$25.00 ©2009 IEEE
FLASH drive or freely downloaded through the WEB.
The second part of the demonstration illustrates the
registration process required by a particular WEB application.
The user holds a smart card and collects from the application
provider WEB site, an html page that pushes the required
credentials (certificates and private key) toward its smart cards,
via HTML or AJAX facilities.
II. ACCESS CONTROL DEMONSTRATION
The platform architecture is illustrated by figure 1 and
comprises four elements: a WEB server (1), a proxy software
“ps” (2), a smart card (3) and a browser (4).
A. The WEB server
The WEB server (1) is a classical Apache distribution
(XAMPP), containing MySQL, PHP and Perl B browser. The
site is organized in such a way that accesses to particular areas
required the use of the TLS protocol, dealing with mutual
authentication (both server and client are equipped with X509
certificates and RSA private keys). Three specifics elements
must be installed: the certification authority (CA) certificate,
the server certificate and its private key.
B. The Proxy software
The proxy server (2) opens a server (localhost:8080) on the
customer’s PC. Each TCP session, initiated by the browser,
implies the opening of an SSL session with the remote server
(server:443). The beginning of each SSL session (handshake
dialog, labeled PhaseI in figure 2) is fully processed by the
smart card, the client’s PC managed TCP/IP connectivity
thanks to classical sockets resources.
Socket client HTTPS
Server.com:443
Software bridge
EAP-TLS / TLS
1
TLS
PHASE I
TLS Stack
CA Certificate CA Certificate
Server Certificate
Customer’s Certificate
Server Private Key
Customer’s Private Key
1
After a mutual authentication cryptographic algorithms and operations) are processed by the personal computer (thanks
keys used for the ciphered SSL tunnel, are pushed from the to the proxy software).
smart card to the proxy software (labeled PhaseII in figure
2). This later afterwards acts as a proxy between the browser III. REGISTRATION DEMONSTRATION
and the server that is in charge of data encryption and
A particular WEB site needs a set of three credentials: a
decryption. certification authority (CA) certificate, a client’s certificate
C. The smart card delivered by the CA, and the associated private key. These
data are pushed toward smart cards thanks to a set of ISO
The smart card (3) is a 32 bits tamper resistant
7816 commands, in which some parts are optionally
microcontroller (whose operating system claims an encrypted. As illustrated by figure 3 ISO7816 requests are
assurance level of EAL 4+), including a java virtual packed (1) in an html FORM (script.html). On the client’s
machine (JVM). It executes the java card package computer a specific local WEB server (2), bind to the
OpenEapSmartcard [1], [2], [3] that runs an EAP-TLS loopback IP address (127.0.0.1), interprets each INPUT tag
(RFC 5216) method, i.e. transparent encapsulation of the of this form as an ISO7816 command (3), which is
TLS protocol over EAP packets (RFC 3748). The proxy afterwards forwarded to the smart card. The response
software realizes a bridge performing insertion/extraction of returned for each request, is “tagged” (4) in an XML file,
TLS packets in/out EAP messages. which is afterwards transported in the body of the HTTP
The tandem technology is briefly depicted by figure 2. response (5).
The smart card autonomously processes (on the client side)
the beginning of a TLS session (or Phase I) either in the full 1
mode, which works with four messages (A, B, C, D), or Script.html

according to the resume scheme that requires three messages

(A, B, C). At the end of phase I, the proxy software collects POST
two parameters: the CipherSuite (i.e. negotiated Local
ISO7816 commands 2
cryptographic algorithms) and the Key-Block (a set of keys Web
Server
used for data encryption and integrity checking). It
afterwards fully processes the TLS session, referred as Phase INPUT tags are
converted to ISO7816
II. Phase I consumes a computing time of about 4 seconds requests
3
for the full mode, and 2 seconds for the resume mode.
Client Server Client Server XML page response 5 4
A A
Client hello (ClientRandom) Client hello (Session-id, ISO7816 responses are
ClientRandom) inserted in XML tags
Server Hello (Session-id,
ServerRandom)
Certificate B
Figure 3. The Registration Process
Server Hello(Session-id,
CertificateRequest ServerRandom)
ServerHelloDone
ChangeCipherSpec B Hopefully this user’s interface is strongly improved by
Certificate (Encrypted) Finished the use of AJAX technology; in that case the HTML page
ClientKeyExchange
PHASE I includes javascript instructions, performing DOM and
{PreMasterSecret}KpubS
C XMLHttpRequest operations.
Certificate Verify
ChangeCipherSpec
IV. CONCLUSION
(Encrypted) Finished Key-block
C
ChangeCipherSpec CipherSuite In this paper we have demonstrated a new technology
ChangeCipherSpec
D (Encrypted) Finished performing highly trusted access control to WEB server
(Encrypted) Finished
secured by SSL.
Record Layer in Ciphered Mode Record Layer in Ciphered Mode
Encrypted Application Messages Encrypted Application Messages
PHASE II REFERENCES
[1] Urien, P, Pujolle; G. “JavaCard for Emerging WLAN Environments”.
Figure 2. A TLS full session (left part) and resume mode (right part) JavaOne Technical Session 2007 (TS-0285), JavaOne 2007, San
Francisco, California, USA, May 8-11, 2007.
[2] Urien, P, "Open two-factor authentication tokens, for emerging
D. The browser wireless LANs.", Fifth Annual IEEE Consumer Communications &
Networking Conference 2008 (CCNC’08), January 10-12 Harrah’s
The browser (4) is not configured with any particular Las Vegas, NV, USA.
certificate. It starts the session with the remote server by the
[3] Urien, P, Pujolle, G, "Security and Privacy for the next Wireless
URL, http://127.0.0.1:8080/xampp/index.php. The smart Generation", International Journal of Network Management (IJNM)
card is in charge of phase I operations. The proxy software Volume 18 Issue 2 (March/April 2008), WILEY
deals with SSL sockets and manages phaseII; mutual [4] Urien, P, "TLS-Tandem: a Collaborative Technology for Trusted
authentication requiring certificates and asymmetric WEB Applications", In proceedings of the 2008 International
cryptographic algorithms are performed by the smart card, Symposium on Collaborative Technologies and Systems (CTS 2008),
while all HTTP packets (implying encryption/decryption May 19-23, 2008, Irvine, CA, USA.