E-KTP (contactless smart card technology) was introduced by the Indonesian Interior Ministry to replace the existing identity card. A key management system that manages cryptography keys and algorithms for mutual authentication, data encryption and decryption.
E-KTP (contactless smart card technology) was introduced by the Indonesian Interior Ministry to replace the existing identity card. A key management system that manages cryptography keys and algorithms for mutual authentication, data encryption and decryption.
E-KTP (contactless smart card technology) was introduced by the Indonesian Interior Ministry to replace the existing identity card. A key management system that manages cryptography keys and algorithms for mutual authentication, data encryption and decryption.
Indonesian Interior Ministry to replace the existing identity card. With contactless smart card technology, e-KTP obligates every applicant to have their fingerprints scanned, verified, and saved in the central storage. Furthermore, the data of the fingerprint will be stored in the e-KTP smart card as well. Since it is a very sensitive data, thus, some security controls must be implemented. This project developed a system to address this issue. First, a mutual authentication program between smart card readers/terminals and e-KTP smart cards, before transaction begins. The process authenticates both sides and proves that they are authorized by employing cryptographic protocols, algorithms, and keys. Furthermore the project also developed encryption and decryption program to protect data during transmission. I. INTRODUCTION O ensure that only authorized readers are allowed to access the data inside e-KTP smart cards, therefore security measures have to be put in place. One way to achieve it is by employing key management system that manages cryptography keys and algorithms for mutual authentication, data encryption and decryption. In conjunction with e-KTP, key management system is a vital part of the implementation, hence it should be thought out properly. Several aspects related to e KTP, such as supporting infrastructure, requirement and policy must be taken into account in designing the system. Researches to determine and evaluate the key management system that will be best suitable with the e-KTP program are required. II. SMART CARD From the time it was introduced, smart card technology has been utilized for many different usages. The most apparent practices of smart cards ATM and credit card. Physically, a smart card looks similar with any other cards as it is made out of plastic. The difference is, it has a microprocessor-chip embedded on it that gives smart functionality to the card. There are several criteria for smart card, including, it should not be easily forged or copied. As it will be used primarily to add security, thus, it must have the ability to store data securely by running a range of security algorithms and functions for participating in an automated electronic transaction. If any type of card fulfills these requirements, then it can be categorized as smart card [1]. Basically, a smart card is composed by a plastic card and a microprocessor-chip. But actually the components of a smart card may vary. It depends on the chip type and the mechanism for data transmission [2]. For example, a contactless smart card will have a Radio Frequency (RF) interface as additional component for data transfer from the card to readers. Regardless the chip type or the data transfer method, every smart card must have several basic elements which are Central Processing Unit (CPU), Read Only Memory (ROM), Electrically Erasable Programming Read Only Memory (EEPROM), and Random Access Memory (RAM).
TABLE I SMART CARD BASIC ELEMENTS [2] Elements Description CPU The core component. ROM A memory whose contents are installed when the card is manufactured and cannot be modified. Usually it contains card operating system. EEPROM A volatile memory used as temporary memory for CPU's processes while operating. III. CRYPTOGRAPHY A. Challenge-Response Authentication is the process of ensuring the identity of the counter party involved in a communication [3]. It is a crucial part in security service whose main purpose is to prevent fraud and unauthorized access. Furthermore, entity authentication is based on challenge-response protocol. The process starts by providing a challenge, where the response is based on Design and Implementation of e-KTP (Indonesian Electronic Identity Card) Key Management System Aravada Kevindra Darwis and Charles Lim Faculty of Information Technology, Swiss German University EduTown, BSD, City Tangerang, 15339, Indonesia
E-mail: aravadakd@gmail.com, charles.lims@gmail.com T ICACSIS 2011 ISBN: 978-979-1421-11-9 143
the shared secret and a particular algorithm, known only authorized parties. The advantage of the challenge-response protocol, which is each communicating party does not need to keep synchronized with the other's token. With providing random challenges each time, the previous token used for previous communication will not be valid for further process. On the other hand users must key in additional numbers when using the challenge- response token [4]. B. Message Authentication Code MAC which stands for Message Authentication Code, is a set of algorithms that allows sender to send message to receiver where the receiver can be sure that the sender in fact produce the message [5]. Usually MAC is used for data transmission. It has to be computed first then appended to the message. Once the receiver has received the message, he computes the MAC of the message and check it if it matches the received MAC. If it does, then the message is still the same as the sender produced it. IV. KEY MANAGEMENT Key management is a practice that focuses on techniques and procedures for establishing and maintaining keying relationships between authorized entities. Moreover, keying relationship means the process of sharing data regarding cryptographic techniques between communicating parties [6]. To be noted that the chances of a key being stolen or compromised are always there but there are methods in key management practices to reduce the impact. One way to do it is by using different keys for different purposes, this method is called key diversification. So the key for digital signatures will be different with the key for data encryption and so on. In addition, key derivation, where each of the keys is derived from different master keys, could be implemented as well to strengthen the security. Another key management best-practice is employing dynamic keys or known as session keys or temporary keys. It starts by producing a random number. The next step is to pass the random number with a particular value to the other party. The further process depends on which cryptographic algorithms to employ. Using different keys for different process makes the smart card more resistant to attacks [7]. For example, one DoS attack needs to extract at least three different keys used by the card. Moreover with key derivation where each key are personalized as it is derived from cards unique value (serial number), thus guessing cards secret keys is almost infeasible for attackers as long as the derivation process is not compromised. Another way to add more security to the secrecy of keys is by employing different versions of key. By different versions means that every master key from which individual keys are derived must have a span of lifetime. When it is valid and when it will be expired must be stated clearly. Changing keys from one version to another does not always have to wait until it is compromised, it is better to do it periodically. V. RESULT A. Mutual Authentication
Fig. 1. Mutual authentication.
The mutual authentication is triggered when a smart card is inserted to or detected by the reader/terminal. The purpose is to check whether the smart card or terminal is authorized for e-KTP. The proposed design of mutual authentication process is specified step by step, as follow, The terminal requests a random number from the e-KTP smart card. The terminal requests the serial number of the card. The terminal and the card generate a Message Authentication Code (MAC) from the random number, the serial number, and Card e-KTP Key (made out of Master e-KTP Key and the cards serial number) using a built-in function from BasicCard called OMAC. This function uses AES algorithm with 128 bits key and returns a 16-byte string of the input. The terminal sends the computed OMAC to the card. The card verifies whether the OMAC from the terminal matches with the OMAC generated by the card. The terminal creates a random number to be sent to the card and generates an OMAC out of it. The card receives the random number, generates an OMAC, then sends it back to terminal. The terminal and the card generates a session key based on both OMACs generated by each other using a SHA-256 algorithm and format the hash value from 32-byte to 16-byte hash. The card opens the directory for data access. B. Data Encryption / Decryption After the initial mutual authentication has been carried out successfully, the process may continue to viewing or editing the files that are stored in the e-KTP. During the transmission, every file will be encrypted using 3-DES symmetric algorithm and the 16-byte session key. Since 3-DES is a block encryption, ICACSIS 2011 ISBN: 978-979-1421-11-9 144
therefore every file needs to be divided into several blocks where each block consists of 8 bytes of data. As for fingerprint data, it will not only be encrypted or decrypted during transmission but also when it is stored in the smart card. The algorithm used is 3-DES, with a 16-byte card cipher key. This card cipher key is generated from master cipher key and the cards serial number.
Fig. 2. Activity diagram for mutual authentication process on terminal
Fig. 3. Mutual authentication process.
Fig. 4. Activity diagram for mutual authentication process on smart card.
VI. CONCLUSION The mutual authentication procedure employs challenge-response protocol where particular algorithm and shared secret are involved. It is required to verify each communicating parties. Furthermore, encryption/decryption is implemented to protect data during transmission between e-KTP smart card and reader/terminal, vice versa, from unauthorized disclosure.
TABLE II CRYPTOGRAPHIC KEYS MANAGED IN THE MUTUAL AUTHENTICATION AND ENCRYPTION/DECRYPTION PROCESS Key Name Parameter Purpose Card e-KTP key Master e-KTP key + card serial number Generating MAC Session key MAC1 + MAC2 Encryption / decryption data during transmission Card cipher key Master cipher key + cards serial number Encryption / decryption of fingerprint data
In regards of key management, the system applies Key diversification, as different cryptographic keys are used for different purposes. Key derivation, where some cryptographic keys are derived from the master key and a unique value retrieved from the card. REFERENCES [1] Mayes, K., Markantonakis, K. 2008, Smart Cards, Tokens, Security, and Applications, Springer, Information Security Group Smart Card Centre Royal Holloway, University of London, United Kingdom. [2] Rankl, W., Effing, W. 2003, Smart Card Handbook Third Edition, John Wiley & Sons, Ltd, Giesecke & Devrient GmbH, Munich, Germany. [3] Buttyan, L., Nagy, A., Vajda, I. 2001, Efficient Multi-Party Challenge-Response Protocols for Entity Authentication, Swiss Federal Institute of Technology, Zurich, Switzerland. [4] Smith, R.E. 2002, Authentication:Form Passwords to Public Keys, Addison-Wesley, Boston, U.S.A. [5] Black JR., J. R. 2000, Message Authentication Codes, University Of California, Davis, U.S.A. [6] Menezes, A.J., van Oorschot, P.C., Vanstone, S.A. 1996, Handbook of Applied Cryptography, CRC Press, U.S.A. [7] Silbermann, M. 2009, Security Analysis of Contactless Payment Systems in Practice, Bochum, Germany.