An open middleware for smart cards

Lecture Notes in Computer Science, 2003

This paper addresses the problem of using networked mobile devices as providers of cryptographic functions. More specifically the paper describes a system developed to allow the usage of portable devices, such as PDAs and mobile phones, as remote smart card readers when connected into a TCP/IP network. This system is completely transparent to desktop applications. The digital signature technology, at its highest level of security, requires the use of smart cards and smart card readers not yet widely deployed. This requirement limits the mobility and may turn out to be an obstacle to the wide adoption of the digital signature technology. Our work aims precisely at facilitating the adoption of the smart card technology by means of PDAs and mobile phones.

2008

Smart cards are an ideal medium for use in secure applications. Such applications require mechanisms for cryptographic authentication, password based authentication, confidential data exchange, detection of data tampering and verification of origin integrity. Cryptographic techniques based on symmetric key algorithms and/or public key cryptography can be used to address these issues. In this thesis, we focus on development of public key infrastructure on smart cards. Public key cryptography provides easier key management since keys are assigned on per user basis as opposed to per communication pair basis as in the case of symmetric key cryptography. Further, the public key cryptography can be used to perform key exchange for symmetric key and then the symmetric key cryptography can be used to perform further cryptographic operations. Smart cards are secure devices since the keys are kept in it securely and only the operations using such keys are permitted to be performed.

Micro, IEEE, 1999

IFIP International Federation for Information Processing, 2004

The Intelligent Adjunct (IA) model‚ proposed by Balacheff et al in [1]‚ is a novel paradigm for smart card applications‚ in which off-card resources are provided for smart cards to run application logics. This paper presents the Card-Centric Framework as an evolution of the conceptual IA model to provide a more rigorous solution for smart cards to access off-card I/O resources. It consists of a system model and a communication protocol. With the Card-Centric Framework‚ smart cards can run any applications that involve user interactions. A system prototype constructed with the current smart card technologies showed only reasonable performance. To cater for performance issues‚ another demo system that made use of enhanced smart card technologies was implemented. It not only shows a significant improvement in performance‚ but also proves the feasibility of the framework in the future.

IEEE Transactions on Consumer Electronics, 2004

Smartcard is originally designed as a passive authentication device. Retaining this passive role will limit its potential and it will eventually be superceded by other technologies. Therefore, it is a must for smartcard to take the active role in the near future. In light of this, this paper presents a novel Card-Centric Framework, in which the Smartcard becomes the Master whereas the card-connected terminal only a slave. The system prototype based on current smartcard technologies shows reasonable results, whereas another demo system that makes use of enhanced smartcard technologies provides a significant improvement in user perception and proves the feasibility of the framework in the future. Anticipating technology advancement so that all the performance requirements are met, applications will benefit from the framework in portability, data integrity, and chances for hardware-software customization.

Springer LNCS 2140; Proc. International Conference on Research in Smart Cards (E-smart 2001), 2001

"Smartcards and PKCS #11 are an appealing solution for combined storage and certificate management at the enduser level. Many applications use PKCS #11 primitives for security reasons: a popular browser, like Netscape Navigator contain a PKCS #11 cryptographic module that plays a critical role in secure web surfing and e-mail signing and encryption. Nevertheless, most market-ready solutions ([SMARTSIGN], [GPKPKCS#11], [SLBCBPKCS#11]) use non-programmable cards or else do not exploit the card’s programmable capabilities. Instead they utilize cryptographic functions built into the card. This results in applications having the card manufacturer’s semantics instead of PKCS #11 semantics. In this article we present our work: Java Card Certificate Management (JCCM). JCCM moves PKCS #11 middleware into the card itself. This results in greater flexibility and less implementation dependence for applications. We have developed JCCM for two cards: the GemXpresso RAD 211is and the Cyberflex for Linux Starter’s Kit 2.1. We have also developed the corresponding dynamic library for Netscape enabling our endusers to use JCCM in their daily tasks. "

This paper introduces a generalized authentication framework for smart cards. The framework abstracts the authentication services on the card and allows flexible configuration of authentication policies and technologies. This paper also makes recommendations for extensions to current authentication APIs.

Abstract Transcrypt[1] is an encrypted file system which uses a smart,card to store unique private parameters of users. This smart card is needed,for all file operations by the user of Transcrypt. For accessing the smart card, a user space daemon is used. This daemon,should be able to provide secure access to the smart card without compromising,the level of security which Transcrypt aims to achieve. Transcrypt adopts a kernel space only approach,and does not trust even the superuser. It prevents against both online and offline attacks. This project aims to explore the possible methods,of developing, this daemon,and implementing,the best case possible. 12,April,2007 5 Contents

2014

Smartcards are becoming increasingly popular as a means for personal identification and authentication in many secure application areas such as e-Banking and e-Commerce. Millions of users have a smart card in their pocket without even knowing it. The SecFuNet project proposes solutions for integrating secure microcontrollers in order to develop a security framework for Cloud Computing and virtual environment. This framework introduces, among its many services: authentication and authorization functions for virtual environments, based on Remote Grid of Secure Elements (RG0SE). The objective is to implement an open standard framework, based on smart cards and OpenSSL. This framework provides TLS secure channels for establishing trust relationships among Users, Virtual Machines (VMs), Hypervisor (XEN) and RG0SE. The authentication is done directly between smart cards (owned by users or associated to VM) and SecFuNet Identity Management (IdM). This framework concerns a highly secure aut...

Although smartcards are widely used, secure smartcard interoperability has remained a significant challenge. Usually each manufacturer provides a closed environment for their smartcard based applications including the microchip, associated firmware and application software. While the security of this “package” can be tested and certified for example based on the Common Criteria, the secure and convenient interoperability with other smartcards and smartcard applications is not guaranteed. Ideally one would have a middleware that can support various smartcards and smartcard applications. In our ongoing research we study this scenario with the goal to develop a way to certify secure smartcard interoperability in such an environment. Here we discuss and experimentally demonstrate one critical security problem: if several smartcards are connected via a middleware it is possible that a smartcard of type S receives commands that were supposed to be executed on a different smartcard of type S’. Such “external commands” can interleave with the commands that were supposed to be executed on S. Here we demonstrate this problem experimentally with a Common Criteria certified digital signature process on two commercially available smartcards. Importantly, in some of these cases the digital signature processes terminate without generating an error message or warning to the user.