A Formal Security Model of a Smart Card Web Server
نویسندگان
چکیده
Smart card Web server provides a modern interface between smart cards and the external world. It is of paramount importance that this new software component does not jeopardize the security of the smart card. This paper presents a formal model of the smart card Web server specification and the proof of its security properties. The formalization enables a thoughtful analysis of the specification that has revealed several ambiguities and potentially dangerous behaviors. Our formal model is built using a modular approach upon a model of Java Card and Global Platform. By proving the security properties, we show that the smart card Web server preserves the security policy of the overall model. In other words, this component introduces no illegal access to the card resources (i.e., file system and applications). Furthermore, the smart card Web server provides a means for securely managing the card contents (i.e., resources update).
منابع مشابه
A Smart Card Web Server in the Web of Things
The establishment of the Internet of Things (IoT) is gathering pace. The “things” will be counted in their billions, however interoperability problems may compromise the interconnectivity aspect. Isolated “things” are common and often make use of proprietary communication and security protocols that have not been subject to public scrutiny. By contrast the World Wide Web has well established te...
متن کاملHigh-level algorithms and data structures requirements for security-by-contract on Java cards
The Java Card technology has progressed to the point of running web servers and web clients on a smart card. Yet concrete deployments of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and update of applications by different parties requires the control of interactions among possible applications after the card has been fielded...
متن کاملAutomata modulo Theory ( Amt )
With the advent of the next generation java servlet on the smartcard, the Future Internet will be composed by web servers and clients silently yet busily running on high end smart cards in our phones and our wallets. In this new world model we can no longer accept the current security model where programs can be downloaded on our machines just because they are vaguely “trusted”. We want to know...
متن کاملA Trusted Authentication Protocol based on SDIO Smart Card for DRM
Terminals security vulnerabilities makes DRM researches to focus on trusted computing technology in recent years, however, no efficient and practical trusted authentication protocol is presented, especially with formal proof. To attest the integrity when access to the DRM server, the DRM client need perform mutual authentication and key agreement with the server first, and then use the sharing ...
متن کاملAn Enhanced Anonymous Password-based Authenticated Key Agreement Scheme with Formal Proof
With the development of technology, the security of password-based authentication is becoming more and more significant. Recently, Lee et al. proposed an anonymous password-based authenticated key agreement scheme with non-temper resistant smart card to reduce the computation cost of Wang et al.’s scheme. However, based on analysis, it shows that the scheme can’t withstand smart card stolen or ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011