An Internet Authorization Scheme Using Smart-Card-Based Security Kernels

Today, most Internet applications are based on the client-server model. In this model, typically, the server distrusts clients, and grants each client access rights according to the client’s identity. This enables the server to record a lot of personal information about clients: identity, usual IP address, postal address, credit card number, purchase habits, etc. Such a model is thus necessarily privacy intrusive. Moreover, the client-server model is not rich enough to cope with complex transactions involving more than two participants. For example, an electronic commerce transaction requires usually the cooperation of a customer, a merchant, a credit card company, a bank, a delivery company, etc. Each of these participants has different interests, and thus distrusts the other participants. Within the MAFTIA1 project, we are developing authorization schemes that can grant to each participant fair rights, while distributing to each one only the information strictly needed to execute its own task, i.e., a proof that the task has to be executed and the parameters needed for this execution, without unnecessary information such as participant identities. These schemes are based on two levels of protection: • An authorization server is in charge of granting or denying rights for high-level operations involving several participants; if a high-level operation is authorized, the authorization server distributes capabilities for all the elementary operations that are needed to carry it out. • On each participating host, a security kernel is responsible for fine-grain authorization, i.e., for controlling the access to all local resources and objects according to the capabilities that accompany each request. To enforce hack-proofing of such security kernels on off-the-shelf computers connected to the Internet, critical parts of the security kernel will be implemented on a Java Card. In the following sections, the general authorization architecture and the security kernel are presented.