USENIX Association Proceedings of the 5 th Smart Card Research and Advanced Application
نویسندگان
چکیده
In this paper we describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewed as secure containers for objects, whose methods can be called straightforwardly and securely using SMI. Jason is currently being developed as a middleware layer that securely interconnects an arbitrary number of smart cards, terminals and back-office systems over the Internet.
منابع مشابه
USENIX Association Proceedings of the 5 th Smart Card Research and Advanced Application
The use of biometrics, and fingerprint recognition in particular, for cardholder authentication in smartcard systems is growing in popularity. In such a biometrics-based cardholder authentication system, sensitive data may be transferred between the smartcard and the card reader. In this paper we identify and classify possible threats to the communications link between card and card reader duri...
متن کاملUSENIX Association Proceedings of the 5 th Smart Card Research and Advanced Application Conference
The paper describes a framework for model checking JavaCard applets on the bytecode level. From a set of JavaCard applets we extract their method call graphs using a static analysis tool. The resulting structure is translated into a pushdown system for which the model checking problem for Linear Temporal Logic (LTL) is decidable, and for which there are efficient model checking tools available....
متن کاملUSENIX Association Proceedings of the 5 th Smart Card Research and Advanced
We present 'malicious insider attacks' on chip-card personalization processes and suggest an improved way to securely generate secret-keys shared between an issuer and the user's smart card. Our procedure which results in a situation where even the card manufacturer producing the card cannot determine the value of the secret-keys that he personalizes into the card, uses public key techniques to...
متن کاملUSENIX Association Proceedings of the 12 th USENIX Security Symposium
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network se...
متن کاملHand-Held Computers Can Be Better Smart Cards
Smart cards are convenient and secure. They protect sensitive information (e.g., private keys) from malicious applications. However, they do not protect the owner from abuse of the smart card: An application could for example cause a smart card to digitally sign any message, at any time, without the knowledge of the owner. In this paper we suggest that small, hand-held computers can be used ins...
متن کامل