Smart card, the stealth leaker

Information leakage is a major issue for homeland security. When entering and leaving certain countries which are particularly concerned by their national security, electronic devices such as mobile phones and laptops are examined, as well as data storage devices such as USB sticks and mobile hard drives. Technical investigations can be more or less thorough, and might lead up to confiscation of the material in case of doubt. At the same time, the use of smart cards is spreading over the world, mainly as a mode of payment, in public transportation or as SIM cards in mobile phones. These usages are widely adopted, in particular due to the security benefits delivered by these systems. But smart card technologies can also be used in an unconventional way to efficiently hide information crossing national borders. Smart cards have been designed as objects which ensure security in an untrustworthy environment. Their main function is to protect from the outside world and to hide their ways of working. A smart card is a programmable device, close to a very small computer, in which it is possible to hide functionalities impossible to detect. Today, it becomes possible to use a smart card in an unconventional manner, by using its storage and cryptographic capacities to carry information in an undetectable way, under the cover of a harmless common object. The following action could take place in any international airport: a sensitive list of identities and codes which should not been intercepted has to leave the country, the carrier even does not know he brings such of list within his SIM card. In the same way, one could use a smart card as a vector of infection in a closed environment, as modern operating systems now include the protocol layers necessary for their usage.     

Smart cards: integrating for portable complexity

The decreasing cost of embedded chips is one of many factors that have spurred growing interest in smart cards. Today, typical markets for smart cards fall into three broad areas: electronic currency, an application in which smart cards replace cash or traditional credit cards in pay phone, transit, and toll collection systems; electronic identification, which permits controlled access to buildings or systems (like computers or cash registers); and data warehousing, applications that must opportunistically store and retrieve data, such as medical records, object tracking information, or process verification information. Such applications are only the beginning-future applications could make smart cards an integral and almost transparent part of our daily lives. Two factors seem to be converging to make this possible. First, as the world we live in becomes increasingly complex, smart cards offer a way to integrate that complexity into a compact and portable package. Second, the increasing functionality developers can integrate into a smart card opens new avenues for application development     

A model driven architecture for the development of smart card software

Smart cards are portable integrated devices that store and process data. Speed, security and portability properties enable smart cards to have a widespread usage in various fields including telecommunication, transportation and the credit card industry. However, the development of smart card applications is a difficult task due to hardware and software constraints. The necessity of the knowledge of both a very low-level communication protocol and a specific hardware causes smart card software development to be a big challenge for the developers. Written codes tend to be error-prone and hard to debug because of the limited memory resources. Hence, in this study, we introduce a model driven architecture which aims to facilitate smart card software development by both providing an easy design of smart card systems and automatic generation of the required smart card software from the system models. Differentiating from the previous work, the study in here contributes to the field by both providing various smart card metamodels in different abstraction layers and defines model-to-model transformations between the instances of these metamodels in order to support the realization of the same system on different smart card platforms. Applicability of the proposed methodology is shown for rapid and efficient application development in two major smart card frameworks: Java Card and ZeitControl Basic Card. Lessons learned during the industrial usage of the architecture are also reported in the paper. Finally, we discuss how the components of the architecture can be integrated in order to provide a domain-specific language for smart card software.     

A controllable and accountable state-oriented Card-Aided Firewall

This paper proposes a new approach, named Card-Aided Firewall (CAF) that combines the simplified firewall and the state-oriented smart card technologies to construct a controllable and accountable Internet access framework. The idea suggests that a client computer, protected by a light-weight firewall, could establish diversified authenticated communication channels, controlled and accounted by “legal” states of the smart card.The program of a smart card is state-oriented or a state machine, which defines a chain of events involving various state transitions. The “legal” states of a smart card program are defined to be legal to communicate with surfing targets. A predefined Access Control List (ACL), stored in the same card, is necessary. An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. The proposed firewall decides acceptance or rejection messages by matching the current state of the card program and the ACL. In addition, a complete surfing account for tracing back is recorded. It is a by-product of the smart card authentication.The proposed Card-Aided Firewall framework is implemented to demonstrate its effectiveness. The implementation is done at the driver level. It keeps up with the high line speed. The driver takes 39K bytes and works well with other firewalls. The average packet processing time of the CAF driver is 31.74 μs. On the premise of secure authentication within the smart card, the Card-Aided Firewall would facilitate various rapidly growing applications in campus cards, family cards, and employee cards, etc. that require accurate controllability and accountability in the surfing boundary.     

Java智能卡的安全漏洞分析与防御

智能卡由于自身较高的安全特性和易携带等优点,使其成为人们生活中被广泛使用的工具。Java智能卡凭借技术优势更是受到社会青睐。智能卡通常携带个人私密信息和重要数据,使之受到来自多方面的威胁。对Java智能卡的安全研究有助于提高卡内虚拟机的安全性。本文详细阐述JCVM(Java Card Virtual Machine)存在的安全漏洞,给出实际的病毒代码,深入分析并找出漏洞存在的根本原因,在研究学习前人的基础之上并结合实际给出对应的防御措施。     

The changing role of health care IC card systems.

Health care researchers and professionals have had increasing interest in the development of Internet-based solutions in health care, casting doubt on the future of IC card systems. However, IC cards used in conjunction with Internet-based health information systems may be more viable than either system alone. We conducted a worldwide survey to explore the possibilities of such a combined system. Our analysis shows that there is considerable awareness of the concept of Internet-based health care services among the professionals of IC card projects. In addition, our results indicate that IC cards could play a major role in health care systems as authorization keys that permit access to health information.     

Smart card embedded information systems: a methodology for privacy oriented architectural design

The design of very small databases for smart cards and for portable embedded systems is deeply constrained by the peculiar features of the physical medium. Privacy concerns are relevant due to the fact that personal information may be stored on the card (e.g. medical records). We propose a joint approach to the logical and physical database design phases supporting the required security levels, on the basis that all information is stored on the Flash-EEPROM storage medium, managed as a file system by the smart card operating system.     

Web-enabled smart card for ubiquitous access of patient's medical record

The combined benefits of smart card to support mobility in a pocket coupled with the ubiquitous access of Web technology, present a new paradigm for medical information access systems. The paper describes the framework of Java Card Web Servlet (JCWS) that is being developed to provide seamless access interface between a Web browser and a Java-enabled smart card. Importantly, the smart card is viewed as a mobile repository of Web objects comprised of HTML pages, medical data objects, and record browsing and updating applet. As the patient moves between hospitals, clinics and countries, the mobility of the smart-card database dynamically binds to the JCWS framework to facilitate a truly ubiquitous access and updating of medical information via a standard Web-browser interface.     

基于双线性映射的三因子远程身份认证协议研究

为了提高多服务器环境身份认证的安全性,降低计算复杂度,提出一种基于双线性映射的三因子认证协议,这些因子包括生物信息、智能卡和双线性映射密码。该协议包括系统设置、服务器注册、用户注册、登录、认证和密钥协商,以及密码更新六个阶段,其中,生物因子和智能卡作为核心因子涉及注册、登录、认证和更改阶段。Oracle形式化证明验证了该协议的安全性,攻击者无法得到标志、密码、生物特征信息等,可以实现密钥协商和双向身份认证。与其他相关协议相比,该协议在安全特征、智能卡存储成本、通信成本等方面具有一定优势。     

Hybrid Smart Contracts for Securing IoMT Data

Data management becomes essential component of patient healthcare. Internet of Medical Things (IoMT) performs a wireless communication between E-medical applications and human being. Instead of consulting a doctor in the hospital, patients get health related information remotely from the physician. The main issues in the E-Medical application are lack of safety, security and privacy preservation of patient’s health care data. To overcome these issues, this work proposes block chain based IoMT Processed with Hybrid consensus protocol for secured storage. Patients health data is collected from physician, smart devices etc. The main goal is to store this highly valuable health related data in a secure, safety, easy access and less cost-effective manner. In this research we combine two smart contracts such as Practical Byzantine Fault Tolerance with proof of work (PBFT-PoW). The implementation is done using cloud technology setup with smart contracts (PBFT-PoW). The accuracy rate of PBFT is 90.15%, for PoW is 92.75% and our proposed work PBFT-PoW is 99.88%.     

Java在Smart卡中的实现与应用

Ｊａｖａ卡实现了面向对象技术,这不仅简化了编程,而且使Ｓｍａｒｔ卡成了信息系统的标准组件。     

Toward a secure Kerberos key exchange with smart cards

Public key Kerberos (PKINIT) is a standard authentication and key establishment protocol. Unfortunately, it suffers from a security flaw when combined with smart cards. In particular, temporary access to a user’s card enables an adversary to impersonate that user for an indefinite period of time, even after the adversary’s access to the card is revoked. In this paper, we extend Shoup’s key exchange security model to the smart card setting and examine PKINIT in this model. Using this formalization, we show that PKINIT is indeed flawed, propose a fix, and provide a proof that this fix leads to a secure protocol.     

A secure and efficient certificateless authenticated key agreement protocol for smart healthcare

As more and more important smart healthcare becomes in people’s daily life, its security issues draw increasing attention. It is stringent to design trusty communication protocol guaranteeing the data security and users privacy. Recently, Wang et al. proposed a certificateless authenticated key agreement (CL-AKA) protocol such that providing a resolution to transmit unforged data over open channel in smart healthcare. Claiming that their protocol could resist attacks from two types of adversaries, Wang et al. also compared their protocol with several related works. However, in this paper, we analyze their protocol and point out that the protocol lacks forward security. Moreover, aiming at remedying such defects, this paper proposes an improved CL-AKA protocol. Not only does the improved CL-AKA protocol satisfy the security requirements but also behaves efficient compared with other related works.     

双界面智能卡操作系统的设计和实现

文章首先介绍双界面智能卡的概念,然后讨论了为该卡设计的卡操作系统,主要包括文件管理、通信传输、安全管理和应用控制四部分。该卡操作系统在实践中已得到初步验证。     

An anonymous two-factor authenticated key agreement scheme for session initiation protocol using elliptic curve cryptography

The Session Initiation Protocol (SIP) is a signaling protocol widely applied in the world of multimedia communication. Numerous SIP authenticated key agreement schemes have been proposed with the purpose of ensuring security communication. Farash recently put forward an enhancement employing smart cards counted on Zhang et al.’s scheme. In this study, we observe that the enhanced scheme presented by Farash has also some security pitfalls, such as disclosure of user identity, lack of a pre-authentication in the smart card and vulnerability to key-compromise masquerading attack which results in an off-line guessing attack. We then propose an anonymous modified scheme with elliptic curve cryptography to eliminate the security leakages of the scheme proposed by Farash. We demonstrate that our scheme is immune to different kinds of attacks including attacks involved in Farash’s scheme. We mention Burrows-Abadi-Needham logic for completeness of the proposed scheme. Also, we compare the performance of our scheme with its predecessor schemes and the comparative results shows that it perfectly satisfies the needs of SIP.     

Advances in network smart cards authentication

Smart cards have been widely used as simple token hardware in authenticationn processes. Nevertheless, a new trend indicates a shift towards more enhanced cards with networking capabilities. We propose revising the usual focus on smart card authentication protocol designs, as well as highlighting the need to adapt to new trends. Our main objective is to define an authentication model that uses the card as a stand-alone supplicant in a mutual end-to-end authentication schema. We also propose a protocol architecture which allows us to integrate the smart card within the network in the authentication plane. Finally, this new approach to network smart cards authentication processes is applied to a practical electronic payment scenario.     

Building better government IT: understanding community beliefs and attitudes toward smart card technologies

Government smart cards have promised substantial improvements in public services delivery, yet they often seem to encounter great public suspicion, distrust and hostility. Very few contemporary studies have addressed the issue of understanding the actual beliefs and attitudes toward such initiatives. In this study, we investigate the beliefs and attitudes surrounding the ill-fated Australian Government's Health and Social Services Smart Card. We apply a proven electronic business theory model to address the research question: what are the general beliefs and attitudes of the Australian community and industry toward the introduction and use of the smart card? The study uses a composite concept mapping and content analysis technique to reveal that information security, personal privacy and the spectre of a national identification card engender serious community concerns over the proposed introduction of the smart card. The article brings further empirical understanding of the use of public smart cards, while highlighting the importance of political transparency, broad ranging community consultations, and sound technical design in electronic government projects.     

Decentralized semantic provision of personal health streams

Personalized healthcare is nowadays driven by the increasing volumes of patient data, observed and produced continuously thanks to medical devices, mobile sensors, patient-reported outcomes, among other data sources. This data is made available as streams, due to their dynamic nature, which represents an important challenge for processing, querying and interpreting the incoming information. In addition, the sensitive nature of healthcare data poses significant restrictions regarding privacy, which has led to the emergence of decentralized personal data management systems. Data semantics play a key role in order to enable both decentralization and integration of personal health data, as they introduce the capability to represent knowledge and information using ontologies and semantic vocabularies. In this paper we describe the SemPryv system, which provides the means to manage personal health data streams enriched with semantic information. SemPryv is designed as a decentralized system, so that users have the possibility of hosting their personal data at different sites, while keeping control of access rights. The semantization of data in SemPryv is implemented through different strategies, ranging from rule-based annotation to machine learning-based suggestions, fed from third-party specialized healthcare metadata providers. The system has been made available as Open Source, and is integrated as part of the Pryv.io platform used and commercialized in the healthcare and personal data management industry.     

Fingerprint Agreement Using Enhanced Kerberos Authentication Protocol on M-Health

Cloud computing becomes an important application development platform for processing user data with high security. Service providers are accustomed to providing storage centers outside the trusted location preferred by the data owner. Thus, ensuring the security and confidentiality of the data while processing in the centralized network is very difficult. The secured key transmission between the sender and the receiver in the network is a huge challenge in managing most of the sensitive data transmission among the cloud network. Intruders are very active over the network like real authenticated user to hack the personal sensitive data, such as bank balance, health data, personal data, and confidential documents over the cloud network. In this research, a secured key agreement between the sender and the receiver using Kerberos authentication protocol with fingerprint is proposed to ensure security in M-Healthcare. Conditions of patients are monitored using wireless sensor devices and are then transferred to the server. Kerberos protocol helps in avoiding unnecessary communication of authenticated data over the cloud network. Biometric security process is a procedure with the best security in most of the authentication field. Trust node is responsible in carrying data packets from the sender to the receiver in the cloud network. The Kerberos protocol is used in trust node to ensure security. Secured communication between the local health center and the healthcare server is ensured by using a fingerprint feature called minutiae form, which refers to the fingerprint image of both sender and receiver. The computational and communicational cost of the proposed system is lesser when compared with other existing authentication methods.     

基于ARM的双界面IC卡读写器的设计与实现

为满足智能卡在银行、保险、医疗等管理系统的应用需求,设计了一款基于ARM的支持双界面智能卡的读写系统。采用具有ARM Cortex M3内核的STM32F103RBT6和近场通信收发器STRFNFCA等芯片进行相关的硬件设计。软件设计完成了对非接触式卡和接触式卡的底层驱动及应用层通信模块、LCD显示等操作;根据PBOC 2.0标准对智能卡进行金融交易包括圈存、消费、查余额等;同时,读卡器集成了Crypto 1加密算法来兼容市场上的Mifare系列卡。测试结果表明,读写系统性能稳定、功耗低、实用性强、可靠性高。