Analysis of Security Models For Smart Cards
|
|
- Karen Carter
- 5 years ago
- Views:
Transcription
1 Analysis of Security Models For Smart Cards Ganesh J Pai gpai@virginia.edu ECE Department, University of Virginia Abstract Smart cards are an old breed of ubiquitous embedded-computing devices that are increasingly gaining popularity for electronic business transactions. When these smart cards are used over networks that can be covertly snooped, such as the Internet, there is a potential threat to the security of these transactions. In this report, I describe and analyze security models for smart cards that are used for electronic commerce. An analysis of the security components of JavaCard technology, a relatively new software platform for running Java applications on smart cards, is also presented. I briefly introduce and analyze the concept of secure coprocessing and trusted co-servers which, when augmented with JavaCard, can guarantee security of electronic transactions. 1. Introduction Smart cards have been around for approximately 20 years but they have differed in their smarts over the years. Physically, it looks similar to a credit card, but differs from it by the way it stores and processes information. A smart card essentially has a microprocessor or a memory chip embedded in a rectangular plastic card. Those cards that have a memory chip alone can simply store information. Security logic is used to control access to the memory in the card. A microprocessor card, however, is more intelligent and offers read, write, calculating and information manipulating capabilities. One may think of a microprocessor card as an embedded computing device with IO capabilities, controlled by an operating system with security policies. Smart cards can have IO interfaces that are either contact based or contact-less. Contact smart cards need a smart card reader into which the cards are inserted. Contact-less smart cards, however, have an antenna embedded inside the card that enables communication with the reader without physical contact. All smart cards contain a persistent memory (ROM), a persistent but electrically mutable memory (EEPROM) and volatile memory (RAM). Smart cards and the Internet have co-operated to facilitate electronic banking and payment, and secure business-to-business (B2B) and business-to-consumer (B2C) e-commerce. Smart cards in conjunction with the GSM standard for mobile phones enable secure subscriber authentication, roaming facilities for mobile phones and secure value added mobile services [1]. Frequently, multiple applications can be stored on the card, enabling partnering of on card programs and pro-viding added convenience to the cardholder. In this report, I focus on the security aspect of such multifunctional smart cards used in electronic commerce. Clearly, if there is some way in which the information being passed between the parties doing business can be intercepted by an attacking party, there is a potential for fraud, theft and a compromise of privacy. There are two security aspects for smart cards first, at the level of the smart card itself, and secondly after information has left the smart card. This report looks primarily at security on the smart card. Section 2 describes a role and task based security model proposed by [2], and a formal - 1 -
2 security model for multifunctional smartcards suggested by [3]. In section 3, I present the JavaCard platform, which builds on the formal security model and allows applications written in a modified subset of the Java programming language, to run on smartcards. I briefly describe its elegant underlying security mechanism, and discuss potential disadvantages. Section 4 presents some conclusions of my analyses. 2. A Security Model for Smart Cards 2.1 A Role and Task Based Security Model The role and task-based (R&T) security model partitions the problem space into variables, rules and functions, on the variables, which allow the rules. The variables are expressed as sets of elements. At any time, there is a pre-defined universal set of which the active variables and authorized variables are subsets. It offers users, finer granularity in security levels and thus differs from the conventional models that offer either roles or tasks. Multiple applications are often desired on the same card to provide value addition to the cardholder. An oft-used (and a very real world 1 ) example in the literature is that of an electronic wallet application and another application that collaborates with the electronic wallet (for example, an application providing frequent flyer miles) that reside on the same card. In such multi-application cards, security between applications is desired. One would not want sensitive data being leaked among the applications residing on the same card, for want of the users and the application provider s right to privacy and informational self-determination i.e. secrecy and integrity among the applications should be guaranteed. If the application providers wish to add further levels of secrecy or protection to their data, the security model for the smart card should also guarantee these different levels of secrecy. A role and task-based model for interapplication security proposed by [2] while [3] present a more generalized but formal model for multi-applicative smart cards. 1 American Express Blue is a smart card that offers two applications on the same card for electronic money transactions In the smart card domain, the R&T model defines subjects, roles, tasks, procedures and objects as variables. Subjects are processes in the card, which are given tasks to perform in different roles. These are performed on objects using procedures. Tasks are hierarchical structures, while roles define how these tasks are done. A role task combination provides procedures which access well defined data objects stored on the card. The R&T model provides security levels that enforce policies and define how and what information is available to the procedures. The model permits a subject to have more than one role-task combination provided that these combinations are not mutually exclusive to each other. This implies that a subject can perform a newly added role-task combination if and only if this combination is not mutually exclusive with its already defined role-task combinations. This permits ease in authorization and revocation of roles and tasks for new user tasks. Thus, the concept fits very well with a smart card environment where one may want to add or remove applications on the card. The smart card operating system (SCOS) will act as the administrator in managing the security
3 between these new applications. Therefore according to the model, one may say Authorized _Roles (S i ) Roles (1) Active_Tasks (S i ) Tasks (2) Where Roles and Tasks are the universal sets of all possible roles and tasks that are allowed in the model, for subject S i. Such relations are defined for possible roletask combinations that could be active and authorized, as well as for procedures and objects. Sets for active and allowed access are also defined as tuples with subjects, the roletask combination and procedure-object pairs. Similarly, the model also provides rules for role and task authorization, task hierarchy, static and dynamic separation of duty and object access. These rules set role-task contexts for the subject. Procedures can execute only if there are role-task contexts authorized for the subject. These role- task contexts provide access to the data objects required by the procedures. In a nutshell, subjects cannot perform tasks in roles unless the tasks have been authorized for the subjects and the roles have been authorized for the tasks. A more detailed explanation of all the variables and rules is given in [2]. An example representation of multiple applications in the R&T model is as shown in Fig.1 Subjects = {Cardholder, Bank, Airline}, Tasks = {Money transfer, Banking, Ticket Purchase, Administrating}, Roles = {Electronic wallet holder, Credit Card holder, Airline Customer, Bank administrator}, Procedures = {Read, Write, Append, Delete, Create, Add}, Objects = {Name, Account #, Bank information, Cash, Credit Card #, Limits, Flyer Miles} Fig. 1: Possible variables in a multi-application R&T security model for a Smart card In this example, it is clear which subjects can use the card and what role-task combinations they would use to manipulate data objects. It is also clear that if the cardholder wishes to pay the airline by credit card, then the airline application should only be allowed read access to this data object. No other unrelated information should be accessible to the airline application. The R&T model facilitates this inter-application security with a role-task context. The rules and variables, which form the context along with transition functions, define a state-machine based model. The SCOS thus allows different applications residing on the same card to securely access select data objects and different services using an application based security framework A More Formal and Generic Security Model In [3] a similar but more formal security model is described. An operating system (for the smart card), which executes system calls, is modeled. The applications running in user mode on the card make these calls to the operating system running in supervisor mode. The formal model is a more generic abstraction, based on intransitive noninterference [5] and authentication [3], that allows for modeling security for other smart card architectures. In this model, it is assumed that the operating system calls are atomic. Further, it addresses the issues of secrecy between programs of different applications, secure communication between these applications and secure downloading of new code on to the smart card. The formal model appears to be very similar to the R&T security model. It builds on the Bell/LaPadula security model [6] and uses an access matrix of levels and categories to define the integrity and secrecy classification of data objects and subjects. Again, as in the - 3 -
4 R&T model, subjects are host applications while the objects are usually data files that need to be manipulated by the subjects. While the access matrix provides a disjoint set of access categories for multiple applications (effectively isolating them from one another), communication between collaborating applications is enforced using a channel program. One of the noteworthy goals achieved in the formal model is secure communication with the outside world. Again, with respect to the smart card domain, such secure communication channels are desired not only between applications on the same card, but also between the card reader and the card. Authentication for applications is included in the model. If a new application were to be added to the card for example, a hotel application that collaborates with the banking application and the airline application it would have to be digitally signed and authenticated with a key that is already known to the card. Obviously, if this were enforced, then malicious applications cannot be downloaded on the card after the card has been issued. Therefore, this model guarantees not only total isolation of multiple applications; it also ensures that communication between two applications is possible if and only if the channel program has been authenticated by all the applications that are communicating. A relation based on clearances for the subject expresses the security policy and the rights for a subject executing commands on the card. If we express the relation as ~> then A ~> B implies that a subject with clearance A can pass information to another subject with clearance B. The clearance of a subject is based on an access class, and the relation ~> is equivalent to saying that a subject with lower clearance can pass information to one with higher clearance but not vice-versa. The modification to this relation that is the basis for this intransitive formal model is that a subject with clearance A can only pass information to a subject with clearance B via C but not directly. In terms of the relation, this is specified as A ~> C and C ~> B but A ~/> B (3) That is, the two subjects cannot communicate directly, except through C. If C is the SCOS, then effectively, this model achieves what the R&T model does. The intransitivity concept is therefore simply D = dom (c) where a command c can be executed only if it has clearance D defined by function dom. Therefore, for achieving property (3) i.e. security, the final state after executing a command list from initial state and command c should be the same as the state after executing the new command list whose clearance is the clearance of the state obtained after execution of the initial command list from initial state, and the command c. The data structure used in implementing this security model is system state, which comprises the permanent smart card key, an authentication store and a file system. The authentication store is the mapping of authentication information to applications that exist on the card. The file system modeled is classification of directories. At the simplest level, this model may be viewed as an operating system domain controlling (creating or deleting) application domains. This control is exercised using a domain definition table set according to the property (3). The formal proof and a more detailed explanation of this model are found in [3]
5 3. The JavaCard Platform In this section, I describe and analyze the security component of JavaCard technology, a stripped down version of the Java platform that is used for deploying architecture independent applications on smart cards. The application development platform truly implements (with some variations), the formal security model described in the previous section. [7] describes JavaCard technology as one that defines a runtime environment that supports smart card memory, communication, security, and application execution. The JCRE (Java card runtime environment) conforms to the smart card international standard ISO required in the model explained in section 2.2, the JCRE ensures atomic operations and is responsible for the creation of transient and persistent objects. Applications developed in JavaCard have a very small software footprint. The Java Virtual Machine (JVM), the interpreter that interprets machine independent bytecode is implemented in the ROM of the smart card. The advantage of machine independent code is simply that applications can be developed to run irrespective of the architecture of the smart card computing hardware. Moreover, this code is portable unlike the code obtained using hardware-specific assembly language. The runtime environment provides a precise segregation of the smart card system and the applications that run on it, encapsulating the underlying complexity [7], [10]. Fig.2 shows the architecture of the JVM and the JCRE. The JCRE is essentially the SCOS and is responsible for managing the network communications, resources, application (deployed as applets) execution, and interapplication security. The JVM on the card is responsible for the execution of bytecode, low-level communication protocols, cryptographic support, and memory management. Detailed descriptions and explanations of the JavaCard architecture are provided in [7], [8], [10] and [11]. As was Fig. 2: JavaCard System Architecture [7] 3.1 Applet Firewalls Two packages javacard.security and javacardx.crypto provide interfaces for cryptographic classes, keys and can be used to compute signatures; message digests, and generate random data. An application or applet on the card is identified by an applet ID or AID. Further, a resource identifier (RID) is used so that, in conjunction with the AID, it can be used for unique identification of applications and data files in the card file system. Applet or application isolation is achieved using an applet firewall [7]. Essentially, protected object spaces known as contexts are defined for each applet when it runs. The firewall confines the applet to its context or designated area in the memory space. It acts as the boundary between two applications. When an applet instance is created, the JCRE assigns it a context. Multiple applet instances for the same application are assigned group contexts, as shown in Fig. 3
6 Besides this, the JCRE has its own context, with special privileges. The JCRE context can access objects in any other context but not vice-versa. Similarly, other contexts cannot access objects that are not local to their context. This is similar to what was described in the formal model. Further, the JCRE ensures that there is only one active context at any point of time. When an object is created, it is assigned the currently active context so that all applets local to that context can access this new object. When objects are accessed by applets, their owning context (the context they were assigned at creation) is compared with the currently active context. A mismatch raises an exception and access is denied. Therefore, if an object were created with owning context B (Fig. 3) then an applet in package-a may not access this object because the owning context and the active context are not the same. Comparing this example with the formal model, we see that this property is nothing but a disjoint set of access classes or parameters. This mechanism achieves one of the objectives set in the formal model secrecy and isolation of programs and objects of different applications. JavaCard also permits object sharing across contexts by establishing a secure communication channel between the two contexts, through the OS context, that is the JCRE context. 3.2 Secure Communication among Applets across Contexts. Object sharing across contexts is achieved using secure sharing mechanisms such as privileges, entry point objects and shareable interfaces. Yet, the applet s actions are always confined to its own assigned context. Fig.3: Applet Firewalls and Context Partitioning in JavaCard [7] When objects need to be shared, the JCRE performs context switches so that the object being accessed has the same context as its owning context. When a method that causes a context switch is invoked (usually a method of a JCRE entry point object) the context switched to, is the JCRE context. The method therefore executes in the JCRE context. The JCRE defines entry-point objects, which can be accessed by any applet. However, only public methods in the entry-point objects are accessible. These methods are the ones that are used by applets to request privileged SCOS services. Primitive data are shared by using predefined global arrays. Besides entrypoint objects JavaCard defines shareable interfaces. This is simply an interface that extends directly or indirectly [7] Objects that implement shareable interfaces are called sharable interface objects (SIO). Therefore, to share data, an object must define a shareable interface with set of methods declared as public. Applets then communicate or access data objects using the public methods defined in this shareable interface
7 The shared secret may be protected using public-key encryption. Essentially, the AID and the shared secret are used to set up a secure communication channel between the applets that need to share objects. An object may implement more than one SIO and again the authentication decides which SIO is to be exported. Fig 4: Shareable Interface mechanism Across the Firewall Now, if there are three objects A, B and C such that all have shareable interfaces but A can share with B alone, and B shares with A and C. Conceivably, if shareable interfaces allow A and B to share data objects, there is nothing to prevent B from sharing this with C. A might not want to share this data with C. (Fig.4) Nevertheless, shareable interfaces are implemented so that request of shareable interfaces always passes through the JCRE. This permits authentication to see if the two contexts should be allowed to share objects are not. The JCRE uses the AID associated with each applet to authenticate a SIO object request. This object request contains the SIO for the object requested. Presumably, the only way this is possible, is if the requesting application shares a secret with the application it is requesting an object from. This shared secret is used as a token to authenticate the requesting applet. Further, the object, whose SIO is being requested also checks the AID of the requesting applet to see if it is authorized to send the SIO to the requesting application. Thus, authentication is done with the help of a shared secret and the AID. Therefore, even if the shared secret is known by an intruding application, its AID is unique and differs from the AID of the authorized application. The security components and implementation of the shareable interface should ensure that every time that it is invoked, it should authenticate the invoking applet. The shareable interface model could also be thought of as a client-server model where the client requests a shareable interface from the server that authenticates it. 4. Conclusions This report primarily described and analyzed security models for multiple applications on smart cards. It has not looked at the issue of securing information once it has left the smart card. The formal model and the R&T based model for smart cards provided a framework with which a secure smart card operating system may be designed. The JavaCard platform is one such implementation that adheres to many of the features of the formal model. JavaCard prevents dynamic class loading, and makes type safety easy to enforce. One of the major security concerns that is not addressed by JavaCard is the scenario described earlier that of an applet sharing data obtained from one application with a third party, with which it shares information legally. This security problem boils down to one of trust between the two applications. Another possible security issue not addressed by JavaCard is native methods in downloaded code. This may expose the card to dangerous code that exists outside the applet firewalls
8 However the new JavaCard specifications offer bytecode verification and code signing using a key that will be used to authenticate download of new applets on the smart card. Secure co-processing and trusted co-servers, two concepts proposed in [4], may guarantee security for Java card transactions once information has left the smart card. In a nutshell, secure co-processing is the augmentation of a coprocessor to the main processor. This processor is made tamper resistant (both against logical and physical attacks) using hardware techniques. Trusted co-servers are used as third parties at web servers and prevent against insider attack. Secure co-processing and trusted co-servers provide some solutions to nonrepudiable authentication of clients, servers, client activity, server activity and electronic transaction security. References [1] What's so smart about Smart Cards? Gemplus Corporation. Accessed 28 Jan 2001 [2] K. Schier, "Multifunctional Smartcards for Electronic Commerce - Application of the Role and Task Based Security model", In Proc. of 14th Annual Computer Security Applications Conference, Dec [5] John Rushby, "Noninterference, Transitivity, and Channel-Control Security Policies", Technical Report SRI-CSL-92-02, December Accessed Jan 30, 2001 [6] D. E. Bell and L. J. LaPadula, Secure Computer Systems: Unified Exposition and Multics Interpretation, Technical Report ESD TR , The MITRE Corporation, March pdf - Accessed Jan 30, 2001 [7] Zhiqun Chen, Java Card TM Technology for Smart Cards: Architecture and Programmer's Guide, Addison-Wesley, 1st Ed. June [8] Java Card Technology, Sun Microsystems - Accessed Jan 30, [9] G. McGraw, E. Felton, Securing Java, John Wiley & Sons, 2nd Ed. January [10] M. Baentsch, et al., JavaCard From Hype to Reality, pp IEEE Concurrency Vol. 7, No. 4, October-December 1999 [11] Rinaldo Di Giorgio, Zhiqun Chen, Understanding Java Card 2.0, front/javacard/understandjc.htm - Accessed Jan 30, 2001 [3] P. Karger, G. Schellhorn, et al., Verification of a Formal Security Model for Multiapplicative Smart Cards, Research Report RC 21809, IBM Zurich Research Laboratory, July 2000 [4] Sean W. Smith, "WebALPS: Using Trusted Co-Servers to Enhance Privacy and Security of Web Interactions", Research Report RC 21851, IBM T J Watson Research Center, October
An Approach to the Generation of High-Assurance Java Card Applets
An Approach to the Generation of High-Assurance Java Card Applets Alessandro Coglio Kestrel Institute 3260 Hillview Avenue, Palo Alto, CA 94304, USA Ph. +1-650-493-6871 Fax +1-650-424-1807 http://www.kestrel.edu/
More informationJava Card Technology Overview
CHAPTER3 Java Card Technology Overview Java Card technology enables programs written in the Java programming language to run on smart cards and other resource-constrained devices. This chapter gives an
More informationSmart Card Operating Systems Overview and Trends
Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs Smart card A piece of plastic with a chip that contains: CPU, memories and programs SC is your personal information
More informationSMART CARDS. Miguel Monteiro FEUP / DEI
SMART CARDS Miguel Monteiro apm@fe.up.pt FEUP / DEI WHAT IS A SMART CARD Distinguishable characteristics Can participate in automated electronic transactions Used primarily to add security Not easily forged
More informationSmart Cards. Outline. José Costa Application Domains: Smart Cards. Software for Embedded Systems
Smart Cards José Costa Software for Embedded Systems Department of Computer Science and Engineering (DEI) Instituto Superior Técnico Adapted from the overheads for ASE 2009-2010 2011-05-02 José Costa (DEI/IST)
More informationSmart Cards. José Costa. Software for Embedded Systems. Departamento de Engenharia Informática (DEI) Instituto Superior Técnico
Smart Cards José Costa Software for Embedded Systems Departamento de Engenharia Informática (DEI) Instituto Superior Técnico 2015-11-09 José Costa (DEI/IST) Smart Cards 1 Outline Application Domains: Smart
More informationUSB Key as an active device of Security System
IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.10, October 2011 161 USB Key as an active device of Security System Mohammed Nasir Uddin 1, Selina Sharmin 2, Abu Hasnat
More informationJava Card Technology-based Corporate Card Solutions
Java Card Technology-based Corporate Card Solutions Jack C. Pan, Leader and Sr. Architect Hervé Garcia, Tech. Project Manager econsumer Emerging Technologies, Citibank Overall Presentation Goal The objectives
More informationSecurity Technologies for Dynamic Collaboration
Special Issue Advanced Technologies Driving Dynamic Collaboration Featuring System Technologies Security Technologies for Dynamic Collaboration By Hiroshi MIYAUCHI,* Ayako KOMATSU, Masato KAWATSU and Masashi
More informationA Remote Biometric Authentication Protocol for Online Banking
International Journal of Electrical Energy, Vol. 1, No. 4, December 2013 A Remote Biometric Authentication Protocol for Online Banking Anongporn Salaiwarakul Department of Computer Science and Information
More informationHitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip
Hitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip Suitable for multi-purpose multi-application smart cards in the fields such as
More informationEAP-TLS Smartcards, from Dream to Reality
s, from Dream to Reality 1 Pascal Urien, 1 Mohamad Badra, 2 Mesmin Dandjinou 1-ENST Paris, 2-Université Polytechnique de Bobo-Dioulasso, Burkina Faso. Pascal.Urien@enst.fr, badra@enst.fr, mesmin.dandjinou@voila.fr
More informationThe security mechanisms of Java
The security mechanisms of Java Carlo U. Nicola, SGI FHNW With extracts from publications of : Sun developers' center documentation; David A. Wheeler, UC Berkeley; Klaus Ostermann, TH-Darmstadt. Topics
More informationJava Card 3 Platform. Peter Allenbach Sun Microsystems, Inc.
Java Card 3 Platform Peter Allenbach Sun Microsystems, Inc. Agenda From plastic to Java Card 3.0 Things to know about Java Card 3.0 Introducing Java Card 3.0 Java Card 3.0 vs. Java SE Java Card 3.0 vs.
More informationSIM Smart Card Overview
SIM Smart Card Overview Smart Card Introduction 2 Java Card Java Card Based SIM Development Environment Service Examples 3 Smart Cards? A smart card is a plastic card that contains an embedded integrated
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationAccess control models and policies. Tuomas Aura T Information security technology
Access control models and policies Tuomas Aura T-110.4206 Information security technology 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline 2 ACCESS CONTROL 3 Access control
More informationStrategies for the Implementation of PIV I Secure Identity Credentials
Strategies for the Implementation of PIV I Secure Identity Credentials A Smart Card Alliance Educational Institute Workshop PIV Technology and Policy Requirements Steve Rogers President & CEO 9 th Annual
More informationA Type System for Checking Applet Isolation in Java Card
A Type System for Checking Applet Isolation in Java Card Peter Müller ETH Zürich Joint work with Werner Dietl and Arnd Poetzsch-Heffter Applet Isolation 2 Applet Context 1 Firewall Applet Context 2 SIO
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationSmart Cards in Hostile Environments
Carnegie Mellon University Computer Science technical report CMU-CS-95-188 Smart Cards in Hostile Environments Howard Gobioff Sean Smith J. D. Tygar September 14, 1995 CMU-CS-95-188 School of Computer
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2013 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationAccess control models and policies
Access control models and policies Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 1. Access control 2. Discretionary AC 3. Mandatory AC 4. Other AC models Outline
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationIBM Payment Gateway for AIX, Version 2 Adds Major Functions to Financial Institutions Processing Transactions for Internet Commerce
Software Announcement February 1, 2000 IBM Payment Gateway for AIX, Version 2 Adds Major Functions to Financial Institutions Processing Transactions for Internet Commerce Overview Payment Gateway for AIX,
More informationTHE IMPACT OF E-COMMERCE ON DEVELOPING A COURSE IN OPERATING SYSTEMS: AN INTERPRETIVE STUDY
THE IMPACT OF E-COMMERCE ON DEVELOPING A COURSE IN OPERATING SYSTEMS: AN INTERPRETIVE STUDY Reggie Davidrajuh, Stavanger University College, Norway, reggie.davidrajuh@tn.his.no ABSTRACT This paper presents
More informationPaul A. Karger
Privacy and Security Threat Analysis of the Federal Employee Personal Identity Verification (PIV) Program Paul A. Karger karger@watson.ibm.com Outline Identify specific problem with FIPS 201 Problem of
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationOpenbankIT: a banking platform for e- money management based on blockchain technology
OpenbankIT: a banking platform for e- money management based on blockchain technology Dr. Pavel Kravchenko, Sergiy Vasilchuk, Bohdan Skriabin pavel@distributedlab.com, vsv@atticlab.net, bohdan@distributedlab.com
More informationAnnex 2 to the Agreement on Cooperation in the Area of Trade Finance & Cash Management Terms and Conditions for Remote Data Transmission
Annex 2 to the Agreement on Cooperation in the Area of Trade Finance & Cash Management Terms and Conditions for Remote Data Transmission 1. Scope of services (1) The Bank is available to its Customer (account
More informationSmartcards. ISO 7816 & smartcard operating systems. Erik Poll Digital Security Radboud University Nijmegen
Smartcards ISO 7816 & smartcard operating systems Erik Poll Digital Security Radboud University Nijmegen 1 Standard for contact smartcards ISO7816 7816-1 Physical characteristics 7816-2 Dimension & size
More informationIntroduction to Databases
Introduction to Databases Matthew J. Graham CACR Methods of Computational Science Caltech, 2009 January 27 - Acknowledgements to Julian Bunn and Ed Upchurch what is a database? A structured collection
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More informationE M S C B Milestone No. I Secure Linux Hard-Disk Encryption REQUIREMENTS SPECIFICATION
E M S C B Milestone No. I Secure Linux Hard-Disk Encryption REQUIREMENTS SPECIFICATION based on European Multilaterally Secure Computing Base (EMSCB) Abstract: The aim of this EMSCB-based security service
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationVerification of a Formal Security Model for Multiapplicative Smart Cards
Verification of a Formal Security Model for Multiapplicative Smart Cards Gerhard Schellhorn 1, Wolfgang Reif 1, Axel Schairer 2, Paul Karger 3, Vernon Austel 3, and David Toll 3 1 Universität Augsburg,
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationDesign and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet
Design and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet Hao Zhao, Sead Muftic School of Information and Communication Technologies (ICT) Royal Institute of Technology
More informationEpsonNet ID Print Authentication Print Module Security Target Ver1.11
EpsonNet ID Print Print Module Security Target Version 1.11 2008-06-24 SEIKO EPSON CORPORATION This document is a translation of the evaluated and certified security target written in Japanese. SEIKO EPSON
More informationSecurity Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets
Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets TABLE OF CONTENTS 1 SCOPE OF DOCUMENT... 1 2 INTRODUCTION... 1 3 SECURITY LEVELS... 1 3.1 CRYPTOGRAPHIC MODULE SPECIFICATION...
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationSecure Application Trend in Smartphones. STMicroelectronics November 2017
Secure Application Trend in Smartphones STMicroelectronics November 2017 A global semiconductor leader 2016 revenues of $6.97B Listed: NYSE, Euronext Paris and Borsa Italiana, Milan Who We Are 2 Research
More informationSmart Card ICs. Dr. Kaushik Saha. STMicroelectronics. CSME 2002 (Chandigarh, India) STMicroelectronics
Smart Card ICs Dr. Kaushik Saha STMicroelectronics CSME 2002 (Chandigarh, India) STMicroelectronics ST Products & Solutions Agenda Smart cards market overview Issues in the Smartcard Business ST Solutions
More informationDiscretionary Vs. Mandatory
Discretionary Vs. Mandatory Discretionary access controls (DAC) Privilege propagated from one subject to another Possession of an access right is sufficient to access the object Mandatory access controls
More informationIssues of Operating Systems Security
ECAI 2007 - International Conference Second Edition Electronics, Computers and Artificial Intelligence 29 th 30 th June, 2007, Piteşti, ROMÂNIA Issues of Operating Systems Security Academy of Economic
More informationA SMART CARD BASED PREPAID ELECTRICITY SYSTEM. M. Wassim Raad 1, Muhammad Sallout 2
A SMART CARD BASED PREPAID ELECTRICITY SYSTEM M. Wassim Raad 1, Muhammad Sallout 2 1 Computer Engineering Department, King Fahd University of Petroleum and Minerals, Dhahran 31261, Saudi Arabia mwraad@ccse.kfupm.edu.sa
More informationSecurity Target Lite ProxSIM Taurus
Security Target Lite ProxSIM Taurus Version 1.0/ Status 13.05.2011 Giesecke & Devrient GmbH Prinzregentenstr. 159 Postfach 80 07 29 D-81607 München Copyright 2011 by Giesecke & Devrient GmbH Prinzregentenstr.
More informationAdvances with Osaifu-Keitai Starting Services Supporting NFC (Type A/B) on NTT DOCOMO UIM Cards. contactless IC cards that is being adopted
Type A/B GP TSM Advances with Osaifu-Keitai Starting Services Supporting NFC (Type A/B) on NTT DOCOMO UIM Cards The Osaifu-Keitai service currently being provided in Japan is based on the FeliCa *1 mobile
More informationMobile MasterCard. PayPass User Interface Application Design Guide. User Experience, Use Cases, Screen Layouts and Design. Version 1.
Mobile MasterCard PayPass User Interface Application Design Guide Version 1.0 September 2011 User Experience, Use Cases, Screen Layouts and Design How to use this document 3 Core 4 Extended This document
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationSecure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM
Secure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM Rohini Vidhate, V. D. Shinde Abstract With the rapid developments occurring in cloud computing and services, there has been
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationDistributed Computing Environment (DCE)
Distributed Computing Environment (DCE) Distributed Computing means computing that involves the cooperation of two or more machines communicating over a network as depicted in Fig-1. The machines participating
More informationJSM: A small Java Processor Core for Smart Cards and Embedded Systems
JSM: A small Java Processor Core for Smart Cards and Embedded Systems, Hagen Ploog, Nico Bannow,Dirk Timmermann Outline Goals Smart cards Java on smart cards Design and Functionality of Java processor
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationAccess Control. Discretionary Access Control
Access Control Discretionary Access Control 1 Outlines Access Control Discretionary Access Control (DAC) Mandatory Access Control (MAC) Role-Based Access Control (RBAC) 2 Access Control Access control
More informationINFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council
Use of SSL/Early TLS for POS POI Terminal Connections Date: Author: PCI Security Standards Council Table of Contents Introduction...1 Executive Summary...1 What is the risk?...1 What is meant by Early
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationegov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO
egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO e-government Survey 2014 United Nations Page 2 EGDI: E-Government Development Index National ID & Digital Signature Estonian Prime Minister Andrus Ansip
More informationLoad-Time Security Certification for Real Smart-Cards
Load-Time Security Certification for Real Smart-Cards Olga Gadyatskaya joint work with F.Massacci, E.Lostal (University of Trento, Italy) Evaluation by B. Chetali, Q-H. Nguyen TrustedLabs/Gemalto (FR)
More informationJavaOS. David Burhans 2/3/2003 CS384 Dr. Taylor
JavaOS David Burhans 2/3/2003 CS384 Dr. Taylor Table of Contents JavaOS... 1 Table of Contents...i Table of Figures...ii Background... 1 Java... 1 Bytecode... 2 JavaOS... 2 Supported Computing Models...
More informationAccess Control Models
Access Control Models Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu Access Control Models Access Control to regulate
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationStrong Authentication for Web Services using Smartcards
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2009 Strong Authentication for Web Services using Smartcards D S. Stienne
More informationAuthoring and Maintaining of Educational Applications on the Web
Authoring and Maintaining of Educational Applications on the Web Denis Helic Institute for Information Processing and Computer Supported New Media ( IICM ), Graz University of Technology Graz, Austria
More informationPractical Java Card bytecode compression 1
RENPAR 14 / ASF / SYMPA Practical Java Card bytecode compression 1 Gabriel Bizzotto Gilles Grimaud LIFL, Universite de Lille 1 Gemplus Research Lab bizzotto@dea.lifl.fr grimaud@lifl.fr Abstract Our work
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationUNIT I. Introduction
UNIT I Introduction Objective To know the need for database system. To study about various data models. To understand the architecture of database system. To introduce Relational database system. Introduction
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationTowards a uniform solution to identity theft
Towards a uniform solution to identity theft November 2006 (V2.1) Lockstep Technologies www.lockstep.com.au Everybody s talking about identity theft. And many banks and other institutions are doing something
More informationOutline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution
Outline V22.0202-001 Computer Systems Organization II (Honors) (Introductory Operating Systems) Lecture 21 Language-Based Protection Security April 29, 2002 Announcements Lab 6 due back on May 6th Final
More informationWhat is a VM? Categories of Virtual Machines. Process Virtual Machine 11/17/2010
What is a VM? Virtual Machines COMP755 An efficient, isolated duplicate of a real machine Current use includes virtual machines which have no direct correspondence to any real hardware Categories of Virtual
More informationSection 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016
Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect
More informationCh 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated
Ch 9: Mobile Payments CNIT 128: Hacking Mobile Devices Updated 4-24-17 Current Generation Scenarios Mobile banking apps NFC-based or barcode-based payment apps used by consumers to purchase goods Premium-rated
More informationUntraceable Nym Creation on the Freedom 2.0 Network
Russell Samuels Ed Hawco November 1, 2000 Untraceable Nym Creation on the Freedom 2.0 Network Version 2.0 This whitepaper, targeted at users with a basic understanding of Freedom, describes the Freedom
More informationIMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP
IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP North America Latin America Europe 877.224.8077 info@coalfire.com coalfire.com Coalfire sm and CoalfireOne sm are registered service
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationETSI TS V6.1.0 ( )
TS 102 224 V6.1.0 (2004-12) Technical Specification Smart cards; Security mechanisms for UICC based Applications - Functional requirements (Release 6) 2 TS 102 224 V6.1.0 (2004-12) Reference RTS/SCP-R0282r1
More informationEnforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy
Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy 2008 Cisco Systems, Inc. All rights reserved. 1 1 The PCI Data Security
More informationSecure Object Sharing in Java Card
Secure Object Sharing in Java Card Michael Montgomery Austin Product Center Schlumberger Austin, TX 78726 mmontgomery@slb.com Ksheerabdhi Krishna Austin Product Center Schlumberger Austin, TX 78726 kkrishna@slb.com
More informationSpecification of a transacted memory for smart cards in Java and JML
Specification of a transacted memory for smart cards in Java and JML Erik Poll University of Nijmegen, NL Pieter Hartel Eduard de Jong Joint work with University of Twente Sun Microsystems Transacted Memory
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationLearning Outcomes. Extended OS. Observations Operating systems provide well defined interfaces. Virtual Machines. Interface Levels
Learning Outcomes Extended OS An appreciation that the abstract interface to the system can be at different levels. Virtual machine monitors (VMMs) provide a lowlevel interface An understanding of trap
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationLecture 9 User Authentication
Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block
More informationIdentification and Verification of Security Relevant Functions in Embedded Systems Based on Source Code Annotations and Assertions
Identification and Verification of Security Relevant Functions in Embedded Systems Based on Source Code Annotations and Assertions Johannes Loinig 1, Christian Steger 1, Reinhold Weiss 1, and Ernst Haselsteiner
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More information