Abstract
The executions of operating system services based on smart cards allow one to personalize some functionalities of the operating system by using the secret information stored in a smart card and the basic computations that a smart card can perform. However, current solutions for integrating smart card features in operating system services require at least a partial execution of the operating system functionalities at “user level”. Such executions decrease the security and the performance of the system as they are less robust compared to the kernel-level ones.
In this paper we present the design and implementation of SmartK, a kernel module that integrates directly in the Linux kernel the support of smart cards. The use of SmartK allows one to securely personalize an operating system service still maintaining its execution at kernel level.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, R.: TCPA Frequently Asked Questions (2003), http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
Arbaugh, W., Farber, D., Smith, J.: A Secure and Reliable Bootstrap Architecture. In: Proc. of IEEE Symposium on Security and Privacy 1997, pp. 65–71 (1997)
Beattie, S.M., Black, A.P., Cowan, C., Pu, C., Yang, L.P.: CryptoMark: Locking the Stable door ahead of the Trojan Horse. White Paper, WireX Communications Inc (2000)
Catuogno, L., Visconti, I.: An Architecture for Kernel-Level Verification of Executables at Run Time. The Computer Journal 47(5), 511–526 (2004)
Bovet, D.P., Cesati, M.: Understanding the Linux Kernel, 2nd edn. O’Reilly Associates, Inc., Sebastopol (2002)
Corcoran, D.: PC/SC lite API version 1.1.1 (1999), http://www.linuxnet.com
Telekom, D., et al.: Application Independent Card Terminal Application Programming Interface for ICC Applications (1998)
Gaskell, G., Looi, M.: Integrating Smart Cards Into Authentication Systems. Cryptography: Policy and Algorithms, pp. 270–281 (1995)
The International Organization for Standardization and The International Electrotechnical Commission, ISO/IEC 7816 parts 1-4: Information technology - Identification cards - Integrated circuit(s) cards with contacts (1995)
Itoi, N., Arbaugh, W.A., Pollack, S.J., Reeves, D.M.: Personal secure booting. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 130–144. Springer, Heidelberg (2001)
Itoi, N., Honeyman, P., Rees, J.: SCFS: A UNIX Filesystem for Smartcards. In: Proc. of the First USENIX Workshop on Smartcard Technology, pp. 107–118 (1999)
Neuman, B.C., Ts’o, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Communications 32(9), 33–38 (1994)
Kohl, B., Kohl, B., Neuman, C., T’so, T.Y.: The Evolution of the Kerberos Authentication System. In: Distributed Open Systems, pp. 78–94. IEEE Computer Society Press, Los Alamitos (1994)
Microsoft Corporation (2003), Security Model for the Next-Generation Secure Computing Base, http://www.microsoft.com
MUSCLE (Movement for the use of smart cards in a Linux Environment), http://www.linuxnet.com
Opencard Consortium, OpenCard Framework, General Information Web Document (1998), http://www.opencard.org
Patil, S., Kashyap, A., Sivathanu, G., Zadok, E.: I3FS an In-Kernel Integrity Checker and Intrusion Detection File System. In: Proceedings of the 18th USENIX Large Installation System Administration Conference (LISA 2004) (2004)
PC/SC workgroup, Presentation of the Interoperability specification for ICCs and Personal Computer System (PC/SC) Revision 1.0, parts 1-8. (1997), http://www.pcscworkgroup.com/
PC/SC workgroup, Presentation of the Interoperability specification for ICCs and Personal Computer System (PC/SC), Revision 2.0. White Paper (1999), http://www.pcscworkgroup.com/
Rees, J., Honeyman, P.: Webcard: a Java Card Web Server. In: Proc. of CARDIS 2000, pp. 197–208 (2000)
RSA Security Inc., PKCS11: Cryptographic Token Interface Standard v.2.20 (2004), http://www.rsasecurity.com/
RSA Security Inc., PKCS15: Cryptographic Token Information Format Standard v.1.1 (2000), http://www.rsasecurity.com/
Rubini, A., Corbet, J.: Linux Device Drivers, 2nd edn. O’Reilly Associates, Inc., Sebastopol (2001)
Schoen, S.: Trusted Computing: Promise and Risk, Report of Electronic Frontier Foundation (2003), http://www.eff.org
Stallman, R.: Can you trust your computer (2002), http://www.gnu.org/philosophy/can-you-trust.html
Trusted Computing Group, TCG Specification Architecture Overview (2004)
van Doorn, L., Ballintijn, G., Arbaugh, W.A.: Signed Executables for Linux. University of Maryland Technical Report CS-TR-4259 (2001)
Zadok, E.: Stackable File System as a Security Tool. CS dept. Columbia University Technical Report CUCS-036-99 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Catuogno, L., Gassirà, R., Masullo, M., Visconti, I. (2005). Securing Operating System Services Based on Smart Cards. In: Katsikas, S., López, J., Pernul, G. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2005. Lecture Notes in Computer Science, vol 3592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11537878_32
Download citation
DOI: https://doi.org/10.1007/11537878_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28224-2
Online ISBN: 978-3-540-31796-8
eBook Packages: Computer ScienceComputer Science (R0)