Abstract
This paper presents an authentication protocol for high-assurance smart card operating systems that support download of mutually suspicious applications. Such a protocol is required to be part of the operating system, rather than the traditional smart card approach of allowing applications to do authentication, because strong authentication is essential for the operating system to protect one application from another. The protocol itself is based on the existing IKE protocol [13], used for authentication in IPSEC. What is new is the integration of an IKE-like protocol with authentication of mandatory secrecy and integrity access controls, the recognition that a single PKI-hierarchy cannot certify identity and all possible mandatory access rights, and the use of IKE to resolve privacy problems found in existing smart card authentication protocols.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Antipa, A., Brown, D., Menezes, A., Struik, R., Vanstone, S.: Validation of elliptic curve public keys. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 211–223. Springer, Heidelberg (2002)
Application interface for smartcards used as secure signature creation devices: Part 1 - basic requirements. Technical Report CEN/ISSS WS/E-Sign Draft CWA Group K Version 1.05, Secretariat: DIN Deutsches Institut für Normung e.V, Berlin, May 7 (2003)
Bell, D.E., LaPadula, L.J.: Computer security model: Unified exposition and multics interpretation. Technical Report ESD–TR–75–306, The MITRE Corporation, Bedford, MA, USA, HQ Electronic Systems Division, Hanscom AFB, MA, USA (June 1975), http://csrc.nist.gov/publications/history/bell76.pdf
Biba, K.J.: Integrity considerations for secure computer systems. Technical Report ESD–TR–76–372, The MITRE Corporation, Bedford, MA, USA, HQ Electronic Systems Division, Hanscom AFB, MA, USA (April 1977)
Canetti, R., Krawczyk, H.: Security analysis of IKE’s signature-based keyexchange protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)
Chipcards with digital signature application/function according to SigG and SigV - part 1: Application interface. Technical Report DIN V66291-1, Secretariat: DIN Deutsches Institut für Normung e.V, Berlin, December 15 (1998)
Chipcards with digital signature application/function according to SigG and SigV - part 4: Basic security services. Technical Report DIN V66291-4, Secretariat: DIN Deutsches Institut für Normung e.V, Berlin, October 17 (2000)
Common security label (CSL). Technical Report MIL-STD-2045-48501, Joint Interoperability and Engineering Organization (JIEO), Fort Monmouth, NJ, January 25 (1995)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)
DOD 5200.28-STD, Department of Defense, Washington, DC, USA. Department of Defense Trusted Computer System Evaluation Criteria (December 1985), http://csrc.nist.gov/publications/history/dod85.pdf
Ellis, J.H.: The story of non-secret encryption. Technical report, Communications- Electronics Security Group (CESG), Cheltenham, UK (1987), http://www.cesg.gov.uk/publications/media/nsecret/ellis.pdf
Girard, P.: Which security policy for multiapplication smart cards? In. In: Proceedings of the USENIX Workshop on Smartcard Technology, Chicago, IL, pp. 21–28 (1999); The USENIX Association
Harkins, D., Carrel, D.: The internet key exchange (IKE). Technical Report RFC2409 (November 1998), ftp://ftp.rfc-editor.org/in-notes/rfc2409.txt
Information technology - identification cards - integrated circuit(s) cards with contacts - part 3: Electronic signals and transmission protocols. Technical Report ISO/IEC 7816-3:1997(E), International Organization for Standardization, Genève, September 18 (1997)
Information technology - identification cards - integrated circuit(s) cards with contacts - part 4: Inter-industry commands for interchange. Technical Report ISO/IEC 7816-4, International Standards Organization, Genève (1995)
Information technology - identification cards - integrated circuit(s) cards with contacts - part 15: Cryptographic information application. Technical Report ISO/IEC CD 7816-15, draft edition, International Organization for Standardization, Genève (2001)
Information technology - security techniques – evaluation criteria for it security – parts 1, 2, and 3. Technical Report ISO/IEC 15408-1, -2, and -3, International Organization for Standardization, Genève (1999)
Information technology - security techniques - entity authentication - part 3: Mechanisms using digital signature techniques. Technical Report ISO/IEC 9798-3, International Organization for Standardization, Genève, October 15 (1998)
Information technology - security techniques - key management - part 3: Mechanisms using asymetric techniques. Technical Report ISO/IEC 11770-3, International Organization for Standardization, Genève, November 1 (1999)
Karger, P.A.: The lattice security model in a public computing network. In: ACM 78: Proceedings 1978 Annual Conference, Washington, DC, USA, December 4–6, vol. 1, pp. 453–459 (1978); Association for Computing Machinery
Karger, P.A.: Multi-organizational mandatory access controls for commercial applications. Technical Report RC 21673 (97655), IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, February 22 (2000), http://domino.watson.ibm.com/library/CyberDig.nsf/home
Karger, P.A., Austel, V.R., Toll, D.C.: A new mandatory security policy combining secrecy and integrity. Technical Report RC 21717 (97406), IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, March 15 (2000), http://domino.watson.ibm.com/library/CyberDig.nsf/home
Karger, P.A., Austel, V.R., Toll, D.C.: Using a mandatory secrecy and integrity policy on smart cards and mobile devices. In: EUROSMART Security Conference, Marseilles, France, June 13–15, pp. 134–148 (2000)
Karger, P.A., Austel, V.R., Toll, D.C.: Using mandatory secrecy and integrity for business to business applications on mobile devices. In: Workshop on Innovations in Strong Access Control, Naval Postgraduate School, Monterey, CA, September 25-27 (2000) (published on CD-ROM), http://www.acsac.org/sac-tac/wisac00/wed0830.karger.pdf
Krawczyk, H.: SIGMA: the ’SIGn-and-MAc’ approach to authenticated diffiehellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 399–424. Springer, Heidelberg (2003)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: keyed-hashing for message authentication. Technical Report RFC-2104 (February 1997), http://www.faqs.org/ftp/rfc/rfc2104.txt
Lim, C.H., Lee, P.J.: A key recovery attack on discrete log-based schemes using a prime order subgroup. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 249–263. Springer, Heidelberg (1997)
Public key cryptography for the financial services industry, key agreement and key transport using elliptic curve cryptography. Technical Report X9.63-2001, American National Standards Institute, ANSI (2001)
Schellhorn, G., Reif, W., Schairer, A., Karger, P., Austel, V., Toll, D.: Verification of a formal security model for multiapplicative smart cards. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 17–36. Springer, Heidelberg (2000)
Standard security label for information transfer. Technical Report FIPS PUB 188, National Institute of Standards and Technology, Gaithersburg, MD, September 6 (1994)
Technical rationale behind CSC-STD-003-85: Computer security requirements – guidance for applying the department of defense trusted computer system evaluation criteria in specific environments. Technical Report CSC-STD-004-85, DoD Computer Security Center, Fort George G. Meade, MD, June 25 (1985)
Wiemers, A.: Kommentare zu application interface for smart cards used as secure signature creation devices, part 1 - basic requirements version 0.14 February 28, 2003 (in German). Technical report, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, March 14 (2003)
Williamson, M.J.: Thoughts on cheaper non-secret encryption. Technical report, Communications-Electronics Security Group (CESG), Cheltenham, UK, August 10 (1976), http://www.cesg.gov.uk/publications/media/nsecret/cheapnse.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Scherzer, H., Canetti, R., Karger, P.A., Krawczyk, H., Rabin, T., Toll, D.C. (2003). Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card. In: Snekkenes, E., Gollmann, D. (eds) Computer Security – ESORICS 2003. ESORICS 2003. Lecture Notes in Computer Science, vol 2808. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39650-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-39650-5_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20300-1
Online ISBN: 978-3-540-39650-5
eBook Packages: Springer Book Archive