Skip to main content
SpringerLink
Log in

Verifying Extended Criteria for the Interoperability of Security Devices

  • Conference paper
On the Move to Meaningful Internet Systems: OTM 2008 (OTM 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5332))

Abstract

In the next years, smart cards are going to become the main personal identification document in many nations. In particular, both Europe and United States are currently working to this aim. Therefore, tens of millions of smart cards, based on hardware devices provided by many different manufacturers, will be distributed all over the world, and used in particular to accomplish the security tasks of electronic authentication and electronic signature. In this context, the so called Common Criteria define the security requirements for digital signature devices. Unfortunately, these criteria do not address any interoperability issue between smart cards of different manufacturers, which usually implement digital signature process in still correct but slightly different ways.

To face the interoperability problem, we realized a complete testing environment whose core is the Crypto Probing System ©Nestor Lab, an abstract interface to a generic cryptographic smart card, embedding a standard model of the correct card behavior, which can be used to test the digital signature process behavior, also in the presence of alternate or disturbed command sequences, in conjunction with automatic verification techniques such as model checking. The framework allows to verify abstract behavior models against real smart cards, so it can be used to automatically verify the Common Criteria as well as the extended interoperability criteria above and many other low-level constraints. In particular, in this paper we show how we can verify that the card, in the presence of a sequence of (partially) modified commands, rejects them without any side effect, remaining usable, or accepts them, generating a correct final result.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CEN: TC224 WG15

    Google Scholar 

  2. D.M. S.O. n. 229 della G.U. 261 del 9/11/2007 Regole tecniche della Carta d’identita elettronica (Technical Rules for the Eletronic Identity Card) (November 8, 2007)

    Google Scholar 

  3. Common Criteria for Information Technology Security Evaluation (September 2006)

    Google Scholar 

  4. CEN WORKSHOP AGREEMENT: Cwa 14169 (March 2004)

    Google Scholar 

  5. Leroy, X.: Computer security from a programming language and static analysis perspective. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 1–9. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Toll, D.C., Weber, S., Karger, P.A., Palmer, E.R., McIntosh, S.K.: Tooling in Support of Common Criteria Evaluation of a High Assurance Operating System. IBM Thomas J. Watson Research Center Report (2008)

    Google Scholar 

  7. Chapman, R.: Correctness by construction: a manifesto for high integrity software. In: SCS 2005: Proceedings of the 10th Australian workshop on Safety critical systems and software, pp. 43–46. Australian Computer Society, Inc. (2006)

    Google Scholar 

  8. CMurphi Web Page, http://www.di.univaq.it/gdellape/murphi/cmurphi.php

  9. Michael, C., Radosevich, W.: Black box security testing tools. Cigital (2005)

    Google Scholar 

  10. Della Penna, G., Intrigila, B., Melatti, I., Tronci, E., Venturini Zilli, M.: Integrating ram and disk based verification within the Murϕ verifier. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 277–282. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  11. Della Penna, G., Intrigila, B., Melatti, I., Minichino, M., Ciancamerla, E., Parisse, A., Tronci, E., Venturini Zilli, M.: Automatic verification of a turbogas control system with the Murϕ verifier. In: Maler, O., Pnueli, A. (eds.) HSCC 2003. LNCS, vol. 2623, pp. 141–155. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Melatti, I., Palmer, R., Sawaya, G., Yang, Y., Kirby, R.M., Gopalakrishnan, G.: Parallel and distributed model checking in eddy. In: Valmari, A. (ed.) SPIN 2006. LNCS, vol. 3925, pp. 108–125. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nestor Lab, University of Roma “Tor Vergata”, Italy

    Maurizio Talamo, Franco Arcieri & Andrea Dimitri

  2. Department of Computer Science, University of L’Aquila, Italy

    Giuseppe Della Penna & Daniele Magazzeni

  3. Department of Mathematics, University of Roma “Tor Vergata”, Italy

    Maurizio Talamo & Benedetto Intrigila

Authors
  1. Maurizio Talamo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Franco Arcieri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Giuseppe Della Penna
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrea Dimitri
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Benedetto Intrigila
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Daniele Magazzeni
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STARLab, Vrije Universiteit Brussel (VUB),, Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. School of Computer Science and Information Technology, RMIT University, Bld 10.10, 376-392 Swanston Street, VIC 3001, Melbourne,, Australia

    Zahir Tari

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Talamo, M., Arcieri, F., Della Penna, G., Dimitri, A., Intrigila, B., Magazzeni, D. (2008). Verifying Extended Criteria for the Interoperability of Security Devices. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems: OTM 2008. OTM 2008. Lecture Notes in Computer Science, vol 5332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88873-4_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88873-4_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88872-7

  • Online ISBN: 978-3-540-88873-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation