Cryptographic authentication protocols for smart cards
Jean-jacques Quisquater2001, Computer Networks
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Today, cryptology is essential for security of information and communication systems. But 25 years ago, it was a classi®ed and highly con®dential activity. Presented here from the point of view of smart cards, this quick evolution of cryptology re¯ects the revolution of digital information, e.g., mobile phone and MPEG television. The link between smart cards and cryptology is very strong: smart cards eciently con®ne keys and algorithms. Their security relies on a speci®c software, named here secure-ware, which demonstrates the value of the Common Criteria methodology. Ó
Figures (2)
Key takeaways
- The unique secret key of each M4 card results from diversifying a master key according to the card's serial number.
- The TELEPASS1 algorithm enables dynamic card authentication using security modules (see Fig. 3).
- In each PC0 card, a hierarchy appears between the card's unique key and up to 20 operation keys with associated rights.
- The card used today is the PC2 card which continues the family of access control cards initiated by PC0.
- An RSA authentication using a 512-bit modulus, product of three primes of similar size, and a GQ1 authentication using a 768-bit modulus represent the same claimant workload: approximately 75 multiplications modulo a 512-bit number.
Related papers
Cryptography on smart cards
Computer Networks, 2001
This article presents an overview of the cryptographic primitives that are commonly implemented on smart cards. We also discuss attacks that can be mounted on smart cards as well as countermeasures against such attacks. Ó
Secure Smart-card Technologies used in e-Commerce
SAMPLE DEVELOPMENT ON JAVA SMART-CARD …
Effective Authentication Mechanisms for Mobile Devices :Smartcard(SMCA,BSCA)
2011
This is an era of mobile communications and computing where mobiles are being used in place of traditional computers. Mobile devices are small, handy devices that can be carried around by the user very easily. A user holding the mobile device will have access to the information even at the places where no internet terminal is available. Due to this reason, they are heavily being used in the business environment in managing application, e-mail correspondence, accessing the remote corporate data, handling voice calls, etc. But the mobile devices are still lack-in most important security features such as user authentication, content encryption, virus protection, confidentiality, integrity, etc. The sensitive information stored in the mobile devices is not secure (can be accessed by an unauthorized user). Mobile device poses limited storage and processing power, and the low battery-power. It is also tedious to implement the cryptographic algorithms on mobile devices because they need he...
Smart Cards and Mobile Device Authentication: An Overview and Implementation
NIST, NISTIR, 2005
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Interagency Report discusses ITL's research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.
A study on the application of Elliptic-Curve cryptography in implementing smart cards
ijmer.com
Elliptic curve cryptography is one of the emerging techniques that stand as an alternative for conventional public key cryptography. Elliptic curve cryptography has several applications of which smart cards are also one among them. A smart card is nothing but a ...
Smart Card Research and Advanced Applications VI
IFIP, 2004
Smart card applications often handle privacy-sensitive information‚ and therefore must obey certain security policies. Typically‚ such policies are described as high-level security properties‚ stating for example that no pin verification must take place within a transaction. Behavioural interface specification languages‚ such as JML (Java Modeling Language)‚ have been successfully used to validate functional properties of smart card applications. However‚ high-level security properties cannot directly be expressed in such languages. Therefore‚ this paper proposes a method to translate high-level security properties into JML annotations. The method synthesises appropriate annotations and weaves them throughout the application. In this way‚ security policies can be validated using existing tools for JML. The method is general and applies to a large class of security properties. To validate the method‚ it has been applied to several realistic examples of smart card applications. This allowed us to find violations against the documented security policies for some of these applications.
Secured Password Authentication System Using Smart Cards", International Journal of Emerging Trends & Technology in Computer Science (IJETTCS), Volume 3, Issue 1, pp. 75-79, 2014
2014
We will present in this paper, an enhanced system to eliminate the vulnerabilities and at the same time to increase the security characteristics. In a suggested system, there is no valuable information can be gained from a data saved in smart card. So, a stolen user smart card attack is blocked. To prevent server attack, we shift a user authentication operation from server to a registration center. This will guarantee that every server has the diverse private key. In comparing with some systems, we show the proposed system is more secure. Thus, a proposed system is more realistic.
Cryptanalysis and security enhancement of an advanced authentication scheme using smart cards, and a key agreement scheme for two-party communication
2011
Abstract In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Song, is a password authentication scheme based on smart cards. We note that this scheme has already been shown vulnerable to the off-line password guessing attack by Tapiador et al. We perform a further cryptanalysis on this protocol and observe that it is prone to the clogging attack, a kind of denial of service (DOS) attack.
C2OS, A New Cryptographic Operating System for Smart Cards
The International Conference on Electrical Engineering
Smart card is a miniature computer with very limited hardware and software resources. Like any computer, an operating system is needed to manage the card hardware and software resources. Several smart card operating systems of different types were developed for this purpose. The basic functions of these operating systems are: handling the card input/out process, managing the file system, managing communication with card users/ application programs and data exchange with the cryptographic algorithms embedded in the card, if any. The user/application is allowed to interact with cryptographic algorithms with their default parameters and with no possibility of cryptographic parameters customization. This paper aims to make the smart card smarter by presenting a new type of smart card operating system that covers a new area of commands. The new set of cryptographic commands enables the applications/developer to deeply access the cryptographic primitives and customize their building blocks at run time. In order to test the new command set and demonstrate its features, the new operating system has been developed in embedded C language and implemented on an open platform card. Smart Card, Operating System, Cryptographic Primitives. Today, smart cards are widely used in our daily life. Their technology is being used in many fields like: credit cards, passports, health cards, ID cards, driving licenses, SIM cards for mobile phones, etc. Smart cards are originally known as integrated circuit cards (IC cards). The reason for naming IC cards with smart cards is that the card functions are not limited to those functions defined only at build time. The set of card functions could be extended in run time according to the system they work in and also according to user requirements. Smart cards with processor chip need an operating system known as Card Operating System (COS). The basic functions of COS are: managing the card resources, and enabling instructions execution and communication with the outer world. A variety of card operating systems have been developed. * Egyptian Armed Forces.
Practical security systems with smartcards
Proceedings of the Seventh Workshop on Hot Topics in Operating Systems, 2000
Dynamic Encryption Key based Smart Card Authentication Scheme
International Journal of Computer Applications, 2013
In order to keep away from difficulties associated with traditional password based authentication methods, smart card based authentication schemes have been widely used. It has already been accepted worldwide due to its low computational cost. However, most of these schemes are vulnerable to one or the other possible attack. This paper describes a new smart card authentication scheme using symmetric key cryptography, which covers all the identified security pitfalls and satisfies the needs of a user. Its security is based on encrypting the contents of all the communicating messages exchanged between remote user and the server. Moreover, it provides users to choose and change their passwords freely, mutual authentication and session key generation. In addition, it uses nonce instead of timestamp to resist replay attack. Security analysis proves that this scheme is secure against impersonation attack, password guessing attack, replay attack, reflection attack, parallel session attack, insider attack, attack on perfect forward secrecy, stolen verifier attack, smart card loss attack and man-in-the-middle attack. The proposed scheme can be easily extended to Internet protocol television broadcasting, Multi-server authentication, Wireless communication and Healthcare, where the user needs to access data from server.
An Efficient Security Mechanism in Distributed Systems for Smart-Cards
2015
Smart Card or Chip card technology is important in our society and routine lives. Smart cards used to store the data and value in a secure manner. The people access the data by using the card in different time and different places. So we want to integrate the smart cards with our system. Here try to solve security management issues when a variety of applications used by the card holder. The attackers try to get the secret information within the card or smash the entire authentication system. So we need smart card based password authentication scheme for providing the security to the smart card. Cryptographic protocols are used to protect the smart card and the machine. In our proposed scheme involves two different methods with a server and a user i.e. registration phase and authentication phase. In this registration phase is used to register the user and server for the user is able to access different times. Using valid smart card and correct password user achieve the successful log...
Elliptic Curve Cryptography and Smart Cards Elliptic Curve Cryptography and Smart Cards
2020
Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (for example, a 160 bit ECC has roughly the same security strength as 1024 bit RSA). In addition, ECC satisfies smart cards requirements in terms of memory, processing and cost. In this report, I will present a background on ECC including the basics and some ECC techniques. Then, I will talk about smart cards, their constraints and ECC implementation options. Copyright SANS Institute Author Retains Full Rights AD © S A N S I n s t i t u t e 2 0 0 4 , A u t h o r r e t a i n s f u l l r i g h t s . Key fingerprint = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 ABSTRACT Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (for example, a 160 bit ECC has roughly the same security strength as 1024 bit RSA). In addition, ECC satisfies smart...
Smart Card Security; Technology and Adoption
International Journal of …, 2011
Newly, smart card technology are being used in a number of ways around the world, on the other hand, security has become significant in information technology, especially in those application involving data sharing and transactions through the ...
Authentication Framework for Smart Cards
This paper introduces a generalized authentication framework for smart cards. The framework abstracts the authentication services on the card and allows flexible configuration of authentication policies and technologies. This paper also makes recommendations for extensions to current authentication APIs.
Biometrics to enhance smartcard security
2005
A novel protocol is proposed to address the problem of user authentication to smartcards using devices that are currently inexpensive. The protocol emulates expensive Match On Card (MOC) smartcards, which can compute a biometric match, by cheap Template on Card (TOC) smartcards, which only store a biometric template. The actual match is delegated to an extension of the cryptographic module running on the card host, which is called Cryptoki according to the PKCS#11[9] standard. Compliance to such a standard increases the portability of the protocol. Informal reasoning confirms the protocol strenghts, though its formal verification in terms of established equational techniques appears to be at hand.
Security Protocols for Biometrics-Based Cardholder Authentication in Smartcards
Lecture Notes in Computer Science, 2003
The use of biometrics, and fingerprint recognition in particular, for cardholder authentication in smartcard systems is growing in popularity, and such systems are the focus of this paper. In such a biometrics-based cardholder authentication system, sensitive data will typically need to be transferred between the smartcard and the card reader. We propose strategies to ensure integrity of the sensitive data exchanged between the smartcard and the card reader during authentication of the cardholder to the card, and also to provide mutual authentication between card and reader. We examine two possible types of attacks: replay attacks and active attacks in which an attacker is able to calculate hashes and modify messages accordingly.
Cryptanalysis and Security Enhancement of an Advanced Authentication Scheme using Smart Cards, and a Key Agreement Scheme for Two-Party …
eprint.iacr.org
In this work we consider two protocols for performing cryptanalysis and security enhancement. The first one by Song, is a password authentication scheme based on smart cards. We note that this scheme has already been shown vulnerable to the off-line password guessing attack by Tapiador et al. We perform a further cryptanalysis on this protocol and observe that it is prone to the clogging attack, a kind of denial of service (DOS) attack. We observe that all smart card based authentication protocols which precede the one by Song, and require the server to compute the computationally intensive modular exponentiation, like the one by Xu et al., or Lee at al., are prone to the clogging attack. We then suggest an improvement on the protocol to prevent the clogging attack.
Software and Hardware Issues in Smart Card Technology
IEEE Communications Surveys & Tutorials, 2009
An efficient and strongly secure smart card mechanism involves the use of a technological background taken from the fields of computers, VLSI design and material science. The result of such a mixture is a miniature, fully operational, computation system. The nature of the data involved in smart card transactions and smart card intended uses, introduce another important factor in the smart card design mechanism which is security. The evolution of VLSI technology allows the efficient implementation of costly cryptographic operations in the smart card design methodology. Apart from the traditional cryptographic algorithms, additional techniques and special design materials have been introduced in order to protect the smart card system from cryptanalytic attacks. New architectures of software design, like object-oriented programming, give the opportunity to implement programmable multi-application cards. Thus, smart cards are transformed into highly secure devices and their establishment in the modern computer market can be considered certain. This establishment is bound to finance upcoming research in smart cards so that this product can become the basic component of electronic commerce worldwide.
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.