检索结果-内蒙古大学图书馆

Recovering from a lost digital wallet: A smart cards perspective extended abstract

PERVASIVE AND MOBILE COMPUTING 2016年 29卷 113-129页

作者： Akrama, Raja Naeem Markantonakis, Konstantinos Sauveron, Damien Univ London Royal Holloway Informat Secur Grp Smart Card Ctr Egham Surrey England Univ Limoges XLIM UMR CNRS 7252 Dept Math & Informat Limoges France

Multi-application smart cards enable a user to potentially have a diverse set of applications on her smart card. The growing trend of services convergence fuelled by Near Field Communication and smart phones has made multi-application smart cards a tangible reality. In such an environment, cardholders might have a number of applications on their smart cards and if a card is lost, all of the applications would be lost with it. In addition, consumers might decide to upgrade their smart cards and require a seamless and secure framework to migrate their applications from the old smart card to the new one. Currently, the recovery of a smart card-based service might take from a day to a week at best as each of the lost cards can only be replaced by the respective card issuer, during which time the card issuer might lose business from the user because she is not able to access the provisioned services. Similarly, there is at present no migration mechanism proposed for smart card applications. The proposed framework in this paper enables a user to acquire a new smart card as she desires and then migrate/restore all of her applications onto it-allowing her to recover from her lost digital wallet in a secure, efficient, seamless and ubiquitous manner. (C) 2016 Published by Elsevier B.V.

关键词： Smart card GlobalPlatform Consumer-Centric Model java card Multos Performance measurement

来源：评论

学校读者我要写书评

暂无评论

When time meets test

引用

INTERNATIONAL JOURNAL OF INFORMATION SECURITY 2018年第4期17卷 395-409页

作者： Lanet, Jean-Louis Le Bouder, Helene Benattou, Mohammed Legay, Axel INRIA RBA LHS PEC Campus Beaulieu263 Ave Gen Leclerc F-35042 Rennes France Univ Ibn Tofail Lab LARIT Kenitra Morocco

One of the main challenges in system's development is to give a proof of evidence that its functionalities are correctly implemented. This objective is mostly achieved via testing techniques, which include software testing to check whether a system meets its functionalities, or security testing to express what should not happen. For the latter case, fuzzing is considered as first class citizen. It consists in exercising the system with (randomly) generated and eventually modified inputs in order to test its resistance. While fuzzing is definitively the fastest and the easiest way for testing applications, it suffers from severe limitations. Indeed, the precision of the model used for input generation: a random and/or simple model cannot reach all states and significant values. Moreover, a higher model precision can result in a combinatorial explosion of test cases. In this paper, we suggest a new approach whose main ingredient is to combine timing attacks with fuzzing techniques. This new approach, which is dedicated to work on java card, allows not only reducing the test space explosion, but also to simplify the fuzzing process configuration. The technique has been implemented, and we present the results obtained on two applets loaded in a java card.

关键词： Security Software testing Fuzzing Timing attacks Smart card java card

来源：评论

学校读者我要写书评

暂无评论

The MAOS trap

引用

COMPUTING & CONTROL ENGINEERING JOURNAL 2001年第1期12卷 4-10页

作者： Elliott, J mobEcom

One of the most frequent questions I am asked in my work is 'how do the three multi-application operating system smart card platforms (java card, MULTOS and Windows for Smart card) compare?'. There is so much marketing hype flying around between the three parties that it is very difficult for the uninitiated to determine the real state of affairs. For example, VISA backs java card whereas arch-rival in finance, Mastercard, backs MULTOS, In the world of networked computing, Microsoft backs Windows for Smart card (WfSC) whereas Sun Microsystems backs java card. These large international rivals are unlikely to co-operate in developing standards. This article guides the reader through the differences between the three MAOS platforms, concentrating on their unique selling points.

关键词： operating systems (computers) MULTOS Operating systems Microsoft MAOS VISA Financial computing Windows for Smart card Sun Microsystems multi-application operating system Distributed systems software Business applications of IT java card networked computing smart cards Mastercard open systems smart card platforms

来源：评论

学校读者我要写书评

暂无评论

Bytecode verification on java smart cards

引用

SOFTWARE-PRACTICE & EXPERIENCE 2002年第4期32卷 319-340页

作者： Leroy, X Inst Natl Rech Informat & Automat F-78153 Le Chesnay France Trusted Log F-78000 Versailles France

This article presents a novel approach to the problem of bytecode verification for java card applets. By relying on prior off-card bytecode transformations, we simplify the bytecode verifier and reduce its memory requirements to the point where it can be embedded on a smart card, thus increasing significantly the security of post-issuance downloading of applets on java cards. This article describes the on-card verification algorithm and the off-card code transformations, and evaluates experimentally their impact on applet code size. Copyright (C) 2002 John Wiley Sons, Ltd.

关键词： bytecode verification java java card smart cards applets security

来源：评论

学校读者我要写书评

暂无评论

Tool-assisted specification and verification of typed low-level languages

引用

JOURNAL OF AUTOMATED REASONING 2005年第4期35卷 295-354页

作者： Barthe, Gilles Courtieu, Pierre Dufay, Guillaume De Sousa, Simao Melo INRIA Sophia Antipolis Sophia Antipolis France Univ Orleans F-45067 Orleans France Univ Ottawa Ottawa ON K1N 6N5 Canada Univ Beira Interior Covilha Portugal

Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including java, java card, and .NET. Over the past few years, its formal correctness has been studied extensively by academia and industry, using general-purpose theorem provers. The objective of our work is to facilitate such endeavors by providing a dedicated environment for establishing the correctness of bytecode verification within a proof assistant. The environment, called Jakarta, exploits a methodology that casts the correctness of bytecode verification relatively to a defensive virtual machine that performs checks at run-time and to an offensive one that does not;it can be summarized as stating that the two machines coincide on programs that pass bytecode verification. Such a methodology has been used successfully to prove the correctness of the java card bytecode verifier and may potentially be applied to many similar problems. One definite advantage of the methodology is that it is amenable to automation. Indeed, Jakarta automates the construction of an offensive virtual machine and a bytecode verifier from a defensive machine, and the proofs of correctness of the bytecode verifier. We illustrate the principles of Jakarta on a simple low-level language extended with subroutines and discuss its usefulness to proving the correctness of the java card platform.

关键词： bytecode verification java card theorem proving virtual machine

来源：评论

学校读者我要写书评

暂无评论

Using control dependencies for space-aware bytecode verification

引用

COMPUTER JOURNAL 2006年第2期49卷 234-248页

作者： Bernardeschi, C Lettieri, G Martini, L Masci, P Univ Pisa Dipartimento Ingn Informaz I-56100 Pisa Italy

java applets run on a Virtual Machine that checks code integrity and correctness before execution using a module called the Bytecode Verifier. java card technology allows java applets to run on smart cards. The large memory requirements of the verification process do not allow the implementation of an embedded Bytecode Verifier in the java card Virtual Machine. To address this problem, we propose a verification algorithm that optimizes the use of system memory by imposing an ordering on the verification of the instructions. This algorithm is based on control flow dependencies and immediate postdominators in control flow graphs.

关键词： java card bytecode verification data flow analysis

来源：评论

学校读者我要写书评

暂无评论

Trend of smart card (IC card) in security fields in Japan

引用

NEC RESEARCH & DEVELOPMENT 2002年第3期43卷 208-212页

作者： Kosugi, S

In recent years, the systems applying Smart cards or IC cards are gradually reaching the stage of genuine practical use. In this paper, the expression "IC card" is used for "Smart card." An IC card is, in short, "a really portable and safe storehouse for information," and it is also thought to be one of the most important components in security fields. The IC cards are also starting to be used practically and broadly in other fields than the security field. This paper introduces a general market and a technology trend of the IC cards, and gives a general view Of examples of their applications in the security field.

关键词： Smart card IC card contact type contact-less type EMV NICSS java card MULTOS PC/SC PKI

来源：评论

学校读者我要写书评

暂无评论

A hybrid user authentication protocol for mobile IPTV service

引用

MULTIMEDIA TOOLS AND APPLICATIONS 2013年第2期65卷 283-296页

作者： Kim, Soo-Cheol Yeo, Sang-Soo Kim, Sung Kwon Chung Ang Univ Div Comp Sci & Engn Seoul 156756 South Korea Mokwon Univ Div Comp Engn Taejon South Korea

IPTV, a technological convergence that combines communication and broadcasting technologies, delivers customized, interactive TV content and other multimedia information over wired and wireless connections. Providing secure access to IPTV services calls for authentication, without proper and secure authentication mechanisms, an individual impersonating a subscriber could steal a service. This paper proposes a new authentication protocol to authenticate IPTV users. The authors based the proposed protocol, a hybrid authentication protocol providing lightweight, personalized user authentication, on RFID (radio-frequency identification) and USIM (Universal Subscriber Identity Module) technologies. In the proposed protocol, USIM performs highly personalized authentication, and the authenticated subscriber's RFID tags can have a temporary authority to execute authentication. These RFID tags become Agent Tags authorized to authenticate subscribers. Agent Tags identify and authenticate themselves to RFID readers in the set-top box, thus, simplifying the authentication process.

关键词： IPTV RFID java card USIM User authentication

来源：评论

学校读者我要写书评

暂无评论

Virus in a smart card: Myth or reality?

引用

JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2013年第2-3期18卷 130-137页

作者： Hamadouche, Samiya Lanet, Jean-Louis Univ Mhamed Bougara Boumerdes Fac Sci LIMOSE Lab Boumerdes 35000 Algeria Univ Limoges 123 Rue Albert Thomas F-87000 Limoges France

Smart cards are often the target of software or hardware attacks. The most recent attacks are based on fault injection which modifies the behavior of the application. We demonstrate that it is possible to design applications in such a way that they become intentionally hostile while being hit by a laser. Later, a third party can deliver such an application to be deployed on SIM cards without being detected by a code review or a static analysis. We propose an evaluation of the propagation effect and the generation of hostile applications inside the card. To detect such a hostile application we introduce a mutation analysis that checks the ability of an application to be malicious. We implement this analysis in a SmartCM tool;thereafter evaluate its capacity to detect such a fault based mutant. (C) 2013 Elsevier Ltd. All rights reserved.

关键词： Smart card java card Viruses Faults Countermeasures

来源：评论

学校读者我要写书评

暂无评论

A cost-effective add-on-value card-assisted firewall over Taiwan's NHIVPN framework

引用

MEDICAL INFORMATICS AND THE INTERNET IN MEDICINE 2007年第2期32卷 103-116页

作者： Huang, Jyh-Win Hou, Ting-Wei Natl Cheng Kung Univ Dept Engn Sci Tainan 701 Taiwan Natl Penghu Univ Penghu Taiwan

Besides the overall budget for building the infrastructure of a healthcare- service- based virtual private network (VPN) in Taiwan, two issues were considered critical for its acceptance by the country's 17,000 plus medical institutions. One was who was to pay for the network (ADSL or modem) connection fee;the other was who was to pay for the firewall/ anti- virus software. This paper addresses the second issue by proposing an efficient freeware firewall, named card- assisted firewall (CAF), for NHI VPN edge-hosts, which is also an add-on-value application of the National Healthcare IC card that every insurant and medical professional has. The innovative concept is that any NHI VPN site (edge- host) can establish diversified secure- authenticated connections with other sites only by an authentication mechanism, which requires a NHI java card state machine and the Access Control List of the host. It is different from two- factor authentication cards in four ways: (1) a PIN code is not a must;(2) it requires authentication with the remote IC card Data Centre;(3) the NHI cards are already available, no modification is needed, and there is no further cost for the deployment of the cards;(4) although the cards are in the reader, the communication cannot start unless the cards are in the corresponding states;i.e. the states allow communication. An implementation, on a Microsoft Windows XP platform, demonstrated the system's feasibility over an emulation of the NHI VPN framework. It maintained a high line speed, the driver took up 39 KB of disk space, installation was simple, not requiring any extra hardware or software, and the average packet processing time of the CAF driver measured was 0.3084 ms. The average overhead in comparing the Access Control List predefined routing in card, in an FTP testing experiment, was 5.7 mu s (receiving) and 8 mu s (sending).

关键词： virtual private network card-assisted firewall java card hospital information system access control list

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：