Abstract
Smartcards have traditionally been isolated from computer networks, communicating exclusively with the host computers to which they are attached. As a result, users can only use smartcards on local hosts. This can be disturbing in typical office environments, where a user has multiple workstations, or uses remote workstations as well as local ones. The most straightforward way of addressing this problem would be a remote smartcard access mechanism that allows users to use remote smartcards as if they are local. However, there are two issues that are incurred by going remote, i.e., security and naming. Communication between an application and a smartcard goes through the Internet, and can be sniffed. Also, if a smartcard is identified by the name of the host, the smartcard’s name changes every time it moves from a host to another.
In this paper, we describe middleware that solves these problems. Our work extends the Internet infrastructure for smartcards, which has recently been developed by Guthery et al. [9] and Rees et al. [20]. It addresses the security problem by encrypting communication with the session key established by the Simple Password Exponential Key Exchange (SPEKE). As a result, it is secure against off-line dictionary attack and man-in-the-middle attack. It also provides convenient naming by embracing the domain name service.
We have implemented two applications, Kerberos and SSH, on this infrastructure to illustrate its usability. Thanks to the object oriented programming mechanisms of Java Card and the UDP based interface of the infrastructure, it is straightforward to implement such applications. The performance of this system is less than ideal, as it takes more than 10 seconds to complete an authentication session.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bastiaan Bakker. Mutual authentication with smart cards. In Proceedings of USENIX Workshop on Smartcard Technology, May 1999.
Steven M. Bellovin and Michael Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings IEEE Computer Society Symposium on Research in Security and Privacy, pages 72–84, Oakland, CA, May 1992.
David Cocoran. Movement for the use of smart cards in a linux environment. http://www.linuxnet.com/.
Dorothy Denning. Cryptography and Data Security. Addison-Wesley, 1983.
W. Diffie and M. E. Hellman. New directions in cryptography. In IEEE Trans. Inform. Theory, volume IT-22, Nov 1976.
Europay, MasterCard, and Visa. Emv’96: Integrated circuit card application specification for payment systems, June 1996. http://www.mastercard.com/emv/emvspecs02.html.
The gnu multiple precision arithmetic library. http://www.swox.com/gmp/.
S. Guthery, Y. Baudoin, J. Posegga, and J. Rees. IP and ARP over ISO 7816-3 (Internet Draft), February 2000.
Scott Guthery. How to turn a gsm sim into a web server. In CARDIS 2000, Bristol, UK, September 2000.
Scott B. Guthery and Timothy M. Jurgensen. Smart Card Developer’s Kit. MacMillan Technical Publishing, Indianapolis, Indiana, December 1997.
N. Haller. The s/key one-time password system, RFC 1760, Feb. 1995.
N. Haller and C. Metz. A one-time password system, RFC 1938, May 1996.
Naomaru Itoi and Peter Honeyman. Smartcard integration with Kerberos V5. In Proceedings of USENIX Workshop on Smartcard Technology, Chicago, May 1999.
David P. Jablon. Strong password-only authenticated key exchange. ACM Computer Communications Review, October 1996.
SET Secure Electronic Transaction LLC. Set standard technical specifications, 1999. http://www.setco.org/.
Stephan Lucks. Open key exchange: How to defeat dictionary attacks without encrypting public keys. In The Security Protocol Workshop’ 97, Ecole Normale Superieure, April 1997.
Ian Miller and Mr. Tines. Ctc library. http://www.bifroest.demon.co.uk/ctc/manuals/ctclib.htm.
Paul Mockapetris. Domain names-concepts and facilities, STD 13, RFC 1034, Nov. 1987.
C. Perkins. Ip mobility support. Network Working Group Request for Comments: 2002, October 1996.
Jim Rees and Peter Honeyman. Webcard: A Java Card web server. In CARDIS 2000, Bristol, UK, September 2000.
Bruce Schneier. Applied Cryptography. John Wiley & Sons, Inc., 2 edition, 1996.
P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic updates in the domain name system (dns update). Network Working Group Request for Comments: 2136, April 1997.
Eric Young. libdes des library. ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Itoi, N., Fukuzawa, T., Honeyman, P. (2001). Secure Internet Smartcards. In: Attali, I., Jensen, T. (eds) Java on Smart Cards:Programming and Security. JavaCard 2000. Lecture Notes in Computer Science, vol 2041. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45165-X_6
Download citation
DOI: https://doi.org/10.1007/3-540-45165-X_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42167-2
Online ISBN: 978-3-540-45165-5
eBook Packages: Springer Book Archive