Abstract
With information and communication technologies progressing at a rapid pace and becoming increasingly affordable, the use of various e-services is gaining prevalence at all sectors and levels of enterprises, including government, commerce, education and health. As modern-day enterprise services become progressively virtual in terms of content, storage and delivery, the need for robust of security and privacy pertaining to such services increases proportionally. Despite the plethora of enterprise-scale e-services in use today, there seems to be no general framework for developing those, especially with regard to ensuring security of such services. In this chapter, we present the eTRON architecture which aims at delineating a generic framework for developing secure e-services. At the core of the eTRON architecture lies the tamper-resistant eTRON chip which is equipped with functions for mutual authentication, encrypted communication and strong access control. Besides the security features, the eTRON architecture also offers a wide range of functionalities through a coherent set of API commands so that programmers can develop value-added services in a transparent manner. This chapter discusses various features of the eTRON architecture, and presents three representative eTRON-based e-services in order to evaluate its effectiveness by comparison with other existing e-services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, R.: Why cryptosystems fail. Commun. ACM 37, 32–40 (1994)
Anderson, R., Kuhn, M.: Tamper resistance - a cautionary note. In: The Second USENIX Workshop on Electronic Commerce Proceedings, pp. 1–11 (1996)
Bilabo-Osorio, B., Dutta, S., Lanvin, B.: Global information technology report 2013: growth and jobs in a hyperconnected world. In: World Economic Forum (2013)
Harrington, A., Jensen, C.: Cryptographic access control in a distributed file system. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 158–165 (2003)
Khan, M.F.F., et al.: A secure and flexible electronic-ticket system. In: Proceedings of 33rd Annual IEEE International Computer Software and Applications Conference, pp. 421–426 (2009)
Khan, M.F.F., Sakamura, K.: Context-awareness: exploring the imperative shared context of security and ubiquitous computing. In: Proceedings of 14th International Conference on Information Integration and Web-Based Applications and Services, pp. 101–110 (2012)
Koshizuka, N., Sakamura, K.: Ubiquitous ID: standards for ubiquitous computing and the internet of things. IEEE Pervasive Comput. 9(4), 98–101 (2010)
Krikke, J.: T-Engine: Japan’s ubiquitous computing architecture is ready for prime Time. IEEE Pervasive Comput. 4(2), 4–9 (2005)
Matsuyama, K., Fujimura, K.: Distributed digital-ticket management for rights trading system. In: Proceedings of ACM Conference on Electronic Commerce, pp. 110–118 (1999)
Mayes, K.E.: An introduction to smart cards. In: Mayes, K.E., Markantonakis, K. (eds.) Smart Cards, Tokens Security and Applications. Springer Science+Business Media, LLC, New York (2008)
Payne, C.: A cryptographic access control architecture secure against privileged attackers. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, pp. 70–76 (2007)
Rankl, W.: Smart Card Applications: Design Models for Using and Programming Smart Cards, 3rd edn. Wiley, West Sussex (2007)
Sakamura, K.: Ubiquitous computing: making it a reality. ITU Telecom World 2003, 1–9 (2003)
Sakamura, K., Koshizuka, N.: The eTRON wide-area distributed-system architecture for e-commerce. IEEE Micro 21(6), 7–12 (2001)
Sony Global Felica Website (2016). http://www.sony.net/Products/felica/index.html. Accessed 27 May 2016
Stankovic, J.A.: Research directions for the internet of things. IEEE Internet Things J. 1(1), 3–9 (2014)
T-Kernel Standard Extension (2016). http://www.tron.org/download/index.php?route=product/category&path=24. Accessed 27 May 2016
TRON FORUM (2016). http://www.tron.org/. Accessed 27 May 2016
Yap, L.F., et al.: SUCAS: smart-card-based secure user-centric attestation framework for location-based services. Int. J. Inf. Priv. Secur. Integr. 1(2), 160–183 (2012a)
Yap, L.F., et al.: Secure consumer-oriented integrated services using activity-based attestation for converging online and in-store shopping experience. Int. J. Comput. Theory Eng. 4(2), 165–170 (2012b)
Yashiro, T., et al.: T-Kernel/SS: a secure filesystem with access control protection using tamper-resistant chip. In: Proceedings of 5th IEEE International Workshop on Security, Trust, and Privacy for Software Applications, pp. 134–139 (2010)
Yashiro, T., et al.: eTNet: a smart card network architecture for flexible electronic commerce services. In: Proceedings of 4th IFIP International Conference on New Technologies, Mobility and Security, pp. 1–5 (2011)
Acknowledgments
We cordially thank the YRP Ubiquitous Computing Laboratory for providing the eTRON hardware. The research reported in Sects. 3, 4 and 5 were carried out under the “Secure Ubiquitous Computing Platform” project supported by the Ministry of Education, Culture, Sports, Science and Technology (MEXT), Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
-
1.
The following shows API specification from eTRON Client Library for creating a file.
-
2.
The following shows API specification from eTRON Client Library for reading a file.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Khan, M.F.F., Sakamura, K., Koshizuka, N. (2017). Robust Enterprise Application Security with eTRON Architecture. In: Chang, V., Ramachandran, M., Walters, R., Wills, G. (eds) Enterprise Security. ES 2015. Lecture Notes in Computer Science(), vol 10131. Springer, Cham. https://doi.org/10.1007/978-3-319-54380-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-54380-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54379-6
Online ISBN: 978-3-319-54380-2
eBook Packages: Computer ScienceComputer Science (R0)