Securing Operating System Services Based on Smart Cards

The executions of operating system services based on smart cards allow one to personalize some functionalities of the operating system by using the secret information stored in a smart card and the basic computations that a smart card can perform. However, current solutions for integrating smart card features in operating system services require at least a partial execution of the operating system functionalities at “user level”. Such executions decrease the security and the performance of the system as they are less robust compared to the kernel-level ones. In this paper we present the design and implementation of SmartK, a kernel module that integrates directly in the Linux kernel the support of smart cards. The use of SmartK allows one to securely personalize an operating system service still maintaining its execution at kernel level.

[1]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[2]  Andy Oram,et al.  Understanding the Linux Kernel, Second Edition , 2002 .

[3]  Erez Zadok,et al.  Stackable File Systems as a Security Tool , 1999 .

[4]  Daniel Pierre Bovet,et al.  Understanding the Linux Kernel , 2000 .

[5]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[6]  Reihaneh Safavi-Naini,et al.  Information Security and Privacy, 11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006, Proceedings , 2006, ACISP.

[7]  Richard Stallman Can you trust your computer , 2002 .

[8]  Frances M. T. Brazier,et al.  Distributed Open Systems , 1994 .

[9]  Luigi Catuogno,et al.  An Architecture for Kernel-Level Verification of Executables at Run Time , 2004, Comput. J..

[10]  Seth D. Schoen,et al.  Trusted Computing: Promise and Risk , 2003 .

[11]  Calton Pu,et al.  CryptoMark: Locking the Stable door ahead of the Trojan Horse , 2000 .

[12]  Peter Honeyman,et al.  Webcard: a Java Card Web Server , 2001, CARDIS.

[13]  Mark Looi,et al.  Integrating Smart Cards Into Authentication Systems , 1995, Cryptography: Policy and Algorithms.

[14]  Greg Kroah-Hartman,et al.  Linux Device Drivers , 1998 .

[15]  William A. Arbaugh,et al.  Personal Secure Booting , 2001, ACISP.

[16]  Erez Zadok,et al.  I3FS: An In-Kernel Integrity Checker and Intrusion Detection File System , 2004, LISA.

[17]  Peter Honeyman,et al.  SCFS: A UNIX Filesystem for Smartcards , 1999, Smartcard.