Towards self-authenticable smart cards

Traditionally, the smart cards have been seen as security devices, but as soon as they could be integrated into distributed and networked environments their vulnerabilities could be attempted and countermeasures against new security threats in an open-access internet were required. In this work, our target could be represented by an end-to-end mutual authentication scenario where the smart card could authenticate by itself to a Network Access Server by means of link layer protocols and therefore in absence of IP connectivity. Some previous related models based on the Extensible Authentication Protocol are presented. However, in these works the smart card and terminal implement jointly the supplicant functionality (split supplicant). We consider the native EAP multiplexing model specified by the IETF to propose a new approach in order to avoid this split and to achieve an autonomous and highly independent smart card in the authentication scheme: a self-authenticable smart card.

[1]  Peter Honeyman,et al.  Webcard: a Java Card Web Server , 2001, CARDIS.

[2]  Jean-Jacques Quisquater The adolescence of smart cards , 1997, Future Gener. Comput. Syst..

[3]  Jiannong Cao,et al.  Enabling Distributed Corba Access to Smart Card Applications , 2002, IEEE Internet Comput..

[4]  Ipascal Drien,et al.  EAP-TLS Smartcards, from Dream to Reality , 2004 .

[5]  Jari Arkko,et al.  Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) , 2006, RFC.

[6]  Z. Chen Java Card Technology for Smart Cards: Architecture and Programmer''s Guide. The Java Series. Addis , 2000 .

[7]  Zhenfu Cao,et al.  Efficient remote user authentication scheme using smart card , 2005, Comput. Networks.

[8]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[9]  Pascal Urien,et al.  Internet card, a smart card as a true Internet node , 2000, Comput. Commun..

[10]  Sarvar Patel,et al.  Efficient authentication and key distribution in wireless IP networks , 2003, IEEE Wireless Communications.

[11]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.

[12]  Helena Handschuh,et al.  Smart Card Crypto-Coprocessors for Public-Key Cryptography , 1998, CARDIS.

[13]  Hung-Min Sun,et al.  An Efficient Remote User Authentication Scheme Using Smart Cards , 2000 .

[14]  Smart card based authentication - any future? , 2005, Comput. Secur..

[15]  Pascal Urien,et al.  Enhancing WLAN Security by Introducing EAP-TLS Smartcards , 2004, ICWI.

[16]  Mark Weiser,et al.  The computer for the 21st Century , 1991, IEEE Pervasive Computing.

[17]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[18]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[19]  Chun-I Fan,et al.  Robust remote authentication scheme with smart cards , 2005, Comput. Secur..

[20]  Sylvain Lecomte,et al.  Turning Multi-applications Smart Cards Services Available from Anywhere at Anytime: A SOAP / MOM Approach in the Context of Java Cards , 2001, E-smart.

[21]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[22]  Henry Haverinen,et al.  Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM) , 2006, RFC.

[23]  Scott B. Guthery,et al.  How to Turn a GSM SIM into a Web Server , 2001, CARDIS.

[24]  Georgios Kambourakis,et al.  Advanced SSL/TLS-based authentication for secure WLAN-3G interworking , 2004 .

[25]  Alexandre Courbot,et al.  New Results - Introducing Research Issues for Next Generation Java-based Smart Card Platforms , 2003 .

[26]  Damien Deville,et al.  Assessing the Future of Smart Card Operating Systems , 2003 .