A Method for Secure Smartcard Applications

We have presented a method for the formal development of secure smartcard applications. The method combines and integrates different techniques (with algebraic specifications at the core) to tackle the different problems: objects and distributed systems, attackers and cryptographic protocols, JavaCard programs and limited resources. The techniques include UML models enriched by algebraic specifications, and dynamic logic for JavaCard verification. The method is tailored to take advantage of the special features of smartcard scenarios, and to make proving securityand correctness as easy as possible. The method is illustrated with a small but surprisinglyco mplex example, a copy card. The approach is implemented in the KIV specification and verification system.

[1]  Bernhard Beckert,et al.  A Dynamic Logic for the Formal Verification of Java Card Programs , 2000, Java Card Workshop.

[2]  Wolfgang Reif,et al.  The KIV-Approach to Software Verification , 1995, KORSO Book.

[3]  Axel Schairer,et al.  Verification of a Formal Security Model for Multiapplicative Smart Cards , 2000, ESORICS.

[4]  Martin Wirsing,et al.  An Event-Based Structural Operational Semantics of Multi-Threaded Java , 1999, Formal Syntax and Semantics of Java.

[5]  Rik Eshuis,et al.  A Formal Semantics for UML Activity Diagrams - Formalising Workflow Models , 2001 .

[6]  Anne Elisabeth Haxthausen,et al.  CASL - The CoFI Algebraic Specification Language (Tentative Design, version 0.95) - Language Summary, with annotations concerning the semantics of constructs , 1997 .

[7]  David Harel,et al.  First-Order Dynamic Logic , 1979, Lecture Notes in Computer Science.

[8]  Ross J. Anderson,et al.  Programming Satan's Computer , 1995, Computer Science Today.

[9]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[10]  Kurt Stenzel,et al.  Formal System Development with KIV , 2000, FASE.

[11]  Gianna Reggio,et al.  Towards a Rigorous Semantics of UML Supporting Its Multiview Approach , 2001, FASE.

[12]  Rik Eshuis,et al.  A Real-Time Execution Semantics for UML Activity Diagrams , 2001, FASE.

[13]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..