Authenticating mandatory access controls and preserving privacy for a high-assurance smart card

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2808, Issue , 2003, Pages 181-200

  Scherzer, Helmut ^a   Canetti, Ran ^b   Karger, Paul A ^b   Krawczyk, Hugo ^b,c   Rabin, Tal ^b   Toll, David C ^b  

^a IBM   (Germany)

^b IBM T J WATSON RESEARCH CENTER   (United States)

^c TECHNION ISRAEL INSTITUTE OF TECHNOLOGY   (Israel)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION;

ACCESS RIGHTS; AUTHENTICATION PROTOCOLS; HIGH ASSURANCE; MANDATORY ACCESS CONTROL; PRIVACY PROBLEMS; SMART CARD OPERATING SYSTEM; STRONG AUTHENTICATION;

SMART CARDS;

EID: 0142157011     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-39650-5_11     Document Type: Conference Paper

References (33)

1. Adrian Antipa, Daniel Brown, Alfred Menezes, René Struik, and Scott Vanstone. Validation of elliptic curve public keys. In Yvo G. Desmedt, editor, Public Key Cryptography – PKC 2003, volume 2567, pages 211–223, Miami, FL, 2003. Springer Verlag.
2. Application interface for smartcards used as secure signature creation devices: Part 1 - basic requirements. Technical Report CEN/ISSS WS/E-Sign Draft CWA Group K Version 1.05, Secretariat: DIN Deutsches Institut für Normung e.V, Berlin, 7 May 2003.
3. David E. Bell and Leonard J. LaPadula. Computer security model: Unified exposition and multics interpretation. Technical Report ESD–TR–75–306, The MITRE Corporation, Bedford, MA, USA, HQ Electronic Systems Division, Hanscom AFB, MA, USA, June 1975. http://csrc.nist.gov/publications/history/bell76.pdf.
4. Kenneth J. Biba. Integrity considerations for secure computer systems. Technical Report ESD–TR–76–372, The MITRE Corporation, Bedford, MA, USA, HQ Electronic Systems Division, Hanscom AFB, MA, USA, April 1977.
5. Ran Canetti and Hugo Krawczyk. Security analysis of IKE’s signature-based keyexchange protocol. In Moti Yung, editor, Advances in Cryptology - Crypto 2002, volume 2045 of Lecture Notes in Computer Science, pages 143–161, Santa Barbara, CA, 2002. Springer-Verlag.
6. Chipcards with digital signature application/function according to SigG and SigV - part 1: Application interface. Technical Report DIN V66291-1, Secretariat: DIN Deutsches Institut für Normung e.V, Berlin, 15 December 1998.
7. Chipcards with digital signature application/function according to SigG and SigV - part 4: Basic security services. Technical Report DIN V66291-4, Secretariat: DIN Deutsches Institut für Normung e.V, Berlin, 17 October 2000.
8. Common security label (CSL). Technical Report MIL-STD-2045-48501, Joint Interoperability and Engineering Organization (JIEO), Fort Monmouth, NJ, 25 January 1995.
9. W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644–654, 1976.
10. DOD 5200.28-STD, Department of Defense, Washington, DC, USA. Department of Defense Trusted Computer System Evaluation Criteria, December 1985. http://csrc.nist.gov/publications/history/dod85.pdf.
11. J. H. Ellis. The story of non-secret encryption. Technical report, Communications- Electronics Security Group (CESG), Cheltenham, UK, 1987. http://www.cesg.gov.uk/publications/media/nsecret/ellis.pdf.
12. Pierre Girard. Which security policy for multiapplication smart cards? In Proceedings of the USENIX Workshop on Smartcard Technology, pages 21–28, Chicago, IL, 1999. The USENIX Association.
13. D. Harkins and D. Carrel. The internet key exchange (IKE). Technical Report RFC2409, November 1998. ftp://ftp.rfc-editor.org/in-notes/rfc2409.txt.
14. Information technology - identification cards - integrated circuit(s) cards with contacts- part 3: Electronic signals and transmission protocols. Technical Report ISO/IEC 7816-3:1997(E), International Organization for Standardization, Genève, 18 September 1997.
15. Information technology - identification cards - integrated circuit(s) cards with contacts - part 4: Inter-industry commands for interchange. Technical Report ISO/IEC 7816-4, International Standards Organization, Genève, 1995.
16. Information technology - identification cards - integrated circuit(s) cards with contacts - part 15: Cryptographic information application. Technical Report ISO/IEC CD 7816-15, draft edition, International Organization for Standardization, Genève, 2001.
17. Information technology - security techniques – evaluation criteria for it security – parts 1, 2, and 3. Technical Report ISO/IEC 15408-1, -2, and -3, International Organization for Standardization, Genève, 1999.
18. Information technology - security techniques - entity authentication - part 3: Mechanisms using digital signature techniques. Technical Report ISO/IEC 9798-3, International Organization for Standardization, Genève, 15 October 1998.
19. Information technology - security techniques - key management - part 3: Mechanisms using asymetric techniques. Technical Report ISO/IEC 11770-3, International Organization for Standardization, Genève, 1 November 1999.
20. Paul A. Karger. The lattice security model in a public computing network. In ACM 78: Proceedings 1978 Annual Conference, volume 1, pages 453–459, Washington, DC, USA, 4–6 December 1978. Association for Computing Machinery.
21. Paul A. Karger. Multi-organizational mandatory access controls for commercial applications. Technical Report RC 21673 (97655), IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, 22 February 2000. http://domino.watson.ibm.com/library/CyberDig.nsf/home.
22. Paul A. Karger, Vernon R. Austel, and David C. Toll. A new mandatory security policy combining secrecy and integrity. Technical Report RC 21717 (97406), IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, 15 March 2000. http://domino.watson.ibm.com/library/CyberDig.nsf/home.
23. Paul A. Karger, Vernon R. Austel, and David C. Toll. Using a mandatory secrecy and integrity policy on smart cards and mobile devices. In EUROSMART Security Conference, pages 134–148, Marseilles, France, 13–15 June 2000.
24. Paul A. Karger, Vernon R. Austel, and David C. Toll. Using mandatory secrecy and integrity for business to business applications on mobile devices. In Workshop on Innovations in Strong Access Control, Naval Postgraduate School, Monterey, CA, 25-27 September 2000. published on CD-ROM. http://www.acsac.org/sac-tac/wisac00/wed0830.karger.pdf.
25. Hugo Krawczyk. SIGMA: the’SIGn-and-MAc’ approach to authenticated diffiehellman and its use in the IKE protocols. In D. Boneh, editor, Advances in Cryptology – CRYPTO 2003 Proceesings, volume 2729 of Lecture Notes in Computer Science, pages 399–424, Santa Barbara, CA, 17-21 August 2003. Springer–Verlag.
26. Hugo Krawczyk, M. Bellare, and Ran Canetti. HMAC: keyed-hashing for message authentication. Technical Report RFC-2104, February 1997. http://www.faqs.org/ftp/rfc/rfc2104.txt.
27. Chae Hoon Lim and Pil Joong Lee. A key recovery attack on discrete log-based schemes using a prime order subgroup. In Burton S. Kaliski, editor, Advances in Cryptology - CRYPTO’97, volume 1294 of Lecture Notes in Computer Science, pages 249–263, Santa Barbara, CA, 1997. Springer Verlag.
28. Public key cryptography for the financial services industry, key agreement and key transport using elliptic curve cryptography. Technical Report X9.63-2001, American National Standards Institute (ANSI), 2001.
29. Gerhard Schellhorn, Wolfgang Reif, Axel Schairer, Paul Karger, Vernon Austel, and David Toll. Verification of a formal security model for multiapplicative smart cards. In F. Cuppens, Y. Deswarte, D. Gollmann, and M. Waidner, editors, 6th European Symposium on Research in Computer Security (ESORICS 2000), volume 1895 of Lecture Notes in Computer Science, pages 17–36, Toulouse, France, 2000. Springer-Verlag.
30. Standard security label for information transfer. Technical Report FIPS PUB 188, National Institute of Standards and Technology, Gaithersburg, MD, 6 September 1994.
31. Technical rationale behind CSC-STD-003-85: Computer security requirements – guidance for applying the department of defense trusted computer system evaluation criteria in specific environments. Technical Report CSC-STD-004-85, DoD Computer Security Center, Fort George G. Meade, MD, 25 June 1985.
32. Andreas Wiemers. Kommentare zu application interface for smart cards used as secure signature creation devices, part 1 - basic requirements version 0.14 28th february 2003 (in German). Technical report, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, 14 March 2003.
33. M. J. Williamson. Thoughts on cheaper non-secret encryption. Technical report, Communications-Electronics Security Group (CESG), Cheltenham, UK, 10 August 1976. http://www.cesg.gov.uk/publications/media/nsecret/cheapnse.pdf.