Year-end Sale % OFF 
Abstract
Smartcards are used for a rapidly increasing number of applications including electronic identity, driving licenses, physical access, health care, digital signature, and electronic payments. The use of a specific smartcard in a environment generally provides a high level of security. In a closed environment no other smartcards are employed and the card use is restricted to the smartcard's own firmware, approved software applications, and approved card reader. However, the same level of security cannot be claimed for open environments where smartcards from different manufacturers might interact with various smartcard applications. The reason is that despite a number of existing standards and certification protocols like Common Criteria and CWA 14169, secure and convenient smartcard interoperability has remained a challenge. Ideally, just one middleware would handle the interactions between various software applications and different smartcards securely and seamlessly. In our ongoing research we investigate the underlying interoperability and security problems specifically for digital signature processes. An important part of such a middleware is a set of utilities and libraries that support cryptographic applications including authentication and digital signatures for a significant number of smartcards. The open-source project OpenSC provides such utilities and libraries. Here we identify some security lacks of OpenSC used as such a middleware. By implementing a secure messaging function in OpenSC 0.12.0 that protects the PIN and data exchange between the SC and the middleware, we address one important security weakness. This enables the integration of digital signature functionality into the OpenSC environment.
Highlights
The problem of secure Smartcard (SC) interoperability is one of the main issues that might limit the use of SCs in the future
We show how other digital signature SC can be integrated into OpenSC using the example of the PosteCert card issued by the Italian Postal Service (Posteitaliane)
We provide an overview of the digital signature process as we have implemented it in OpenSC
Summary
The problem of secure Smartcard (SC) interoperability is one of the main issues that might limit the use of SCs in the future. From a security perspective such events are problematic if the SC executing a misdirected command does not immediately return an error message. This problem has been observed experimentally [10] and such a situation is called an “anomaly”. The second problem of OpenSC is that the current OpenSC libraries do not support secure messaging operations which are required in most digital signature applications to protect the sensitive data exchange between software applications and the SC. In this work we extend the OpenSC libraries to include the secure messaging functionality (Sections 2 and 3) With this solution we facilitate the integration of commercially available digital signature SCs for example Postecert and Infocert into OpenSC 0.12.0 (Section 4).
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
