发布求助
文献互助 智能选刊 最新文献

Information Security Technical Report最新文献

筛选
英文 中文
Smart cards and remote computing: Interaction or convergence? 智能卡与远程计算:交互还是融合?
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.06.008
Serge Chaumette , Damien Sauveron
{"title":"Smart cards and remote computing: Interaction or convergence?","authors":"Serge Chaumette ,&nbsp;Damien Sauveron","doi":"10.1016/j.istr.2009.06.008","DOIUrl":"10.1016/j.istr.2009.06.008","url":null,"abstract":"<div><p>Computing power is largely becoming a basic supply which you can envisage to buy from a provider like you buy power or water. This is the result of a now long running trend that consists in connecting computing resources together so as to set up what can globally be referred to as a remote computing platform, the most up-to-date incarnation of which is the notion of a grid (<span>Foster and Kesselman, 2003</span>). These resources can then be shared among users, what means circulating codes and the results of their execution over a network, what is highly insecure. At the other end of the spectrum of computing devices, smart cards (<span>Mayes and Markantonakis, 2008</span>, <span>Hendry, 2001</span>) offer extremely secure but extremely limited computing capabilities. The question is thus to bridge the gap between computational power and high security. The aim of this paper is to show how large and high capacity remote computing architectures can interact with smart cards, which certainly are the most widely deployed, still the smallest computing systems of the information technology era, so as to improve the overall security of a global infrastructure.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Pages 101-110"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.06.008","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121210249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Attacking smart card systems: Theory and practice 攻击智能卡系统:理论与实践
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.06.001
Konstantinos Markantonakis , Michael Tunstall , Gerhard Hancke , Ioannis Askoxylakis , Keith Mayes
{"title":"Attacking smart card systems: Theory and practice","authors":"Konstantinos Markantonakis ,&nbsp;Michael Tunstall ,&nbsp;Gerhard Hancke ,&nbsp;Ioannis Askoxylakis ,&nbsp;Keith Mayes","doi":"10.1016/j.istr.2009.06.001","DOIUrl":"10.1016/j.istr.2009.06.001","url":null,"abstract":"<div><p>Smart card technology has evolved over the last few years following notable improvements in the underlying hardware and software platforms. Advanced smart card microprocessors, along with robust smart card operating systems and platforms, contribute towards a broader acceptance of the technology. These improvements have eliminated some of the traditional smart card security concerns. However, researchers and hackers are constantly looking for new issues and vulnerabilities. In this article we provide a brief overview of the main smart card attack categories and their corresponding countermeasures. We also provide examples of well-documented attacks on systems that use smart card technology (e.g. satellite TV, EMV, proximity identification) in an attempt to highlight the importance of the security of the overall system rather than just the smart card.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Pages 46-56"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.06.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116335527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
How to defend against smartcard attacks – Or the amazing number of different ways to check a PIN securely 如何防范智能卡攻击——或者有多少种不同的方法可以安全地检查PIN码
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.06.004
Wolfgang Rankl
{"title":"How to defend against smartcard attacks – Or the amazing number of different ways to check a PIN securely","authors":"Wolfgang Rankl","doi":"10.1016/j.istr.2009.06.004","DOIUrl":"10.1016/j.istr.2009.06.004","url":null,"abstract":"<div><p>Since their invention in the 1980s, smartcards have become an universal medium for the secure storage of data and secure execution of programs. The first part of the article describes the different security elements of a smartcard system. This is completed by an explanation of the different types of smart card attacks (invasive, semi invasive, non invasive) and the corresponding mechanisms for protecting the secrets of smart cards. The second part shows on the basis of the forgoing explanations the evolution of attacks and corresponding protection mechanisms against the PIN compare function over the last twenty years.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Pages 79-86"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.06.004","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129289616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Transport ticketing security and fraud controls 运输票务保安及欺诈管制
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.06.003
Keith E. Mayes, Konstantinos Markantonakis, Gerhard Hancke
{"title":"Transport ticketing security and fraud controls","authors":"Keith E. Mayes,&nbsp;Konstantinos Markantonakis,&nbsp;Gerhard Hancke","doi":"10.1016/j.istr.2009.06.003","DOIUrl":"10.1016/j.istr.2009.06.003","url":null,"abstract":"<div><p>For many years, public transportation systems have been an essential part of day-to-day life and so the principle of needing a “ticket” has been familiar to generations of travellers. However as technology has advanced it has become possible to make use of electronic tickets that have significant advantages both for travellers and for the transport system operators. There has been a lot of recent publicity regarding weaknesses in some electronic ticket solutions; which whilst based on some solid facts tend to suggest that transport ticket security and fraud control is primarily a smart card/RFID technology issue. However this cannot be the case as systems exist that do not use such technology; or use it along side legacy systems. This paper will consider technology problems, but will first establish the bigger picture of transport ticketing and will finally make suggestions for future evolution of such systems.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Pages 87-95"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.06.003","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132618710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Smart card security evaluation: Community solutions to intractable problems 智能卡安全评估:解决社区棘手问题
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.06.002
Tony Boswell
{"title":"Smart card security evaluation: Community solutions to intractable problems","authors":"Tony Boswell","doi":"10.1016/j.istr.2009.06.002","DOIUrl":"10.1016/j.istr.2009.06.002","url":null,"abstract":"<div><p>Evaluation of smart card security faced seemingly intractable problems of consistency and repeatability in its early days. The deeply specialised technologies, large parameter spaces for attacks, and the evolving attack types and countermeasures mean that the scope for variation in evaluation practice, and hence in evaluation conclusions, is potentially huge. The situation is further complicated by the fact that countermeasures against some types of attacks depend on both hardware and software, but there is also a need to evaluate hardware without specific software present at the time of evaluation. Stakeholders in the smart card world have formed a Community that has successfully created and applied interpretation of Common Criteria (ISO 15408) to deal with this problem and to achieve international mutual recognition of evaluation results. This paper discusses examples of the smart card security problem in order to illustrate some of the difficulties, and describes some of the interpretation that has been defined for rating the difficulty of an attack via calculation of an attack potential. It also considers the nature of the Community that has enabled the interpretation to be both defined and put into practice successfully.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Pages 57-69"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.06.002","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130713319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Multiapplication smart card: Towards an open smart card? 多用途智能卡:迈向开放智能卡?
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.06.007
Damien Sauveron
{"title":"Multiapplication smart card: Towards an open smart card?","authors":"Damien Sauveron","doi":"10.1016/j.istr.2009.06.007","DOIUrl":"10.1016/j.istr.2009.06.007","url":null,"abstract":"<div><p>Smart cards were invented four decades ago so as to keep data secrets and to process them secretly. Even though their main goal are still the same today, the smart cards have been subject to many evolutions at both their hardware and software levels. Indeed they have been the target of numerous attacks and new demands from the market. These demands have expanded their domains of application. When they were born and during some thirty years smart cards have been monolithic platforms with a fixed piece of software dedicated to one single application. But in the mid 90's, some technologies appeared that have broken this situation by enabling to easily host several applications on the same card. These new technologies have changed the business models and pushed the smart cards towards new domains and to a world where they will integrate lots of new functionalities.</p><p>The aim of this paper is to give an overview of the evolution of the smart cards (and of their application domains) from monolithic static pieces of hardware and software to a flexible multiapplication platforms. This paper also explores the possibilities to see open multiapplication cards in the future and exposes the breakthroughs that are required to achieve in order to produce such cards.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Pages 70-78"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.06.007","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131896427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 47
Introduction to this issue 问题介绍
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.07.001
Michael J. Ganley
{"title":"Introduction to this issue","authors":"Michael J. Ganley","doi":"10.1016/j.istr.2009.07.001","DOIUrl":"10.1016/j.istr.2009.07.001","url":null,"abstract":"","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Page 35"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.07.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120958741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Smart card applications and security 智能卡应用和安全
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.06.006
Xuefei Leng
{"title":"Smart card applications and security","authors":"Xuefei Leng","doi":"10.1016/j.istr.2009.06.006","DOIUrl":"10.1016/j.istr.2009.06.006","url":null,"abstract":"<div><p>This article gives brief introduction to the security mechanisms used in smart card technology. Firstly we introduce the properties of contact and contactless smart cards; then we give the anatomy of smart card hardware and the popular security features implemented. These security features are arranged in the attack and countermeasure pairs, so it is easier for the readers to understand the security issues in the smart card technology.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Pages 36-45"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.06.006","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114259331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Electronic passports – from secure specifications to secure implementations 电子护照——从安全规范到安全实现
Information Security Technical Report Pub Date : 2009-05-01 DOI: 10.1016/j.istr.2009.06.005
Ingo Liersch
{"title":"Electronic passports – from secure specifications to secure implementations","authors":"Ingo Liersch","doi":"10.1016/j.istr.2009.06.005","DOIUrl":"10.1016/j.istr.2009.06.005","url":null,"abstract":"<div><p>For some years more and more countries have been introducing electronic passports. A reason for that is the need of higher security of travel documents in an age where people fear terrorism and crime. There are the US requirements for VISA Waiver countries to issue biometric enabled Passports and the European Commission's decision for a chip based storage of facial image and fingerprints in passports issued by EU member states. In this article standards for ePassports in terms of security and the implementations of security mechanisms are analysed.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 2","pages":"Pages 96-100"},"PeriodicalIF":0.0,"publicationDate":"2009-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.06.005","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125655310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
A look at Portable Document Format vulnerabilities 查看可移植文档格式漏洞
Information Security Technical Report Pub Date : 2009-02-01 DOI: 10.1016/j.istr.2009.04.001
Sami Rautiainen
{"title":"A look at Portable Document Format vulnerabilities","authors":"Sami Rautiainen","doi":"10.1016/j.istr.2009.04.001","DOIUrl":"10.1016/j.istr.2009.04.001","url":null,"abstract":"<div><p>Portable Document Format (PDF) developed by Adobe Systems Inc. is a flexible and popular document distribution and delivery file format, and it is supported within various operating systems and devices. This article provides insight for some of the security issues within the format itself as well as an outlook of the vulnerabilities found from various versions of Adobe‘s own PDF viewer implementation.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 1","pages":"Pages 30-33"},"PeriodicalIF":0.0,"publicationDate":"2009-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2009.04.001","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128206626","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信