7,956 Hits in 6.5 sec

Mind the Gap [chapter]

Simon Winwood, Gerwin Klein, Thomas Sewell, June Andronick, David Cock, Michael Norrish
2009 Lecture Notes in Computer Science  
However, while formal models are indeed used throughout high-assurance certification, verification of the actual implementation is not required by the CC and largely neglected in certification practice  ...  In this paper we discuss the gap between program verification and CC software certification, and we point out possible uses of code-level program verification in the CC certification process.  ...  security objectives, one for the SPM, one for both the FSP and the high-level part of the TDS, and one for the low-level part of the TDS.  ... 
doi:10.1007/978-3-642-03359-9_34 fatcat:fby2azmiefggzbginkcl3dr5n4

Increasing smart card dependability

Ludovic Casset, Jean-Louis Lanet
2002 Proceedings of the 10th workshop on ACM SIGOPS European workshop: beyond the PC - EW10  
Most of those conclusions are well known by the community and we just point them out in our specific domain, the smart card. We provide a non trivial example of the use of formal methods.  ...  Moreover we reach our challenge, to formally implement a complex piece of code into a smart card.  ...  Formal methods aim to reduce the use of test and mainly of unitary tests. However there is still a need for functional tests.  ... 
doi:10.1145/1133373.1133416 dblp:conf/sigopsE/CassetL02 fatcat:fztjsqkaxnbvxgjmw33yrjzcpa

The difficulty of standardizing smart card security evaluation

Audun Josang
1995 Computer Standards & Interfaces  
There is a need for assessing the security of smart cards by an independent third party, specially if multi-application smart cards become reality.  ...  The article discusses the problems related to this topic, and makes suggestions on how security evaluation of smart cards can be achieved.  ...  Method 2: Company certification A scheme for security certification of companies can be organised in the same way as for quality certification according to ISO 9000.  ... 
doi:10.1016/0920-5489(95)00013-k fatcat:rezuab52pbfqleexpptgcysvha

The Caernarvon secure embedded operating system

David C. Toll, Paul A. Karger, Elaine R. Palmer, Suzanne K. McIntosh, Sam Weber
2008 ACM SIGOPS Operating Systems Review  
This approach facilitated implementation of a formally specified, mandatory security policy providing multi-level security (MLS) suitable for both government agencies and commercial users.  ...  The Caernarvon operating system was developed to demonstrate that a high assurance system for smart cards was technically feasible and commercially viable.  ...  ACKNOWLEDGEMENTS The Caernarvon project involved work by a number of people in addition to the authors of this paper, and we wish to acknowledge the contributions of Vernon Austel, Ran  ... 
doi:10.1145/1341312.1341320 fatcat:jnwsn7ikubbtllr44mqnrkpgtu

Technical Analysis Of Available Assurance Techniques

Jean-Christophe Courrège, Claire Barrat-Gély, Jean-François Culat
2013 Zenodo  
The conditions to international recognition of issued CC certificates are studied and several differentials are done showing what the prerequisites in terms of Security Assurance Requirements (SARs) are  ...  Finally a review of known evaluations at EAL 6 and 7 is done for resource management, for existing separation kernels/hypervisors compiled from published protection profiles, security targets or relevant  ...  The IT-Technical Domain is related to smart cards and similar devices where significant proportions of the required security functionality depend upon hardware (for example smart card hardware, smart card  ... 
doi:10.5281/zenodo.47296 fatcat:tgxiabog3ncjjk5k7wp7iz3u74

Formal Analysis of CWA 14890-1 [chapter]

Ashar Javed
2011 Lecture Notes in Computer Science  
In particular, the results obtained from the formal analysis of the smart card security protocols when smart cards are used as a specific type of Secure Signature Creation Devices (SSCDs) are presented  ...  We explain formalization of the protocols in AVISPA's high-level protocol specification language HLPSL [7], and describe approach to verifying that the device authentication protocols in CWA 14890-1 does  ...  We would like to thank Dieter Gollmann, Sebastien Canard, Jan Meier, Helmut Scherzer and the anonymous reviewers for helpful feedback and suggestions for improvements.  ... 
doi:10.1007/978-3-642-27257-8_20 fatcat:qw3ugvgzhfbg3nucsovc2vvqni

A Problem-Oriented Approach to Common Criteria Certification [chapter]

Thomas Rottke, Denis Hatebur, Maritta Heisel, Monika Heiner
2002 Lecture Notes in Computer Science  
We present a method for requirements engineering and (semi-formal and formal) modeling of systems to be certified according to the higher evaluation assurance levels of the CC.  ...  The CC distinguish several evaluation assurance levels (EALs), level EAL7 being the highest and requiring the application of formal techniques.  ...  For example, smart cards are used for an increasing number of purposes, and e-commerce and other security-critical internet activities become increasingly common.  ... 
doi:10.1007/3-540-45732-1_32 fatcat:pkfbrlrperdqtdmhqysz2vvbum

Strong Authentication Protocol based on Java Crypto Chip as a Secure Element

Majid Mumtaz, Sead Muftic, Nazri bin Abdullah
2016 Advances in Science, Technology and Engineering Systems  
In addition to end-user authentication, the described solution also supports the use of X.509 certificates for additional security servicesconfidentiality, integrity, and non-repudiation of transactions  ...  Smart electronic devices and gadgets and their applications are becoming more and more popular.  ...  Sead Muftic for his great motivational counselling that impacted me technically and theoretically for completion of this task.  ... 
doi:10.25046/aj010505 fatcat:wsmacjmberei3gl45nlmcktg6q

OUP accepted manuscript

2019 Logic Journal of the IGPL  
The distinctive security features of the Spanish electronic national identity card, known as Documento Nacional de Identidad electrónico, allow us to propose the usage of this cryptographic smart card  ...  for example of the so-called social networks.  ...  (FEDER, UE) under project COPCIS, reference TIN2017-84844-C2-1-R, and by the European Union program ERASMUS+ under the project 2017-1-ESO1-KA203-038491 (Rules_Math).  ... 
doi:10.1093/jigpal/jzz058 fatcat:ffahe5rkjzetxkzsch34kxp2pu

Caught in the Maze of Security Standards [chapter]

Jan Meier, Dieter Gollmann
2010 Lecture Notes in Computer Science  
We argue that the entities responsible for accrediting smart card based applications thus require security expertise beyond the knowledge encoded in security standards and that a purely compliance based  ...  certification of eCard applications is insufficient.  ...  We thank the anonymous reviewers for valuable comments and suggestions.  ... 
doi:10.1007/978-3-642-15497-3_27 fatcat:clazpzikung5vmnxqdv3gvr33a

Automated User Authentication in Wireless Public Key Infrastructure for Mobile Devices using Aadhar card

Krishna Prakasha, Balachandra Muniyal, Vasundhara Acharya
2019 IEEE Access  
The proposed authentication and symmetric key exchange algorithm are formally verified and analyzed using automated validation of Internet security protocols and applications.  ...  The result of simulation proves that the proposed scheme is secure and safe. The experimental results show that time consumption for user authentication is acceptable.  ...  The safety and security of the proposed method are validated using formal verification technique. The simulation results demonstrate that the scheme is safe and secure.  ... 
doi:10.1109/access.2019.2896324 fatcat:qekruagonbb7hbtvfylzukhgsu

SC 2: Secure Communication over Smart Cards [chapter]

Nicola Dragoni, Eduardo Lostal, Davide Papini, Javier Fabra
2012 Lecture Notes in Computer Science  
In particular, we present the design and implementation of (SC) 2 (Secure Communication over Smart Cards), a system securing the communication between a smart card and the TTP which provides the S×C matching  ...  The key idea lies in the notion of contract, a specification of the security behavior of an application that must be compliant with the security policy of the card hosting the application.  ...  In order to test the system, certificates for CA and TTP have to be created. CA root certificate is generated as a self-signed certificate.  ... 
doi:10.1007/978-3-642-27901-0_4 fatcat:zhamzoa7qbhjjpc4f5kw4wmawu

A Constructive Approach to Correctness, Exemplified by a Generator for Certified Java Card Applets [chapter]

Alessandro Coglio, Cordell Green
2008 Lecture Notes in Computer Science  
We present a constructive approach to correctness and exemplify it by describing a generator for certified Java Card applets that we are building.  ...  A proof of full functional correctness is generated, along with the code, from the specification; the proof can be independently checked by a simple proof checker, so that the larger and more complex generator  ...  Information technology security standards such as the Common Criteria and FIPS 140-2 (for cryptographic modules) require the developer to provide, for the highest levels of certification, proofs of correctness  ... 
doi:10.1007/978-3-540-69149-5_7 fatcat:eaw4crqmsber7coul6q2k4ghhm


Gilles Grimaud, Jean-Louis Lanet, Jean-Jacques Vandewalle
1999 Software engineering notes  
Acknowledgments We first thank Eric Vetillard for providing us with material to write some parts of this paper, and also Patrick Biget for his helpful comments on this paper.  ...  But, Eric must undoubtedly be acknowledged for his careful reading of the paper and his insightful comments which helped us to improve the paper greatly.  ...  Smart Card Compilation and Loading Process Though current smart cards are able to run programs written in high-level languages, they still have drastic limitations.  ... 
doi:10.1145/318774.319265 fatcat:3yxhdbtwqffkdbdjmexn52wupu

D-FAP: Dual-Factor Authentication Protocol for Mobile Cloud Connected Devices

2019 Journal of Sensor and Actuator Networks  
The security of the protocol is formally verified and informal analysis is performed for various attacks.  ...  The huge amount of data stored on mobile devices poses information security risks and privacy concerns for individuals, enterprises, and governments.  ...  Acknowledgments: The author is grateful to the Middle East University, Amman, Jordan for the financial support granted to cover the publication fee of this research article.  ... 
doi:10.3390/jsan9010001 fatcat:p5irdyb43rds7nkfbhrgykym3e
« Previous Showing results 1 — 15 out of 7,956 results