Implementing a Formally Verifiable Security Protocol in Java Card

Hubbers, Engelbert; Oostdijk, Martijn; Poll, Erik

doi:10.1007/978-3-540-39881-3_19

Implementing a Formally Verifiable Security Protocol in Java Card

Engelbert Hubbers⁸,
Martijn Oostdijk⁸ &
Erik Poll⁸

Conference paper

843 Accesses
8 Citations

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2802))

Abstract

This paper describes a case study in refining an abstract security protocol description down to a concrete implementation on a Java Card smart card. The aim is to consider the decisions that have to be made in the development of such an implementation in a systematic way, and to investigate the possibilities of formal specification and verification in the design process and for the final implementation.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Burrows, M., Abadi, M., Needham, R.: A logic of authentication. In: Proc. Royal Soc. Series A, vol. 426, pp. 233–271 (1989)
Google Scholar
Ryan, P., Schneider, S., Goldschmith, M., Lowe, G., Roscoe, A.W.: The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley, Reading (2001)
Google Scholar
Leavens, G., Baker, A., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06q, Dep. of Comp. Sci., Iowa State Univ. (2002)
Google Scholar
Cheon, Y., Leavens, G.: A Runtime Assertion Checker for the Java Modeling Language (JML). In: Arabnia, H., Mun, Y. (eds.) International Conference on Software Engineering Research and Practice (SERP 2002), Las Vegas, Nevada, June 2002, pp. 322–328. CSREA Press (2002)
Google Scholar
Compaq Systems Research Center: Extended Static Checker for Java (2001), version 1.2.4, http://research.compaq.com/SRC/esc/
Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0 (1997), http://wwwusers.cs.york.ac.uk/jac/drareviewps.ps
Lowe, G.: Casper: A Compiler for the Analysis of Security Protocols, version 1.5 (2001), http://web.comlab.ox.ac.uk/oucl/work/gavin.lowe/Security/Casper/
Formal Systems: FDR2, Failures Divergence Refinement, version 2.78 (2000), http://www.formal.demon.co.uk/FDR2.html
Cataño, N., Huisman, M.: Formal specification of Gemplus’s electronic purse case study. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 272–289. Springer, Heidelberg (2002)
Chapter Google Scholar
Poll, E., van den Berg, J., Jacobs, B.: Formal specification of the Java Card API in JML: the APDU class. Computer Networks 36, 407–421 (2001)
Article Google Scholar
Poll, E., van den Berg, J., Jacobs, B.: Specification of the JavaCard API in JML. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Fourth Smart Card Research and Advanced Application Conference (CARDIS 2000), pp. 135–154. Kluwer Academic Publishers, Dordrecht (2000)
Google Scholar
Marlet, R., Metayer, D.L.: Security properties and java card specificities to be studied in the secsafe project. Technical Report SECSAFE-TL-006, Trusted Logic (2001), Available from http://www.doc.ic.ac.uk/siveroni/secsafe/docs.html
Uppaal: An integrated tool environment for modeling, validation and verification of real-time system modeled as networks of timed automata, extended with data types, version 3.2.11 (2002), http://www.uppaal.com
Jacobs, B., et al.: Reasoning about classes in Java (preliminary report). In: Object-Oriented Programming, Systems, Languages and Applications (OOPSLA, pp. 329–340. ACM Press, New York (1998)
Google Scholar
Owre, S., Shankar, N., Rushby, J.M., Stringer-Calvert, D.W.J.: PVS System Guide. Computer Science Laboratory, SRI International, Menlo Park, CA, USA (1999), Available at http://pvs.csl.sri.com/
Breunesse, C.B., Jacobs, B., van den Berg, J.: Specifying and verifying a decimal representation in Java for smart cards. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 304–318. Springer, Heidelberg (2002)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Nijmegen Institute for Information and Computing Sciences, University of Nijmegen, P.O. Box 9010, 6500GL, Nijmegen, The Netherlands
Engelbert Hubbers, Martijn Oostdijk & Erik Poll

Authors

Engelbert Hubbers
View author publications
You can also search for this author in PubMed Google Scholar
Martijn Oostdijk
View author publications
You can also search for this author in PubMed Google Scholar
Erik Poll
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

DFKI, Stuhlsatzenhausweg 3, D-66123, Saarbrücken, Germany
Dieter Hutter
Institute of Computer Science and Social Studies, Department of Telematics, Albert-Ludwig University Freiburg, Germany
Günter Müller
German Research Center for Artificial Intelligence, DFKI GmbH,
Werner Stephan
Federal Office for Information Security (BSI), Godesberger Allee 185-189, 53175, Bonn, Germany
Markus Ullmann

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hubbers, E., Oostdijk, M., Poll, E. (2004). Implementing a Formally Verifiable Security Protocol in Java Card. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds) Security in Pervasive Computing. Lecture Notes in Computer Science, vol 2802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39881-3_19

Download citation

DOI: https://doi.org/10.1007/978-3-540-39881-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20887-7
Online ISBN: 978-3-540-39881-3
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics