Securing Operating System Services Based on Smart Cards

  • Luigi Catuogno
  • Roberto Gassirà
  • Michele Masullo
  • Ivan Visconti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3592)

Abstract

The executions of operating system services based on smart cards allow one to personalize some functionalities of the operating system by using the secret information stored in a smart card and the basic computations that a smart card can perform. However, current solutions for integrating smart card features in operating system services require at least a partial execution of the operating system functionalities at “user level”. Such executions decrease the security and the performance of the system as they are less robust compared to the kernel-level ones.

In this paper we present the design and implementation of SmartK, a kernel module that integrates directly in the Linux kernel the support of smart cards. The use of SmartK allows one to securely personalize an operating system service still maintaining its execution at kernel level.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Anderson, R.: TCPA Frequently Asked Questions (2003), http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html
  2. 2.
    Arbaugh, W., Farber, D., Smith, J.: A Secure and Reliable Bootstrap Architecture. In: Proc. of IEEE Symposium on Security and Privacy 1997, pp. 65–71 (1997)Google Scholar
  3. 3.
    Beattie, S.M., Black, A.P., Cowan, C., Pu, C., Yang, L.P.: CryptoMark: Locking the Stable door ahead of the Trojan Horse. White Paper, WireX Communications Inc (2000)Google Scholar
  4. 4.
    Catuogno, L., Visconti, I.: An Architecture for Kernel-Level Verification of Executables at Run Time. The Computer Journal 47(5), 511–526 (2004)CrossRefGoogle Scholar
  5. 5.
    Bovet, D.P., Cesati, M.: Understanding the Linux Kernel, 2nd edn. O’Reilly Associates, Inc., Sebastopol (2002)Google Scholar
  6. 6.
    Corcoran, D.: PC/SC lite API version 1.1.1 (1999), http://www.linuxnet.com
  7. 7.
    Telekom, D., et al.: Application Independent Card Terminal Application Programming Interface for ICC Applications (1998)Google Scholar
  8. 8.
    Gaskell, G., Looi, M.: Integrating Smart Cards Into Authentication Systems. Cryptography: Policy and Algorithms, pp. 270–281 (1995)Google Scholar
  9. 9.
    The International Organization for Standardization and The International Electrotechnical Commission, ISO/IEC 7816 parts 1-4: Information technology - Identification cards - Integrated circuit(s) cards with contacts (1995)Google Scholar
  10. 10.
    Itoi, N., Arbaugh, W.A., Pollack, S.J., Reeves, D.M.: Personal secure booting. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 130–144. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Itoi, N., Honeyman, P., Rees, J.: SCFS: A UNIX Filesystem for Smartcards. In: Proc. of the First USENIX Workshop on Smartcard Technology, pp. 107–118 (1999)Google Scholar
  12. 12.
    Neuman, B.C., Ts’o, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Communications 32(9), 33–38 (1994)CrossRefGoogle Scholar
  13. 13.
    Kohl, B., Kohl, B., Neuman, C., T’so, T.Y.: The Evolution of the Kerberos Authentication System. In: Distributed Open Systems, pp. 78–94. IEEE Computer Society Press, Los Alamitos (1994)Google Scholar
  14. 14.
    Microsoft Corporation (2003), Security Model for the Next-Generation Secure Computing Base, http://www.microsoft.com
  15. 15.
    MUSCLE (Movement for the use of smart cards in a Linux Environment), http://www.linuxnet.com
  16. 16.
    Opencard Consortium, OpenCard Framework, General Information Web Document (1998), http://www.opencard.org
  17. 17.
    Patil, S., Kashyap, A., Sivathanu, G., Zadok, E.: I3FS an In-Kernel Integrity Checker and Intrusion Detection File System. In: Proceedings of the 18th USENIX Large Installation System Administration Conference (LISA 2004) (2004)Google Scholar
  18. 18.
    PC/SC workgroup, Presentation of the Interoperability specification for ICCs and Personal Computer System (PC/SC) Revision 1.0, parts 1-8. (1997), http://www.pcscworkgroup.com/
  19. 19.
    PC/SC workgroup, Presentation of the Interoperability specification for ICCs and Personal Computer System (PC/SC), Revision 2.0. White Paper (1999), http://www.pcscworkgroup.com/
  20. 20.
    Rees, J., Honeyman, P.: Webcard: a Java Card Web Server. In: Proc. of CARDIS 2000, pp. 197–208 (2000)Google Scholar
  21. 21.
    RSA Security Inc., PKCS11: Cryptographic Token Interface Standard v.2.20 (2004), http://www.rsasecurity.com/
  22. 22.
    RSA Security Inc., PKCS15: Cryptographic Token Information Format Standard v.1.1 (2000), http://www.rsasecurity.com/
  23. 23.
    Rubini, A., Corbet, J.: Linux Device Drivers, 2nd edn. O’Reilly Associates, Inc., Sebastopol (2001)Google Scholar
  24. 24.
    Schoen, S.: Trusted Computing: Promise and Risk, Report of Electronic Frontier Foundation (2003), http://www.eff.org
  25. 25.
    Stallman, R.: Can you trust your computer (2002), http://www.gnu.org/philosophy/can-you-trust.html
  26. 26.
    Trusted Computing Group, TCG Specification Architecture Overview (2004)Google Scholar
  27. 27.
    van Doorn, L., Ballintijn, G., Arbaugh, W.A.: Signed Executables for Linux. University of Maryland Technical Report CS-TR-4259 (2001)Google Scholar
  28. 28.
    Zadok, E.: Stackable File System as a Security Tool. CS dept. Columbia University Technical Report CUCS-036-99 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Luigi Catuogno
    • 1
  • Roberto Gassirà
    • 1
  • Michele Masullo
    • 1
  • Ivan Visconti
    • 1
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità degli Studi di SalernoItaly

Personalised recommendations