Multi-stage Packet Filtering in Network Smart Cards

  • HongQian Karen Lu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3928)


Network smart cards are smart cards with networking capabilities. They have opened new opportunities for the use of smart cards in Internet applications. At the same time, network smart cards are exposed to network security threats just as other computers on the Internet. Unfortunately, existing designs of network security mechanisms, such as packet filtering, may not be best suited for smart cards because the computing resources of the cards are too limited. This paper presents a new packet filtering approach that overcomes this difficulty. The packet filtering is performed in multiple stages. It drops unwanted packets as early as possible, starting at the I/O interrupt level. This builds a network firewall inside smart cards and reduces resource usage for packet processing. It can be used with different hardware and software configurations and with various filter rules. Advantages of this approach include better security, reduced memory usage, and enhanced performance.


Smart Card Host Computer Memory Allocation Direct Memory Access Memory Buffer 


  1. 1.
    Montgomery, M., Ali, A., Lu, H.K.: SECURE NETWORK CARD – Implementation of a Standard Network Stack in a Smart Card. In: Sixth Smart Card Research and Advanced Application IFIP Conference (Cardis), Toulouse, France, August 23-26 (2004)Google Scholar
  2. 2.
    Ali, A., Montgomery, M.: Secure Internet Access and the Role of Network Smart Card. In: Proc. of the 4th IASTED Int. Conf. on Communications, Internet and Information Technology, Cambridge, MA, USA, October 31 - November 02 (2005), pp. 259–265 (2005)Google Scholar
  3. 3.
    Cheswick, W.R., Bellovin, S.M., Rubin, A.D.: Firewalls and Internet Security. Addison-Wesley, Reading (2003)MATHGoogle Scholar
  4. 4.
    Lockhart, A.: Network Security Hacks. O’Reilly, Sebastopol (2004)Google Scholar
  5. 5.
    Zwicky, E.D., Cooper, S., Chapman, D.B.: Building Internet Firewalls. O’Reilly, Sebastopol (2000)Google Scholar
  6. 6.
    McCanne, S., Jacobson, V.: The BSD Packet Filter: A New Architecture for Userlevel Packet Capture. In: Proceedings of the Winter 1993 USENIX Conference, pp. 259–290 (January 1993)Google Scholar
  7. 7.
    Mogul, J., Rashid, R., Accetta, M.: The Packet Filter: An Efficient Mechanism for User-level Network Code. In: Proceedings of the Eleventh ACM Symposium on Operating Systems Principles, pp. 39–51 (November 1987)Google Scholar
  8. 8.
    Lu, H.K.: Firewall at AHDLC Layer. In: The 2005 International Conference on Embedded Systems and Applications, Las Vegas, USA, June 27-30 (2005)Google Scholar
  9. 9.
    Lu, H.K., Ali, A.: Prevent Online Identity Theft - Using Network Smart Cards for Secure Online Transactions. In: 7th Information Security Conference (ISC), Palo Alto, CA, USA, September 27-29 (2004)Google Scholar
  10. 10.
    Lu, H.K.: New Advances in Smart Card Communication. In: International Conference on Computing, Communications and Control Technologies (CCCT), Austin, TX, USA, August 14-17 (2004)Google Scholar
  11. 11.
    Universal Serial Bus Communications Class Subclass Specification for Ethernet Emulation Model Devices,
  12. 12.
    PPP – RFC 1662Google Scholar
  13. 13.
    Calson, J.: PPP Design, Implementation, and Debugging. Addison-Wesley, Reading (2000)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • HongQian Karen Lu
    • 1
  1. 1.Smart Cards Research, Axalto, Inc.AustinUSA

Personalised recommendations