Advertisement

Zero Footprint Secure Internet Authentication Using Network Smart Card

  • Asad M. Ali
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3928)

Abstract

This paper describes the motivation and technological innovation of Network Smart Card, a next generation smart card architecture that supports standard Internet communication and security protocols. It outlines the role of these next generation smart cards in addressing some of the weaknesses inherent in current Internet authentication frameworks. The paper evaluates several common methods of authenticating users as well as servers during online transactions and shows how they can be improved by the use of Network Smart Card. Traditional two-factor authentication techniques require modifications to client machine, remote server, or both. This paper describes a method of achieving the same two-factor authentication for secure Internet access without requiring any modification to host device or remote servers. Finally, the advantages of Network Smart Card are evaluated against other forms of authentication, such as conventional smart cards and OTP tokens.

Keywords

Smart Card Host Computer Remote Server Authentication Server Login Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Schneier, B.: Secrets and Lies: Digital Security in a Networked World, pp. 17–39. Wiley Computer Publishing, Chichester (2000) ISBN 0-471-25311-1Google Scholar
  2. 2.
    Jurgensen, T.M., Guthery, S.B.: Smart Cards. Pearson Education, Inc., London (2002)Google Scholar
  3. 3.
    Montgomery, M., Ali, A., Lu, K.: Implementation of a Standard Network Stack in a Smart Card. In: CARDIS 2004, Toulouse, France (August 2004)Google Scholar
  4. 4.
    ISO/IEC 7816-3: Information technology – Identification cards – Integrated circuit(s) cards with contacts – Part 3: Electronic signals and transmission protocols (1997), Available from International Organization for Standards, http://www.iso.org
  5. 5.
    Rees, J., Honeyman, P.: Webcard: a Java Card web server. In: Proc. IFIP CARDIS 2000, Bristol, UK (September 2000)Google Scholar
  6. 6.
    Urien, P.: Internet Card, a smart card as a true Internet node. Computer Communication 23(17) (October 2000)Google Scholar
  7. 7.
    Guthery, S., Kehr, R., Posegga, J.: How to turn a GSM SIM into a web server. In: Proc. IFIP CARDIS 2000, Bristol, UK (September 2000)Google Scholar
  8. 8.
    Muller, C., Deschamps, E.: Smart cards as first-class network citizens. In: 4th Gemplus Developer Conference, Singapore (November 2002)Google Scholar
  9. 9.
    Vijayan, J.: Low Draw for Smart Cards: Cost and interoperability problems are slowing companies’ adoption of smart card technology. ComputerWorld (February 2004), www.computerworld.com/printthis/2004/0,4814,89924,00.html
  10. 10.
    Simpson, W.: The Point-to-Point Protocol (PPP). RFC 1661 (July 1994)Google Scholar
  11. 11.
    Fielding, R., et al.: Hypertext Transfer Protocol – HTTP/1.1. Network Working Group, RFC 2616 (June 1999), The RFC is available at, http://www.w3.org/Protocols/rfc2616/rfc2616.html
  12. 12.
    Freier, A.O., et al.: The SSL Protocol, Version 3.0. Internet Draft, November 18 (1996), Also see the following Netscape URL, http://wp.netscape.com/eng/ssl3/
  13. 13.
    Elgamal, et al.: Secure socket layer application program apparatus and method. United States Patent 5,657,390, August 12 (1997)Google Scholar
  14. 14.
    Dierks, T., Allen, C.: The TLS Protocol, Version 1.0. IETF Network Working Group. RFC 2246. The RFC is available at, http://www.ietf.org/rfc/rfc2246.txt
  15. 15.
    Jesdanun, A.: Thief captures every keystroke to access accounts. Seattle Post (July 2003), http://seattlepi.nwsource.com/national/131961_snoop23.html
  16. 16.
    Poulsen, K.: Guilty Plea in Kinko’s Keystroke Caper. SecurityFocus, July 18 (2003), http://www.securityfocus.com/printable/news/6447
  17. 17.
    Poulsen, K.: California reports massive data breach. SecurityFocus, October 19 (2004), http://www.securityfocus.com/news/9758
  18. 18.
    Postel, J.: Internet Protocol. RFC 791 (September 1981)Google Scholar
  19. 19.
    Postel, J.: Transmission Control Protocol. RFC 793 (September 1981)Google Scholar
  20. 20.
    Schneier, B.: Secrets and Lies: Digital Security in a Networked World, pp. 167–168. Wiley Computer Publishing, Chichester (2000) ISBN 0-471-25311-1Google Scholar
  21. 21.
    X.509 certificate standard from International Telecommunication Union (ITU-T). See for a copy of the standard, http://www.itu.int/ITU-T/index.html
  22. 22.
    van de Snepscheut, J.L.A.: Computer scientist and educator (1953-1994)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Asad M. Ali
    • 1
  1. 1.Smart Card Research, AxaltoAustinUSA

Personalised recommendations