In the next years, smart cards are going to become the main personal identification document in many nations. In particular, both Europe and United States are Currently working to this aim. Therefore, tens of millions of smart cards. based oil hardware devices provided by many different manufacturers. will be distributed all over the world, and used in particular to accomplish the security tasks of electronic authentication and electronic signature. In this context, the so called Common Criteria define the security requirements for digital signature devices. Unfortunately, these criteria do not address any interoperability issue between smart cards of different manufacturers, which usually implement digital signature process in still correct but Slightly different ways. To face the interoperability problem. we realized a complete testing environment whose core is the Crypto Probing System (c) Nestor Lab, an abstract interface to a generic cryptographic smart card, embedding a standard model of the correct card behavior. which can be used to test the digital signature process behavior, also in the presence of alternate or disturbed command sequences, in conjunction with automatic verification techniques such as model checking. The framework allows to verify abstract behavior models against real smart cards, so it can be used to automatically verify the Common Criteria as well as the extended interoperability criteria above and many other low-level constraints. In particular, in this paper we show how we can verify that the card, in the presence of a sequence of (partially) modified commands, rejects them Without any side effect, remaining usable, or accepts them, generating a correct final result.

Talamo, M., Arcieri, F., Della Penna, G., Dimitri, A., Intrigila, B., Magazzeni, D. (2008). Verifying extended criteria for the interoperability of security devices. In ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2008, PT II, PROCEEDINGS (pp.1131-1139). BERLIN : SPRINGER-VERLAG BERLIN [10.1007/978-3-540-88873-4-14].

Verifying extended criteria for the interoperability of security devices

TALAMO, MAURIZIO;INTRIGILA, BENEDETTO;
2008-01-01

Abstract

In the next years, smart cards are going to become the main personal identification document in many nations. In particular, both Europe and United States are Currently working to this aim. Therefore, tens of millions of smart cards. based oil hardware devices provided by many different manufacturers. will be distributed all over the world, and used in particular to accomplish the security tasks of electronic authentication and electronic signature. In this context, the so called Common Criteria define the security requirements for digital signature devices. Unfortunately, these criteria do not address any interoperability issue between smart cards of different manufacturers, which usually implement digital signature process in still correct but Slightly different ways. To face the interoperability problem. we realized a complete testing environment whose core is the Crypto Probing System (c) Nestor Lab, an abstract interface to a generic cryptographic smart card, embedding a standard model of the correct card behavior. which can be used to test the digital signature process behavior, also in the presence of alternate or disturbed command sequences, in conjunction with automatic verification techniques such as model checking. The framework allows to verify abstract behavior models against real smart cards, so it can be used to automatically verify the Common Criteria as well as the extended interoperability criteria above and many other low-level constraints. In particular, in this paper we show how we can verify that the card, in the presence of a sequence of (partially) modified commands, rejects them Without any side effect, remaining usable, or accepts them, generating a correct final result.
OTM 2008 Confederated International Conferences CoopIS, DOA, GADA, IS, and ODBASE 2008
Monterrey, MEXICO
NOV 09-14, 2008
Rilevanza internazionale
2008
Settore INF/01 - INFORMATICA
English
Access control; Authentication; Digital devices; Direction of arrival; Electronic document identification systems; Interoperability; Radio direction finding systems; Security of data; All over the worlds; Common criterion; Digital signatures; Electronic authentications; Electronic signatures; Hardware devices; Interoperability problems; Personal identifications; Security devices; Security requirements; Testing environments; United States; Smart cards
Intervento a convegno
Talamo, M., Arcieri, F., Della Penna, G., Dimitri, A., Intrigila, B., Magazzeni, D. (2008). Verifying extended criteria for the interoperability of security devices. In ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2008, PT II, PROCEEDINGS (pp.1131-1139). BERLIN : SPRINGER-VERLAG BERLIN [10.1007/978-3-540-88873-4-14].
Talamo, M; Arcieri, F; Della Penna, G; Dimitri, A; Intrigila, B; Magazzeni, D
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/27692
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact