Abstract
The necessity of auditing mechanisms for smart cards is currently under thorough investigation. Both current and future real world applications impose requirements which suggest the storage of sensitive information in log files. In this paper we present various applications that demonstrate the use of audit logs, justifying their practical advantages and disadvantages. We propose computationally practical methods for creating and maintaining such log files in the light of the limited memory of smart cards. We conclude with a brief discussion of design principles for future implementations and guidelines for further research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995)
Anderson, R.J.: UEPS - a second generation electronic wallet. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 411–418. Springer, Heidelberg (1992)
Europay-Mastercard-Visa. EMV-96 integrated circuit card specification for payment systems. Technical report, Europay-Mastercard-Visa (1996)
Gemplus. MCOS 16K EEPROM DES Reference Manual Ver 2.2. Gemplus (1990)
Gemplus. The first 32-bit risc processor ever embedded in a smart card (1996), http://www.gemplus.fr/presse/cascade2uk.htm
Gemplus. Gemxpresso reference manual (July 1998)
General Information Systems Ltd. (GIS). Oscar, specification of a smart card filling system incorporating data security and message authentication (1997), http://www.gis.co.uk/oscman1.htm
UCL Crypto Group. A smarter chip for smart cards (1996), http://www.dice.ucl.ac.be.crypt o/cascade
Haber, S., Scott Stornetta, W.: How to time-stamp a digital document. Journal of Cryptology 3(2), 99–111 (1996)
Hartel, P.H., de Jong Frz, E.K.: Smart cards and card operating systems. In: Uniforum 1996, pp. 725–730 (1996)
Hitachi. Hitachi 8bit microcontroler for smart card IC’s (1997), http://www.halsp.hitachi.com/smartcard/index.html
MAOSCO. Multos reference manual Ver 1.2 (July 1998), http://www.multos.com
Markantonakis, C.: The case for a secure multi-application smart card operating system. In: LNCS, vol. 1396, pp. 188–197 (October 1997)
Markantonakis, C.: An architecture of audit logging in a multi- application smart card environment. In: EICAR 1999 E-Commerce and New Media Managing Safety and Malware Challenges Effectively (October 1999)
Markantonakis, C., Rantos, K.: On the life cycle of the certification authority key pairs in emv 1996. EUROMEDIA 1999 (May 1999) (to be published)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Sun Microsystems. The Java Card API Ver 2.0 specification (1998), http://www.javasoft.com/products/javacard/
Mondex. Brief description of the mondex log file (1996), http://www.mondex.com/mondex/cgi-bin/printpage.plenglish+global-technology-security
Motorola. M68hc05sc family - at a glance (1997), http://design-net.com/csic/SMARTCRD/sctable.htm
Natarajan, A., Lee, C.P.: An ARIES log manager for Minirel CS 764 (1994), http://www.cs.ndsu.nodak.edu/-tat.minibase/logMgr/report/main.html
International Standard Organisation. ISO/IEC 7816-4, Information technology - Identification cards - Integrated circuits(s) cards with contacts. International Standard Organization (1995)
International Standard Organisation (ISO/IEC) 9798-1, Information technology - Security Techniques - Entity Authentication - Part 1: General. International Standard Organization (1997)
Persati, V., Keefe, T., Pal, S.: The design and implementation of a multilevel secure log manager. In: IEEE Symposium on Security and Privacy 1081-6011/97, pp. 55–64 (1997)
Persati, V., Keefe, T.F., Pal, S.: A guide to understanding audit in trusted systems. Technical report, NCSC-TG-001 Library No. S-228-470 (July 1987)
Peyret, P.: Application-enabling card systems with plug-and-play applets. In: Smart Card 1996 Conference Proceedings (1996)
Place, J.-M., Peltier, T., Trane, P.: Secured co-operation ofpartners and applications in the blank card. In: Struif (ed.) GDM-Darmstadt 1995 (July 1995)
Schlumberger. Cyberflex smart card series developers manual (1997), http://www.cyberflex.austin.et.slb.com/cyberflex/cyberhome
Schneier, B.: Applied Cryptography. John Wiley and Sons, Chichester (1996)
Schneier, B., Kelsey, J.: Automatic event-stream notarization using digital signatures. In: Security Protocols, International Workshop April 1996 Proceedings, pp. 155–169. Springer, Heidelberg (1996)
Schneier, B., Kelsey, J.: Cryptographic support for secure logs on un-trusted machines. In: The Seventh USENIX Security Symposium Proceedings, pp. 53–62. Usenix Press (January 1998)
Adam Shostack. SSL 3.0 SPECIFICATION (May 1995), http://www.homeport.org/adam/ssl.html
SIEMENS. STARCOS (1996), http://www.gdm.de/index.htm
SIEMENS. CardOS (September 1997), http://www.ad.siemens.de/cardos/index76.htm
Trane, P., Lecomte, S.: Failure recovery using action logs for smart cards transactions based systems. In: Third IEEE International On-Line Testing Workshop (July 1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Markantonakis, C. (2000). Secure Log File Download Mechanisms for Smart Cards. In: Quisquater, JJ., Schneier, B. (eds) Smart Card Research and Applications. CARDIS 1998. Lecture Notes in Computer Science, vol 1820. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10721064_27
Download citation
DOI: https://doi.org/10.1007/10721064_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67923-3
Online ISBN: 978-3-540-44534-0
eBook Packages: Springer Book Archive