Adição de funções de criptografia simétrica em um applet de código aberto com suporte via middleware OpenSC

TCC(graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Ciências da Computação.O sigilo dos dados é um dos principais pilares da segurança em computação. Dentre as diferentes formas para alcançá-lo, vale destacar o uso de chaves secretas. Com elas, pode-se cifrar informações sensíveis utilizando algoritmos de criptografia simétrica em que a chave é compartilhada entre o remetente e o destinatário. A mesma chave realiza as operações de cifragem e decifragem dos dados. Neste contexto, o maior problema é o armazenamento da chave de forma segura. Dentre as possíveis maneiras de armazená-la, pode-se citar: banco de dados local, servidores e Smart Cards. Sendo o enfoque deste trabalho, o último, que fornece portabilidade e segurança. Embora sua relevância, a maioria das aplicações que implementam criptografia simétrica em Smart Cards, são de código proprietário. Este trabalho busca uma alternativa utilizando Java Cards, OpenSC e o cifrador AES, implementando as principais funções de criptografia simétrica em um applet de código aberto. Como resultado, obteve-se um applet open source suportado pelo middleware OpenSC, capaz de realizar as principais funções de criptografia simétrica.Data confidentiality is one of the main pillars of computer security. Among the different ways to reach it, it is worth highlighting the use of secret keys. With them, sensitive information can be encrypted using symmetric encryption algorithms in which the key is shared between the sender and the recipient. The same key performs data encryption and decryption operations. In this context, the biggest problem is securely storing the key. Among the possible ways to store it, we can mention: local database, servers and Smart Cards. Being the focus of this work, the latter, which provides portability and security. Although its relevance, most applications that implement symmetric encryption on Smart Cards, are proprietary code. This work looks for an alternative using Java Cards, OpenSC and the AES cipher, implementing the main functions of symmetric cryptography in an open source applet. As a result, we obtained an open source applet supported by the OpenSC middleware, capable of performing the main symmetric cryptographic functions

Middleware Design Framework for Mobile Computing

Mobile computing is one of the recent growing fields in the area of wireless networking. The recent standardization efforts accomplished in Web services, with their XML-based formats for registration/discovery, service description, and service access, respectively UDDI, WSDL, and SOAP, certainly represent an interesting first step towards open service composition, which MA supports for mobile computing are expected to integrate within their frameworks soon. A middle-ware that can work even if the network parameters are changed can be a better solution for successful mobile computing. A middle-ware is proposed for handling the entire existing problem in distributed environment. Middleware is about integration and interoperability of applications and services running on heterogeneous computing and communication devices. The services it provides - including identification, authentication, authorization, soft-switching, certification and security - are used in a vast range of global appliances and systems, from smart cards and wireless devices to mobile services and e-Commerce

Interleaving Command Sequences: a Threat to Secure Smartcard Interoperability

The increasingly widespread use of smartcards for a variety of sensitive applications, including digital signatures, creates the need to ensure and possibly certify the secure interoperability of these devices. Standard certification criteria, in particular the Common Criteria, define security requirements but do not sufficiently address the problem of interoperability. Here we consider the interoperability problem which arises when various applications interact with different smartcards through a middleware. In such a situation it is possible that a smartcard of type S receives commands that were supposed to be executed on a different smartcard of type S'. Such "external commands" can interleave with the commands that were supposed to be executed on S. We experimentally demonstrate this problem with a Common Criteria certified digital signature process on a commercially available smartcard. Importantly, in some of these cases the digital signature processes terminate without generating an error message or warning to the user.Comment: 6 pages; published in the 10th WSEAS International Conference on Information Security and Privacy (ISP 2011

The simplicity project: easing the burden of using complex and heterogeneous ICT devices and services

As of today, to exploit the variety of different "services", users need to configure each of their devices by using different procedures and need to explicitly select among heterogeneous access technologies and protocols. In addition to that, users are authenticated and charged by different means. The lack of implicit human computer interaction, context-awareness and standardisation places an enormous burden of complexity on the shoulders of the final users. The IST-Simplicity project aims at leveraging such problems by: i) automatically creating and customizing a user communication space; ii) adapting services to user terminal characteristics and to users preferences; iii) orchestrating network capabilities. The aim of this paper is to present the technical framework of the IST-Simplicity project. This paper is a thorough analysis and qualitative evaluation of the different technologies, standards and works presented in the literature related to the Simplicity system to be developed

Secure Method Invocation in JASON

We describe the Secure Method Invocation (SMI) framework implemented for Jason, our Javacard As Secure Objects Networks platform. Jason realises the secure object store paradigm, that reconciles the card-as-storage-element and card-as-processing-element views. In this paradigm, smart cards are viewed as secure containers for objects, whose methods can be called straightforwardly and securely using SMI. Jason is currently being developed as a middleware layer that securely interconnects an arbitrary number of smart cards, terminals and back-office systems over the Internet

Future challenges and recommendations

Rapid advances in information technology and telecommunications, and in particular mobile and wireless communications, converge towards the emergence of a new type of “infostructure” that has the potential of supporting a large spectrum of advanced services for healthcare and health. Currently the ICT community produces a great effort to drill down from the vision and the promises of wireless and mobile technologies and provide practical application solutions. Research and development include data gathering and omni-directional transfer of vital information, integration of human machine interface technology into handheld devices and personal applications, security and interoperability of date and integration with hospital legacy systems and electronic patient record. The ongoing evolution of wireless technology and mobile device capabilities is changing the way healthcare providers interact with information technologies. The growth and acceptance of mobile information technology at the point of care, coupled with the promise and convenience of data on demand, creates opportunities for enhanced patient care and safety. The developments presented in this section demonstrate clearly the innovation aspects and trends towards user oriented applications