ECC programming in Java Card

9 páginas, 3 figuras, 3 listingElliptic Curve Cryptography (ECC) is a branch of public-key cryptography based on the arithmetic of el- liptic curves. Given its mathematical characteristics, ECC is currently one of the best options for protecting sensitive information. The lastest version of the Java Card platform includes several classes related to elliptic curves. However, potential developers are discouraged by the peculiarities of its programming model and the scarce information available. In this work, we present an up to date and extensive review of the ECC support in Java Card. In addition to that, we offer to the reader the complete code of two applications that will allow programmers to understand and test the entire application development process in Java Card.This work has been partially supported by Ministerio de Ciencia e Innovaci ́ on (Spain) under the grant TIN2011- 22668.Peer reviewe

Security validation of smartcard: MCOS

The National Fuel subsidy system planning in Malaysia should it persist would have elevated the Multi-purpose of MyKad. Malaysian government is planning for a new MyID system that can retrieve governmental related documents when dealing with 760 governments and agencies nationwide (The Star, 2010). This move will leverage the existing infrastructure of MyKad. The wider usage of MyKad may raise public concern regarding its security. Thus, there is a need for assessing the security of MyKad by an independent third party.This paper will first discuss vulnerability of smartcard by using the attack potential model (CCDB, 2008), and then the appropriateness of the current methods and tools to test the security of smartcard will be investigated.The study concludes that there is no yet a standard of security testing tool imposed on smartcard in Malaysia.The study promotes the developing of security testing tool for MyKad

A Simple and Efficient Way to Combine Microcontrollers with RSA Cryptography

Microcontroller can be easily adopted in various applications with a variety of peripherals due to its merits of small size, simple architecture and etc. However, the limited computing power restricts its application in cryptography. In this paper, we try to integrate microcontroller with different peripheral devices to support more powerful cryptography computation in a simple and efficient way. Based on the most popular open source microcontroller development platform, Arduino, we design and develop a cryptographic hardware device for a real-life application which provides data protection functions for authority and integrity with RSA cryptography supported. With the peripherals Java card, our Arduino-cored solution is able to efficiently generate digital signature of photos taken by smart phone using the asymmetric cryptographic algorithm, RSA, which has a poor performance if it is directly implemented on microcontroller. The experimental results show that the device can finish a RSA 1024-bit encryption in 82.2 microseconds, which is reasonable in real application scenario and illustrates the feasibility of implementing more complicated cryptographic system using microcontroller.published_or_final_versio

Efficient encryption on limited devices

Encryption algorithms have been used since the dawn of time to ensure secure communication over insecure communication channels. Once a secret encryption key is established and as long as the key remains secret, two parties can communicate freely over open channels. The question of how to obtain such a secret key is a large dilemma. Many methods of obtaining such keys have been tried from the most basic form of a one-on-one encounter to more advanced techniques like Diffie-Hellman. This paper compares three versions of the Diffie-Hellman key exchange protocol -- using arithmetic in the field of integers modulo a prime, arithmetic in an Elliptic Curve field (ECC), and arithmetic in the Extended Compact Subgroup Trace Representation (XTR), respectively -- to determine which would be the most appropriate, in terms of computational efficiency, for a small personal computing device

AN ANALYSIS OF TRANSACTIONS IN E-PAYMENT SYSTEM USING MOBILE AGENTS

Commercial interactions between merchants and customers pose a significant concern as they are associated with a large volume of data and complex information, especially when there is a need for switching requirements. This paper presents an agent-based analysis of e-payment transactions with the switching operations. The model adopts an inter-bank transaction network and consists of a terminal point of sale (POI) and three essential players in e-payment: customer, bank (merchant), and the Switch. This study analyses the various payment interactions using agent technology. The agent coordinates movement while the negotiation protocol serves as an internal control of the payment agreements, while the interactive hosts are the platforms that determine the status of transactions. Each agent host is equipped with a Certification Authority (CA) to secure communication between the merchant and the customer. Different transactions that agents could make are examined with formal descriptions. The implementation is achieved in Jade and compares with the object serialization mechanism. The simulation results show higher quality adaptation of agent systems and evidence of agentisation of e-transaction with Switch.     &nbsp

Recent advances in industrial wireless sensor networks towards efficient management in IoT

With the accelerated development of Internet-of- Things (IoT), wireless sensor networks (WSN) are gaining importance in the continued advancement of information and communication technologies, and have been connected and integrated with Internet in vast industrial applications. However, given the fact that most wireless sensor devices are resource constrained and operate on batteries, the communication overhead and power consumption are therefore important issues for wireless sensor networks design. In order to efficiently manage these wireless sensor devices in a unified manner, the industrial authorities should be able to provide a network infrastructure supporting various WSN applications and services that facilitate the management of sensor-equipped real-world entities. This paper presents an overview of industrial ecosystem, technical architecture, industrial device management standards and our latest research activity in developing a WSN management system. The key approach to enable efficient and reliable management of WSN within such an infrastructure is a cross layer design of lightweight and cloud-based RESTful web service

Implementing a Loyalty Card for smartphones using a Bitcoin Like Approach

Cryptographic currencies have been thriving in the last 5 years, specially since the appearance of Bitcoin in 2009. Factors, as the particular advantages of this type of currency, the current economy conjecture and the evolution of technology are fuelling their popularity. In some countries, cryptographic currency systems are considered to be feasible alternatives to real money by the government and Bitcoin is actually being used in transactions worldwide. The success of Bitcoin is mostly due to its elegant mathematical description, proven security under its assumptions, its decentralized character and anonymity assurance. Apart from the initial effort to securely and correctly implement the system and of the maintenance of the applications, Bitcoin works automatically with the contribution of the nodes of a fully decentralized infrastructure. The full specification of the protocol is readily available, e.g., in the Internet, and it can be used by anyone. This masters programme explored the possibility to use it, with modifications, as a means to implement a system for electronic loyalty cards. In order to do so, the aforementioned cryptographic currency was studied in detail, a set of requirements for the new system and modifications to the original protocol were specified, and a software system was engineered and implemented in the Java programming language. The specification of the modifications was performed while taking the particular application scenario into account. The restrictions deriving from the application scenario were mostly dominated by the fact that the underlying Peer-to-Peer (P2P) infrastructure was to be constituted by smartphones only. The most visible outcome of this masters programme is the fully working prototype of the loyalty card system, comprised by an application for mobile devices and by a server side application. This prototype implements part of the Bitcoin from scratch, starting from the seminal work that defines it, along with the modifications that introduce a central agent for better controlling the quantity of currency per client and aid in the establishment of the P2P connections between two mobile applications. The modified version of the system is herein called Bitpoints, and the currency is instead constituted by points. The implemented loyalty card system benefits of some of the advantages of the popular cryptographic currency, namely the public access to the ledger for isolated verification of all transactions. The loyalty card permits the exchange of points between users and mining new points, which is fundamentally different than currently available loyalty cards. Within the context of this masters programme, a survey was delivery to a population constituted of 34 individuals, who answered a set of questions concerning the handling of the aforementioned prototype. The analysis of the obtained results allows to induce that people would feel comfortable with this application and accept the concept on which is based on, probably preferring a system similar to the proposed one.As moedas criptográficas têm vindo a prosperar nos últimos cinco anos, especialmente desde o aparecimento da Bitcoin em 2009. Fatores como as vantagens específicas deste tipo de moedas, a atual conjetura económica e a evolução tecnológica, estão a estimular a sua popularidade. Em alguns países, os sistemas monetários criptográficos são considerados pelo governo, alternativas viáveis ao dinheiro real e a Bitcoin está efetivamente a ser utilizada em transações por todo o mundo. O sucesso da Bitcoin é essencialmente baseado na sua elegante descrição matemática, segurança comprovada pelos seus princípios, pelo seu carácter descentralizado e pela garantia de anonimato. Para além do esforço inicial para implementar corretamente e de forma segura o sistema, e da manutenção das aplicações, a Bitcoin funciona automaticamente com a contribuição dos nós de uma infraestrutura descentralizada. A especificação completa do protocolo está facilmente disponível, por exemplo na Internet, e pode ser utilizada por qualquer pessoa. Este programa de mestrado explorou a possibilidade de usá-lo, com modificações, como uma forma de implementar um sistema de cartões de fidelização eletrónicos. De forma a fazer isso, a moeda criptográfica acima mencionada, foi estudada em detalhe, foram especificados um conjunto de requisitos para o novo sistema e modificações ao protocolo original, e um sistema em software foi projetado e implementado na linguagem de programação Java. A especificação das modificações foi realizada, tendo em conta o cenário desta aplicação em particular. As restrições resultantes do cenário da aplicação foram maioritariamente dominadas pelo fato de que a infraestrutura Peer-to-Peer (P2P) subjacente era constituída apenas por smartphones. O resultado mais visível deste programa de mestrado é o protótipo completamente funcional de um sistema de cartões de fidelização, composto por uma aplicação para dispositivos móveis, e outra para ser executada do lado do servidor. Este protótipo implementa de raiz, a parte do Bitcoin, a partir do trabalho seminal que o define, juntamente com as alterações que introduzem um agente central para controlar melhor a quantidade de moedas por cliente, e auxiliar no estabelecimento de ligações P2P entre duas aplicações móveis. A versão modificada do sistema é aqui chamada de Bitpoints e a moeda é em vez disso, constituída por pontos. Os benefícios da implementação deste sistema de cartões de fidelização, e de algumas das vantagens da popular moeda criptográfica são, nomeadamente o acesso público à cadeia de blocos para verificação isolada de todas as transações. O cartão de fidelização permite a troca de pontos entre utilizadores e novos pontos de mineração, que é fundamentalmente diferente dos cartões de fidelização atualmente disponíveis. Dentro do contexto deste programa de mestrado, foi distribuído um inquérito por uma população de 34 indivíduos, que responderam a um conjunto de questões relativas ao manuseamento do protótipo referido anteriormente. A análise dos resultados obtidos permitiu induzir que as pessoas se sentem confortáveis com a aplicação, e que aceitaram o conceito na qual esta é baseada, preferindo provavelmente um sistema semelhante ao proposto

A Mobile Secure Bluetooth-Enabled Cryptographic Provider

The use of digital X509v3 public key certificates, together with different standards for secure digital signatures are commonly adopted to establish authentication proofs between principals, applications and services. One of the robustness characteristics commonly associated with such mechanisms is the need of hardware-sealed cryptographic devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled tokens or dongles. These devices support internal functions for management and storage of cryptographic keys, allowing the isolated execution of cryptographic operations, with the keys or related sensitive parameters never exposed. The portable devices most widely used are USB-tokens (or security dongles) and internal ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared, also suitable to protect cryptographic operations and digital signatures for secure identity and payment applications. The common characteristic of such devices is to offer the required support to be used as secure cryptographic providers. Among the advantages of those portable cryptographic devices is also their portability and ubiquitous use, but, in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply the need of readers, not always and not commonly available for generic smartphones or users working with computing devices. Also, wireless-devices can be specialized or require a development effort to be used as standard cryptographic providers. An alternative to mitigate such problems is the possible adoption of conventional Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely, by client-side applications running in users’ devices, such as desktop or laptop computers. However, the use of smartphones for safe storage and management of private keys and sensitive parameters requires a careful analysis on the adversary model assumptions. The design options to implement a practical and secure smartphone-enabled cryptographic solution as a product, also requires the approach and the better use of the more interesting facilities provided by frameworks, programming environments and mobile operating systems services. In this dissertation we addressed the design, development and experimental evaluation of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and supports on-demand Bluetooth-enabled cryptographic operations, including standard digital signatures. The addressed mobile cryptographic provider can be used by applications running on Windows-enabled computing devices, requesting digital signatures. The solution relies on the secure storage of private keys related to X509v3 public certificates and Android-based secure elements (SEs). With the materialized solution, an application running in a Windows computing device can request standard digital signatures of documents, transparently executed remotely by the smartphone regarded as a standard cryptographic provider

Modelling mobile health systems: an application of augmented MDA for the extended healthcare enterprise

Mobile health systems can extend the enterprise computing system of the healthcare provider by bringing services to the patient any time and anywhere. We propose a model-driven design and development methodology for the development of the m-health components in such extended enterprise computing systems. The methodology applies a model-driven design and development approach augmented with formal validation and verification to address quality and correctness and to support model transformation. Recent work on modelling applications from the healthcare domain is reported. One objective of this work is to explore and elaborate the proposed methodology. At the University of Twente we are developing m-health systems based on Body Area Networks (BANs). One specialization of the generic BAN is the health BAN, which incorporates a set of devices and associated software components to provide some set of health-related services. A patient will have a personalized instance of the health BAN customized to their current set of needs. A health professional interacts with their\ud patients¿ BANs via a BAN Professional System. The set of deployed BANs are supported by a server. We refer to this distributed system as the BAN System. The BAN system extends the enterprise computing system of the healthcare provider. Development of such systems requires a sound software engineering approach and this is what we explore with the new methodology. The methodology is illustrated with reference to recent modelling activities targeted at real implementations. In the context of the Awareness project BAN implementations will be trialled in a number of clinical settings including epilepsy management and management of chronic pain