Smart cards: State-of-the-art to future directions

The evolution of smart card technology provides an interesting case study of the relationship and interactions between security and business requirements. This paper maps out the milestones for smart card technology, discussing at each step the opportunities and challenges. The paper reviews recently proposed innovative ownership/management models and the security challenges associated with them. The paper concludes with a discussion of possible future directions for the technology, and the challenges these present

Mobile phone and e-government in Turkey: practices and technological choices at the cross-road

Enhanced data services through mobile phones are expected to be soon fully transactional and embedded within future mobile consumption practices. While private services will surely continue to take the lead, others such as government and NGOs will become more prominent m-players. It is not yet sure which form of technological standards will take the lead including enhance SMS based operations or Internet based specifically developed mobile phone applications. With the introduction of interactive transactions via mobile phones, currently untapped segment of the populations (without computers) have the potential to be accessed. Our research, as a reflection of the current market situation in an emerging country context, in the case of mobile phones analyzes the current needs or emergence of dependencies regarding the use of m/e-government services from the perspective of municipality officers. We contend that more research is needed to understand current preparatory bottlenecks and front loading activities to be able to encourage future intention to use e-government services through mobile phone technologies. This study highlights and interprets the current emerging practices and praxis for consuming m-government services within government

PALPAS - PAsswordLess PAssword Synchronization

Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.Comment: An extended abstract of this work appears in the proceedings of ARES 201