Secure Messaging Implementation in OpenSC

作     者：Maurizio Talamo Maulahikmah Galinium Christian H. Schunck Franco Arcieri 

作者机构：Department of Engineering University of Rome Tor Vergata Rome Italy Department of Information Science University of Rome Tor Vergata Rome Italy Nestor Laboratory University of Rome Tor Vergata Rome Italy 

出 版 物：《Journal of Information Security》 (信息安全（英文）)

年 卷 期：2012年第3卷第4期

页      面：251-258页

学科分类：1002[医学-临床医学] 100214[医学-肿瘤学] 10[医学] 

主　　题：Smart Card Digital Signature OpenSC Secure Messaging 

摘      要：Smartcards are used for a rapidly increasing number of applications including electronic identity, driving licenses, physical access, health care, digital signature, and electronic payments. The use of a specific smartcard in a closed environment generally provides a high level of security. In a closed environment no other smartcards are employed and the card use is restricted to the smartcard s own firmware, approved software applications, and approved card reader. However, the same level of security cannot be claimed for open environments where smartcards from different manufacturers might interact with various smartcard applications. The reason is that despite a number of existing standards and certification protocols like Common Criteria and CWA 14169, secure and convenient smartcard interoperability has remained a challenge. Ideally, just one middleware would handle the interactions between various software applications and different smartcards securely and seamlessly. In our ongoing research we investigate the underlying interoperability and security problems specifically for digital signature processes. An important part of such a middleware is a set of utilities and libraries that support cryptographic applications including authentication and digital signatures for a significant number of smartcards. The open-source project OpenSC provides such utilities and libraries. Here we identify some security lacks of OpenSC used as such a middleware. By implementing a secure messaging function in OpenSC 0.12.0 that protects the PIN and data exchange between the SC and the middleware, we address one important security weakness. This enables the integration of digital signature functionality into the OpenSC environment.