A generic proxy for secure smart card-enabled web applications

Authors:
Guenther Starnberger;Lorenz Froihofer;Karl M. Goeschka
Affiliations:
Vienna University of Technology, Institute of Information Systems, Vienna, Austria;Vienna University of Technology, Institute of Information Systems, Vienna, Austria;Vienna University of Technology, Institute of Information Systems, Vienna, Austria
Venue:
ICWE'10 Proceedings of the 10th international conference on Web engineering
Year:
2010

Citing 13
Cited 2

Multilateral security a concept and examples for balanced security

Proceedings of the 2000 workshop on New security paradigms
Secure Internet Smartcards

JavaCard '00 Revised Papers from the First International Workshop on Java on Smart Cards: Programming and Security
Security Architecture of the Austrian Citizen Card Concept

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Advances in network smart cards authentication

Computer Networks: The International Journal of Computer and Telecommunications Networking
Network smart card review and analysis

Computer Networks: The International Journal of Computer and Telecommunications Networking
Improving authentication of remote card transactions with mobile personal trusted devices

Computer Communications
Smart cards in hostile environments

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
vTPM: virtualizing the trusted platform module

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A practical guide to trusted computing

A practical guide to trusted computing
Para-Virtualized TPM Sharing

Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
The Trusted Execution Module: Commodity General-Purpose Trusted Computing

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
TLS-tandem: a smart card for web applications

CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Automatic generation of network protocol gateways

Middleware'09 Proceedings of the ACM/IFIP/USENIX 10th international conference on Middleware

Experience report: trading dependability, performance, and security through temporal decoupling

Proceedings of the 11th IFIP WG 6.1 international conference on Distributed applications and interoperable systems
Supporting customized views for enforcing access control constraints in real-time collaborative web applications

ICWE'13 Proceedings of the 13th international conference on Web Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Smart cards are commonly used for tasks with high security requirements such as digital signatures or online banking. However, systems thatWeb-enable smart cards often reduce the security and usability characteristics of the original application, e.g., by forcing users to execute privileged code on the local terminal (computer) or by insufficient protection against malware. In this paper we contribute with techniques to generally Web-enable smart cards and to address the risks of malicious attacks. In particular, our contributions are: (i) A single generic proxy to allow a multitude of authorized Web applications to communicate with existing smart cards and (ii) two security extensions to mitigate the effects of malware. Overall, we can mitigate the security risks of Web-based smart card transactions and--at the same time--increase the usability for users.