A password-authenticated secure channel for App to Java Card applet communication. Issue 4 (2nd November 2015)
- Record Type:
- Journal Article
- Title:
- A password-authenticated secure channel for App to Java Card applet communication. Issue 4 (2nd November 2015)
- Main Title:
- A password-authenticated secure channel for App to Java Card applet communication
- Authors:
- Hölzl, Michael
Asnake, Endalkachew
Mayrhofer, Rene
Roland, Michael - Abstract:
- Abstract : Purpose: – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach: – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings: – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value: – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security,Abstract : Purpose: – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach: – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings: – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value: – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time. … (more)
- Is Part Of:
- International journal of pervasive computing and communications. Volume 11:Issue 4(2015)
- Journal:
- International journal of pervasive computing and communications
- Issue:
- Volume 11:Issue 4(2015)
- Issue Display:
- Volume 11, Issue 4 (2015)
- Year:
- 2015
- Volume:
- 11
- Issue:
- 4
- Issue Sort Value:
- 2015-0011-0004-0000
- Page Start:
- 374
- Page End:
- 397
- Publication Date:
- 2015-11-02
- Subjects:
- Mobile devices -- Java Card -- Secure channel -- Secure element -- Smart card -- SRP
Ubiquitous computing -- Periodicals
Mobile computing -- Periodicals
Computer network protocols -- Periodicals
Computer network architectures -- Periodicals
Application software -- Development -- Periodicals
004.6 - Journal URLs:
- http://info.emeraldinsight.com/products/journals/journals.htm?PHPSESSID=hprfp8ctb78gnbgodr3rkog6s0&id=ijpcc ↗
http://www.emeraldinsight.com/ ↗
http://www.troubador.co.uk/jpcc/ ↗ - DOI:
- 10.1108/IJPCC-09-2015-0032 ↗
- Languages:
- English
- ISSNs:
- 1742-7371
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.452750
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 9906.xml