Efficient Downloading and Updating Application on Smart Cards Yongsu Park, Junyoung Heo, Yookun Cho School of Computer Science and Engineering Seoul National.

Slides:

Advertisements

Similar presentations

1 The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic.

Advertisements

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.

Secure Time Synchronization Service for Sensor Networks S. Ganeriwal, R. Kumar, M. B. Sirvastava Presented by: Kaiqi Xiong 11/28/2005 Computer Science.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

On-the-fly Verification of Erasure-Encoded File Transfers Mike Freedman & Max Krohn NYU Dept of Computer Science.

Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.

Henry C. H. Chen and Patrick P. C. Lee

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Digital Signatures and Hash Functions. Digital Signatures.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada Analysis of Multimedia Authentication Schemes Mohamed Hefeeda (Joint work.

Prepared By: Kopila Sharma  Enables communication between two or more system.  Uses standard network protocols for communication.  Do.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada End-to-End Secure Delivery of Scalable Video Streams Mohamed Hefeeda (Joint.

Harmonic Broadcasting for Video-on- Demand Service Enhanced Harmonic Data Broadcasting And Receiving Scheme For Popular Video Service Li-Shen Juhn and.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

On-The-Fly Verification of Rateless Erasure Codes Max Krohn (MIT CSAIL) Michael Freedman and David Mazières (NYU)

Scheduling with Optimized Communication for Time-Triggered Embedded Systems Slide 1 Scheduling with Optimized Communication for Time-Triggered Embedded.

Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.

May 23, 2007 Archiving ACE: A Novel Software Platform to Ensure the Integrity of Digital Archives Sangchul Song and Joseph JaJa Institute for Advanced.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

1 Information System Security AABFS-Jordan Summer 2006 Digital Signature and Hashing Functions Prepared by: Maher Abu Hamdeh & Adel Hamdan Supervised by:

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

A Double-Efficient Integrity Verification Scheme to Cloud Storage Data Deng Hongyao, Song Xiuli, Tao jingsong 2014 TELKOMNIKA Indonesian Journal of Electrical.

Begin. 1. It contains electronic components used to process data. a. Motherboard Motherboard b. System Unit System Unit c. Processor Processor.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Memory Management ◦ Operating Systems ◦ CS550. Paging and Segmentation  Non-contiguous memory allocation  Fragmentation is a serious problem with contiguous.

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.

Communication Networks

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

SecureMR: A Service Integrity Assurance Framework for MapReduce Author: Wei Wei, Juan Du, Ting Yu, Xiaohui Gu Source: Annual Computer Security Applications.

General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

IVEC: Off-Chip Memory Integrity Protection for Both Security and Reliability Ruirui Huang, G. Edward Suh Cornell University.

Open Conditional Access System By Menno de Jong A DISSERTATION Submitted to The University of Liverpool in partial fulfillment of the requirements for.

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.

ASYNCHRONOUS LARGE-SCALE CERTIFICATION BASED ON CERTIFICATE VERIFICATION TREES Josep Domingo-Ferrer, Marc Alba and Francesc Sebé Dept. of Computer Engineering.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

NETWORK SECURITY.

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

A Low-bandwidth Network File System Athicha Muthitacharoen et al. Presented by Matt Miller September 12, 2002.

Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.

Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware Jong Youl Choi Dept. of Computer Science Indiana University at.

Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

Improvement of Schema-Informed XML Binary Encoding Using Schema Optimization Method BumSuk Jang and Young-guk Ha' Konkuk University, Department of Computer.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.

Security in Sensor Networks By: Tracy Barger, David Friedman, and Stavan Parikh.

Authenticating streamed data in the presence of random packet loss February 8 th, 2001 Philippe Golle Nagendra Modadugu Stanford University.

Unpredictable Software-based Attestation Solution for Node Compromise Detection in Mobile WSN Xinyu Jin 1 Pasd Putthapipat 1 Deng Pan 1 Niki Pissinou 1.

Biometric Encryption Base RSA Algorithm Supervisor: Ass. Prof. Dr. Dang Tran Khanh Student: Dung Ngo Dinh.

Forward Secure Signatures on Smart Cards A. Hülsing, J. Buchmann, C. Busold | TU Darmstadt | A. Hülsing | 1.

Research Title:Analysis of Advanced Cryptography Technologies Hash-based Post-quantum One-time Digital Signature Schemes Dr. Douglas Stebila Kaan Osmanagaoglu.

Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.

Ramya Kandasamy CS 147 Section 3

Computing Hardware.

An efficient biometric based remote user authentication scheme for secure internet of things environment Source: Journal of Intelligent & Fuzzy Systems.

Presentation transcript:

Efficient Downloading and Updating Application on Smart Cards Yongsu Park, Junyoung Heo, Yookun Cho School of Computer Science and Engineering Seoul National University

Download of applications on Smart Cards  2 types of the smart card  Applications are loaded onto the ROM at the time of fabrication  These cards should be used for some specific purpose.  Applications are downloaded onto the FLASH memory when they are required.  This provides flexibility and wide utilities.  Small communication bandwidth, small size of he card’s RAM => Usually, application is divided into blocks, each of which is downloaded into the smart card.

Threats and Security Requirements  Threats for downloading the applications  Downloaded application can be a malicious program.  Downloaded application may be infected by a virus.  Malicious program can illegally modify the files containing e-cash.  Security Requirements  Source authentication of the downloaded blocks  Data integrity of the downloaded blocks  Naive approach – Signing each block  Computationally inefficient  large communication overhead

Previous work  CASCADE with hashes  Requires a large amount of FLASH memory and RAM  CASCADE without hashes  Has a long verification delay of each block  OTA (Ordered Tree Authentication)  Requires a large amount of FLASH memory (e.g., If a block size is 256 bytes and SHA-1 is used, OTA requires 15.6 % overhead)

Proposed Scheme  Proposed scheme  Based on hash-chaining technique  Parameterized scheme  Provides a trade-off between the required FLASH memory size and the verification delay of updating the application.  Two phases  Authentication information generation phase  Transmission phase Sig(H 1 ) M1M1 M2M2 M3M3 M4M4 H(M 4 ||M 5 ) H 1 H 2 H 3 H 4 H(M 3 ||H 4 )H(M 2 ||H 3 )H(M 1 ||H 2 ) M5M5

Downloading the application  Authentication information generation phase 1. An application consists of blocks, M 1, …, M n. 2. A parameter k, k|n. 3. For every n/k chunks, AP computes a hash-chain (without a Sig()). 4. For S 1, …, S k, AP computes a hash chain. H 1 H 4 M1M1 M2M2 M4M4 M5M5 H(M 1 ||H 1 ) H(M 2 ||M 3 )H(M 5 ||M 6 ) H(M 4 ||H 4 ) S 1 S 2 S 3 S 4 M3M3 M6M6 H 7 H 10 M7M7 M8M8 M 10 M 11 H(M 7 ||H 7 ) H(M 8 ||M 9 )H(M 11 ||M 12 ) H(M 11 ||H 11 ) M9M9 M 12 An example (n=12, k=4) Sig AP (I 1 ) S1S1 S2S2 S3S3 S4S4 H(S 3 ||I 4 )H(S 2 ||I 3 )H(S 1 ||I 2 ) I 1 I 2 I 3

Downloading the application (Cont’d)  Transmission phase 1. AP transmits Sig AP (I 1 ), I 1, (S 1, I 2 ), (S 2, I 3 ), …, (S k-2, I k-1 ), (S k-1, S k-2 ) 2. The card verifies S i and then stores Sig AP (I 1 ), S 1, S 2, …, S k in the FLASH memory. 3. AP transmits each hash chain that corresponds to S i 4. The card verifies M i and then stores it in the FLASH memory. H 1 H 4 M1M1 M2M2 M4M4 M5M5 H(M 1 ||H 1 ) H(M 2 ||M 3 )H(M 5 ||M 6 ) H(M 4 ||H 4 ) S 1 S 2 S 3 S 4 M3M3 M6M6 H 7 H 10 M7M7 M8M8 M 10 M 11 H(M 7 ||H 7 ) H(M 8 ||M 9 )H(M 11 ||M 12 ) H(M 11 ||H 11 ) M9M9 M 12 Sig AP (I 1 ) S1S1 S2S2 S3S3 S4S4 H(S 3 ||I 4 )H(S 2 ||I 3 )H(S 1 ||I 2 ) I 1 I 2 I 3

Updating the application  Consider the case when a single block M t is to be updated.  Authentication information generation phase 1. AP recalculates all the hash-chains.  Transmission phase 1. AP transmits Sig AP (I 1 ), I 1, (S 1, I 2 ), (S 2, I 3 ), …, (S k-2, I k-1 ), (S k-1, S k-2 ) 2. The card verifies S i and then stores Sig AP (I 1 ), S 1, S 2, …, S k in the FLASH memory. 3. AP transmits a single hash chain that corresponds to S i which contains M t. 4. The card verifies data blocks and then stores them in the FLASH memory.

Analysis  Amount of required RAM and FLASH memory  Required RAM size: O(1)  FLASH memory overhead: O(k)  Verification Delay  Verification delay of M i : # of hashes to be downloaded for verification after M i is downloaded.  Downloading the application: O(k). By the method in Section 4.2, this can be reduced to O(1).  Updating the application: O(k+n/k)

Comparison

Conclusion  This paper presents an efficient method for authentication of the application that is to be downloaded/updated into the smart card.  The proposed scheme is based on hash chain technique and provide a trade-off between the FLASH memory requirement (O(k)) and verification delay of updating the application (O(n/k))  Moreover, the the required RAM size and verification delay of downloading the application are O(1).