Pascal Urien

Internet card, a smart card as a true Internet node

We have defined a new concept named the Internet smart card. An Internet card is a device that is able to work as a true Internet node, and runs Transmission Control Protocol (TCP) client and TCP server applications (defined by Internet standards like the RFC 2068, HTTP 1.1...). A smart card is a single embedded chip including CPU and memory; the only means of communicating with the outside world is through a serial link. New communication architecture has been studied for both the terminal and the card. Through this stack a smart card shares the network resources located in the terminal. This concept has been implemented in a Java card and a Personal Computer, and the first results are presented here. Our first Internet card includes a web server and a trusted proxy, which add security features to the web connections.

SIP Security Attacks and Solutions: A state-of-the-art review

The fundamental network-security services required for SIP are: preserving the confidentiality and integrity of messaging, preventing replay attacks or message spoofing, providing for the authentication and privacy of the participants in a session, and preventing DoS attacks. This paper introduces the SIP related security problems, illustrates some of identified threats/attacks, their impact on the overall SIP security and a list of indicative solutions and briefly describes SIPs security mechanisms

Toward SSL integration in SIM SmartCards

The Global System for Mobile Communications (GSM) specifications introduce the 03.48 standard to allow the OTA (on-the-air) platform to securely communicate with SIM (subscriber identity module) cards. This standard operates above unreliable links such as SMS instead of reliable transport protocols such as TCP. In this paper, we propose to introduce the SSL (secure sockets layer) protocol in order to assure an end-to-end security and reliability between the SIM card and the OTA server transparently to the terminal. This would have an impact on new services independent of middlemen. A computation of the cryptographic loads demonstrates the enhancement our proposed protocol provides.

An OpenID Provider Based on SSL Smart Cards

This innovative demonstration shows strong authentication (without password) for OPENID, according to a plug and play paradigm, based on SSL smart cards. It presents two user experiences, a plug and play strong authentication with real OpenID WEB sites, and remote identity management by an original identity server compatible with SSL smart cards.

Elliptic curve-based RFID/NFC authentication with temperature sensor input for relay attacks

Unless specifically designed for its prevention, none of the existing RFID authentication protocols are immune to relay attacks. Relay attacks generally involve the presence of one or more adversaries who transfer unmodified messages between a prover and a verifier. Given that the message content is not modified, it is rather difficult to address relay attacks through cryptographic means. Extant attempts to prevent relay attacks involve measuring signal strength, round-trip distance, and ambient conditions in the vicinity of prover and verifier. While a majority of related authentication protocols are based on measuring the round-trip distance between prover and verifier using several single-bit challenge-response pairs, recent discussions include physical proximity verification using ambient conditions to address relay attacks. We provide an overview of existing literature on addressing relay attacks through ambient condition measurements. We then propose an elliptic curve-based mutual authentication protocol that addresses relay attacks based on (a) the surface temperature of the prover as measured by prover and verifier and (b) measured single-bit round-trip times between prover and verifier. We also evaluate the security properties of the proposed authentication protocol.

An Innovative Solution for Cloud Computing Authentication: Grids of EAP-TLS Smart Cards

The increase of authenticating solutions based on RADIUS servers questions the complexity of their administration whose security and confidentiality are often at fault especially within Cloud Computing architectures. More specifically, it raises the concern of server administration in a secure environment for both the granting access’ company and its clients. This paper aims to solve this issue by proposing an innovative paradigm based on a grid of smart cards built on a context of SSL smart cards. We believe that EAP-TLS server smart cards offer the security and the simplicity required for an administration based on distributed servers. We specify the design of a RADIUS server in which EAP messages are fully processed by SSL smart cards. We present the scalability of this server linked to smart card grids whose distributed computation manages the concurrence of numerous authenticating sessions. Lastly, we relate the details of the first experimental results obtained with the RADIUS server and an array composed of 32 Java cards, and demonstrate the feasibility and prospective scalability of this architecture.

Collaboration of SSL smart cards within the WEB2 landscape

This paper introduces a new paradigm for strong authentication within the WEB2 landscape. We detail SSL smart cards working with dual SSL stacks. We describe the structure of a cheap clients platform, and we analyze its real time performances. We also take into account the impact of these infrastructures for WEB servers setup. Finally, we suggest solving scalability issues for credentials distribution, by using AJAX technologies providing friendly and transparent interfaces for identity management purposes.

LLCPS: A new security framework based on TLS for NFC P2P applications in the Internet of Things

The NFC (Near Field Communication) is a promising technology for the Internet of Things (IoT). It enables proximity communications (a few centimeters) with modest throughputs (hundreds Kbit/s) and low power consumption (a few mW). Although this technology is deployed for payment, access control, transport, or file transfer applications, it does not support a security framework. This demonstration presents Peer to Peer (P2P) transactions protected by a new protocol, LLCPS, i.e. the Logical Link Control protocol (LLCP) secured by TLS. LLCPS should enable a wide range of trusted services for the IoT.

Tandem Smart Cards: Enforcing Trust for TLS-Based Network Services

This paper presents a new concept, called tandem, dedicated to smart cards that control TLS-based applications. The originality of this approach is to introduce a collaborative process between a smart card and its docking host. This technology enables the secure downloading of a huge amount of data, in untrustworthy computers. We present software paradigms and APIs that facilitate the practical deployment of such cards. We analyze experimental results, obtained with four commercial SIM cards and general purpose java cards.

Towards a secure Cloud of Secure Elements concepts and experiments with NFC mobiles

This paper introduces an innovative concept dealing with Cloud of Secure Elements (CSE), remotely accessed from NFC enable smartphones. The Near Field Communication (NFC) technology enables proximity and mobile applications dealing with payment, ticketing or access control. The idea behind CSE is to host credentials in connected mobiles, which establish secure sessions with secure elements stored in dedicated grids, thanks to secure NFC proxies. We analyze the properties, such as security, naming, localization, and caching needed by relay protocols used for communication between mobiles and Grid of Secure Elements (GoSE). We present an experimental platform comprising a NFC Android mobile, a NFC proxy, and a grid. Finally observed performances are analyzed and discussed in order to build up an improved version from this first platform.