You are here:   
  1. Home
  2. Chapters
  3. http://scigraph.springernature.com/pub.10.1007/978-3-540-39650-5_11

Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card View Full Text

Ontology type: schema:Chapter     


Chapter Info

DATE

2003

AUTHORS

Helmut Scherzer , Ran Canetti , Paul A. Karger , Hugo Krawczyk , Tal Rabin , David C. Toll

ABSTRACT

This paper presents an authentication protocol for high-assurance smart card operating systems that support download of mutually suspicious applications. Such a protocol is required to be part of the operating system, rather than the traditional smart card approach of allowing applications to do authentication, because strong authentication is essential for the operating system to protect one application from another. The protocol itself is based on the existing IKE protocol [13], used for authentication in IPSEC. What is new is the integration of an IKE-like protocol with authentication of mandatory secrecy and integrity access controls, the recognition that a single PKI-hierarchy cannot certify identity and all possible mandatory access rights, and the use of IKE to resolve privacy problems found in existing smart card authentication protocols. More... »

PAGES

181-200

Book

TITLE

Computer Security – ESORICS 2003

ISBN

978-3-540-20300-1
978-3-540-39650-5

Subjects

  • FOR: Information And Computing Sciences
  • FOR: Computer Software
  • FOR: Data Format

    • Author Affiliations

  • IBM Deutschland GmbH, Secure Systems and Smart Cards, Schönaicher Str. 220, D-71032, Böblingen, Germany
  • IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA
  • Department of Electrical Engineering, Technion, 32000, Haifa, Israel

    • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/978-3-540-39650-5_11

    DOI

    http://dx.doi.org/10.1007/978-3-540-39650-5_11

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1053479282

    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT 

    [
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computer Software", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "IBM Deutschland GmbH, Secure Systems and Smart Cards, Sch\u00f6naicher Str. 220, D-71032, B\u00f6blingen, Germany", 
          "id": "http://www.grid.ac/institutes/grid.424815.e", 
          "name": [
            "IBM Deutschland GmbH, Secure Systems and Smart Cards, Sch\u00f6naicher Str. 220, D-71032, B\u00f6blingen, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Scherzer", 
        "givenName": "Helmut", 
        "id": "sg:person.010113467435.96", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010113467435.96"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA", 
          "id": "http://www.grid.ac/institutes/grid.481554.9", 
          "name": [
            "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Canetti", 
        "givenName": "Ran", 
        "id": "sg:person.012320111457.74", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012320111457.74"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA", 
          "id": "http://www.grid.ac/institutes/grid.481554.9", 
          "name": [
            "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Karger", 
        "givenName": "Paul A.", 
        "id": "sg:person.015233273445.15", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015233273445.15"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Electrical Engineering, Technion, 32000, Haifa, Israel", 
          "id": "http://www.grid.ac/institutes/grid.6451.6", 
          "name": [
            "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA", 
            "Department of Electrical Engineering, Technion, 32000, Haifa, Israel"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Krawczyk", 
        "givenName": "Hugo", 
        "id": "sg:person.013004021661.30", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013004021661.30"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA", 
          "id": "http://www.grid.ac/institutes/grid.481554.9", 
          "name": [
            "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Rabin", 
        "givenName": "Tal", 
        "id": "sg:person.015473523512.58", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015473523512.58"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA", 
          "id": "http://www.grid.ac/institutes/grid.481554.9", 
          "name": [
            "IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Toll", 
        "givenName": "David C.", 
        "id": "sg:person.012150641467.91", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012150641467.91"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2003", 
    "datePublishedReg": "2003-01-01", 
    "description": "This paper presents an authentication protocol for high-assurance smart card operating systems that support download of mutually suspicious applications. Such a protocol is required to be part of the operating system, rather than the traditional smart card approach of allowing applications to do authentication, because strong authentication is essential for the operating system to protect one application from another. The protocol itself is based on the existing IKE protocol [13], used for authentication in IPSEC. What is new is the integration of an IKE-like protocol with authentication of mandatory secrecy and integrity access controls, the recognition that a single PKI-hierarchy cannot certify identity and all possible mandatory access rights, and the use of IKE to resolve privacy problems found in existing smart card authentication protocols.", 
    "editor": [
      {
        "familyName": "Snekkenes", 
        "givenName": "Einar", 
        "type": "Person"
      }, 
      {
        "familyName": "Gollmann", 
        "givenName": "Dieter", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-540-39650-5_11", 
    "inLanguage": "en", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-540-20300-1", 
        "978-3-540-39650-5"
      ], 
      "name": "Computer Security \u2013 ESORICS 2003", 
      "type": "Book"
    }, 
    "keywords": [
      "authentication protocol", 
      "access control", 
      "smart cards", 
      "operating system", 
      "mandatory access control", 
      "strong authentication", 
      "suspicious applications", 
      "privacy problems", 
      "IKE protocol", 
      "access rights", 
      "authentication", 
      "card approach", 
      "cards", 
      "IPsec", 
      "protocol", 
      "privacy", 
      "applications", 
      "download", 
      "system", 
      "secrecy", 
      "recognition", 
      "integration", 
      "Ike", 
      "control", 
      "use", 
      "part", 
      "identity", 
      "rights", 
      "problem", 
      "approach", 
      "paper"
    ], 
    "name": "Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card", 
    "pagination": "181-200", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1053479282"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-540-39650-5_11"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-540-39650-5_11", 
      "https://app.dimensions.ai/details/publication/pub.1053479282"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-20T07:42", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220519/entities/gbq_results/chapter/chapter_172.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-540-39650-5_11"
  }
]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON. 

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-39650-5_11'

    N-Triples is a line-based linked data format ideal for batch operations. 

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-39650-5_11'

    Turtle is a human-readable linked data format. 

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-39650-5_11'

    RDF/XML is a standard XML format for linked data. 

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-39650-5_11'


     

    This table displays all metadata directly associated to this object as RDF triples.

    142 TRIPLES      23 PREDICATES      58 URIs      50 LITERALS      7 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/978-3-540-39650-5_11 schema:about anzsrc-for:08
    2 anzsrc-for:0803
    3 anzsrc-for:0804
    4 schema:author N7e899ec0eb1a404da9fc55b7d95f590d
    5 schema:datePublished 2003
    6 schema:datePublishedReg 2003-01-01
    7 schema:description This paper presents an authentication protocol for high-assurance smart card operating systems that support download of mutually suspicious applications. Such a protocol is required to be part of the operating system, rather than the traditional smart card approach of allowing applications to do authentication, because strong authentication is essential for the operating system to protect one application from another. The protocol itself is based on the existing IKE protocol [13], used for authentication in IPSEC. What is new is the integration of an IKE-like protocol with authentication of mandatory secrecy and integrity access controls, the recognition that a single PKI-hierarchy cannot certify identity and all possible mandatory access rights, and the use of IKE to resolve privacy problems found in existing smart card authentication protocols.
    8 schema:editor Nf293facec4c747aa96ef411a61386d61
    9 schema:genre chapter
    10 schema:inLanguage en
    11 schema:isAccessibleForFree false
    12 schema:isPartOf Ne3a8f9a0cc2748f68c9c41fa3d17735a
    13 schema:keywords IKE protocol
    14 IPsec
    15 Ike
    16 access control
    17 access rights
    18 applications
    19 approach
    20 authentication
    21 authentication protocol
    22 card approach
    23 cards
    24 control
    25 download
    26 identity
    27 integration
    28 mandatory access control
    29 operating system
    30 paper
    31 part
    32 privacy
    33 privacy problems
    34 problem
    35 protocol
    36 recognition
    37 rights
    38 secrecy
    39 smart cards
    40 strong authentication
    41 suspicious applications
    42 system
    43 use
    44 schema:name Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card
    45 schema:pagination 181-200
    46 schema:productId N44fd069127c64da79456a8d9bdb5b67d
    47 Nd02a8b5405f04116b43ae5bb6348ce83
    48 schema:publisher N428e9a2911ec48b58c1ea4222e9e1f57
    49 schema:sameAs https://app.dimensions.ai/details/publication/pub.1053479282
    50 https://doi.org/10.1007/978-3-540-39650-5_11
    51 schema:sdDatePublished 2022-05-20T07:42
    52 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    53 schema:sdPublisher Na45ca9b84c354a868882c77948bf2e66
    54 schema:url https://doi.org/10.1007/978-3-540-39650-5_11
    55 sgo:license sg:explorer/license/
    56 sgo:sdDataset chapters
    57 rdf:type schema:Chapter
    58 N424592d112374cd7905636491f822095 rdf:first sg:person.015233273445.15
    59 rdf:rest Nbd897f8250674c038a8b208bbe380227
    60 N428e9a2911ec48b58c1ea4222e9e1f57 schema:name Springer Nature
    61 rdf:type schema:Organisation
    62 N44fd069127c64da79456a8d9bdb5b67d schema:name doi
    63 schema:value 10.1007/978-3-540-39650-5_11
    64 rdf:type schema:PropertyValue
    65 N7e899ec0eb1a404da9fc55b7d95f590d rdf:first sg:person.010113467435.96
    66 rdf:rest Nf1c6c538cd9340408f36bbf3089b0255
    67 Na45ca9b84c354a868882c77948bf2e66 schema:name Springer Nature - SN SciGraph project
    68 rdf:type schema:Organization
    69 Na7dc352d98a04636bdc460a66cc3864b rdf:first sg:person.015473523512.58
    70 rdf:rest Nd68f03139c32482c88b5b975d5a8927f
    71 Nbd897f8250674c038a8b208bbe380227 rdf:first sg:person.013004021661.30
    72 rdf:rest Na7dc352d98a04636bdc460a66cc3864b
    73 Nc00556f380e845009c4661ca1c870f64 schema:familyName Snekkenes
    74 schema:givenName Einar
    75 rdf:type schema:Person
    76 Nceaaa799e0ad42b9a2908d9c721a3dc6 rdf:first Nd97c1bc3a79843f7b4f7fa601cc118ab
    77 rdf:rest rdf:nil
    78 Nd02a8b5405f04116b43ae5bb6348ce83 schema:name dimensions_id
    79 schema:value pub.1053479282
    80 rdf:type schema:PropertyValue
    81 Nd68f03139c32482c88b5b975d5a8927f rdf:first sg:person.012150641467.91
    82 rdf:rest rdf:nil
    83 Nd97c1bc3a79843f7b4f7fa601cc118ab schema:familyName Gollmann
    84 schema:givenName Dieter
    85 rdf:type schema:Person
    86 Ne3a8f9a0cc2748f68c9c41fa3d17735a schema:isbn 978-3-540-20300-1
    87 978-3-540-39650-5
    88 schema:name Computer Security – ESORICS 2003
    89 rdf:type schema:Book
    90 Nf1c6c538cd9340408f36bbf3089b0255 rdf:first sg:person.012320111457.74
    91 rdf:rest N424592d112374cd7905636491f822095
    92 Nf293facec4c747aa96ef411a61386d61 rdf:first Nc00556f380e845009c4661ca1c870f64
    93 rdf:rest Nceaaa799e0ad42b9a2908d9c721a3dc6
    94 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    95 schema:name Information and Computing Sciences
    96 rdf:type schema:DefinedTerm
    97 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
    98 schema:name Computer Software
    99 rdf:type schema:DefinedTerm
    100 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
    101 schema:name Data Format
    102 rdf:type schema:DefinedTerm
    103 sg:person.010113467435.96 schema:affiliation grid-institutes:grid.424815.e
    104 schema:familyName Scherzer
    105 schema:givenName Helmut
    106 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010113467435.96
    107 rdf:type schema:Person
    108 sg:person.012150641467.91 schema:affiliation grid-institutes:grid.481554.9
    109 schema:familyName Toll
    110 schema:givenName David C.
    111 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012150641467.91
    112 rdf:type schema:Person
    113 sg:person.012320111457.74 schema:affiliation grid-institutes:grid.481554.9
    114 schema:familyName Canetti
    115 schema:givenName Ran
    116 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012320111457.74
    117 rdf:type schema:Person
    118 sg:person.013004021661.30 schema:affiliation grid-institutes:grid.6451.6
    119 schema:familyName Krawczyk
    120 schema:givenName Hugo
    121 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013004021661.30
    122 rdf:type schema:Person
    123 sg:person.015233273445.15 schema:affiliation grid-institutes:grid.481554.9
    124 schema:familyName Karger
    125 schema:givenName Paul A.
    126 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015233273445.15
    127 rdf:type schema:Person
    128 sg:person.015473523512.58 schema:affiliation grid-institutes:grid.481554.9
    129 schema:familyName Rabin
    130 schema:givenName Tal
    131 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015473523512.58
    132 rdf:type schema:Person
    133 grid-institutes:grid.424815.e schema:alternateName IBM Deutschland GmbH, Secure Systems and Smart Cards, Schönaicher Str. 220, D-71032, Böblingen, Germany
    134 schema:name IBM Deutschland GmbH, Secure Systems and Smart Cards, Schönaicher Str. 220, D-71032, Böblingen, Germany
    135 rdf:type schema:Organization
    136 grid-institutes:grid.481554.9 schema:alternateName IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA
    137 schema:name IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA
    138 rdf:type schema:Organization
    139 grid-institutes:grid.6451.6 schema:alternateName Department of Electrical Engineering, Technion, 32000, Haifa, Israel
    140 schema:name Department of Electrical Engineering, Technion, 32000, Haifa, Israel
    141 IBM Research Division, T. J. Watson Research Center, PO Box 704, 10598, Yorktown Heights, NY, USA
    142 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)

    ...