Mobility in conjunction with communication facilities in the form of mobile telephony seems to be one of the major technology trends observed throughout the last decade. Many experts and analysts expect that the arrival of mobile services such as mobile commerce, location-based services, multi-media messaging, and mobile gaming in the third generation of mobile networks will be the next step in this success story. However, protecting service providers from fraud and mobile users from new threats such as identity theft or other attacks on privacy and security matters is equally challenging. Historically, cryptography has been used to protect information in the digital world from eavesdropping or tampering. In future person-to-person and person-to-service interaction scenarios cryptography will be of at least equal importance. However, the situation today is not people-centric but more application-centric, i.e. for each application new security measures are defined and implemented. As an example one may just consider that almost any access control in the Internet is managed through simple account/password schemes different for each application. But passwords are known to be a generally weak security measure in many practical settings. From the user perspective the account/password approach additionally leads to numerous login accounts an individual has to manage - something which is inconvenient and as a consequence often error-prone. Cryptographic measures can be applied but shifting towards such mechanisms especially in mobile settings is often hard to implement since people cannot easily carry around their personal cryptographic keys, let alone memorize them or input them when needed. Therefore, we believe that some kind of personal security assistant or device is needed that safely keeps a user's security-sensitive data and enforces the user's security-related interests. Otherwise, people will be forced to use traditional weak protection mechanisms that are applicable without strong cryptographic measures - a situation we do not think is desirable in the digital age of tomorrow. Smartcards are devices that could be used to solve at least some of the problems mentioned. They are tamper-resistant, can safely store information, are able to perform unobserved (cryptographic) operations, and can be conveniently carried around. As such they seem to be ideal candidates for personal security modules. However, it is yet unclear how smartcards can be empowered to actually play the role of true personal and ubiquitous security modules. Furthermore, the smartcard alone is not sufficient to act as a security module since it lacks reasonable user interfaces such as a display and input facilities. Thus, suitable terminals are needed that allow users to communicate with their smartcards, i.e. personal security modules are comprised of suitable terminals and personalized smartcards that work together in order to fulfill the users' needs. Henceforth, this thesis will contribute approaches, architectures, protocols, and systems how smartcards can be put in place to become true security modules for people in the digital age. The most visible contributions of this thesis are as follows: The JiniCard framework for the integration of off-the-shelf smartcards into local environments. It enables smartcards that have traditionally played the role of passive servers to become truely active entities after they are inserted into suitably configured card terminals. Users could carry around their smartcard, insert them into available readers and make immediate use of their security services. The approach is centered around the idea to dynamically instantiate ``software substitutes'' for resource-limited devices such as smartcards. The so-called Personal Card Assistant approach solving the problem of smartcard usage in a ``hostile'' environment. It is comprised of an off-the-shelf personalized user terminal - such as a PDA - that cooperates with a personal smartcard. The personal terminal is used instead of terminals considered to be public, i.e. it acts as a ``trust amplifier'' for its user. The advantage is that mobile users communicate with their smartcard through their own mobile terminal which they possibly consider much more trustworthy than other unknown components. The personal terminal and the smartcard are linked together using cryptographic measures such that no device is usable without the other. The WebSIM system that integrates into the Internet the SIM smartcards found in all GSM mobile phones. In this approach people now can use mobile phones as ``wireless smartcard readers'' which are reachable from the Internet by means of a small HTTP Web server implemented in the SIM. This approach allows among others to perform security-critical operations such as authentication to be initiated from a remote context, e.g. from an Internet shop. Hence, smartcards become Internet nodes that encapsulate security services a mobile user offers to peers. The SIMspeak platform allowing for the execution of mobile code within a smartcard. This approach was motivated by the need for end-to-end secure communication between a service provider and its customer and the ability to easily create electronic signatures on small devices. It allows a service provider to ``rent'' persistent storage on a user's personal smartcard, e.g. to store cryptographic keys used to send end-to-end encrypted mobile code from the provider to the user's smartcard. The smartcard then becomes the most active component in a personal security module and uses available terminals to communicate with its user. This approach essentially shifts as much security-critical components and computations as possible from less trustworthy components into the secure context of the smartcard. This approach leads to new trust models for smartcard issuers which can be particularly well applied in the context of electronic signature creation in mobile scenarios. These results can be used independently from each other but equally well composed into more general security solutions. As such they can be considered as building blocks enabling the composition of suitable personal security modules meeting the personal security demands of the future. Summing up, this thesis provides solutions to the question how smartcards can become true personal security modules. It does this by proposing concrete architectures and protocols all of which have been prototypically implemented to yield meaningful proofs-of-concepts.
|Dienstnutzung ist in vielerlei Szenarien geprägt durch den Einsatz von Passworten als Mechanismus zur Benutzerauthentifikation. Dieses Verfahren ist sowohl unbequem für die Benutzer, da diese sich u.U. viele verschiedenen Benutzernamen und dazugehörige Passworte merken müssen, als auch aus Sicherheitsgesichtspunkten kritisch, da Benutzer oft zur Wahl schwacher Passworte neigen. In der Informationstechnologie wird traditionell Kryptographie eingesetzt, um digitale Inhalte zu schützen oder Identitäten über den Besitz von kryptographischen Schlüsseln zu authentifizieren. Dies erfordert aber den Einsatz von geeigneten Geräten zur Durchführung der kryptographischen Algorithmen und die sichere Speicherung der kryptographischen Schlüssel vor Diebstahl. Chipkarten besitzen genau diese beiden Eigenschaften und stellen daher eine interessante Grundlage für ein persönliches Sicherheitsmodul dar, welches den Menschen bei sicherheitskritischen Operationen wie die Erstellung einer elektronischen Signatur oder Authentifikation unterstützt. Heutzutage findet man allerdings Chipkarten in der Regel nur in anwendungsspezifischen Szenarien und der Einsatz einer universell nutzbaren Chipkarte ist insbesondere unter Integrationsgesichtspunkten weitestgehend ungelöst. Die vorliegende Dissertation schlägt vier verschiedene Ansätze vor, wie dieses Integrationsproblem für ein breites Anwendungsspektrum gelöst werden kann. Ein Rahmenwerk zu Integration von Chipkarten in eine lokale Dienstumgebung mit Hilfe eines Rahmenwerks auf der Basis von mobilem Code. Ein Prinzip zur Kopplung einer Chipkarte mit einem vertrauenswürdigeren mobilen Terminal wie PDA zur sicheren Kommunikation mit einer Chipkarte in einem "feindlichen" Umfeld. Ein System zur Nutzung der GSM Subscriber Identity Module (SIM) in Mobilfunktelefonen als Basis höherwertiger Sicherheitsdienste wie Authentifikation und Erstellung digitaler Signaturen. Eine Chipkarten-residente Plattform zur Ausführung von mobilem Code für die Realisierung von Diensten mit Ende-zu-Ende sicherer Kommunikation zwischen Dienstanbieter und -nutzer. Die Arbeit zeigt, dass diese Ansätze im Rahmen von bestimmten Designdimensionen neue Bereiche abdecken und lefert dadurch signifikante Beiträge zum Verständnis der Rolle von Chipkarten in mobilen Szenarien.||German|
|Chipkarte, Sicherheit, Mobilität, Ubiquitous Computing, SIM, Mobiltelefon||German|
|smartcard, security, mobility, ubiquitous computing, SIM, mobile phone||English|