Providing a Framework of Solutions to Reduce the Vulnerability of Smart Cards

Document Type : tarvigi

Authors

1 Department of Information Technology, Malek Ashtar University, Tehran, Iran

2 Malek Ashtar University

Abstract

Nowadays, the provision of electronic services under the titles of business and electronic government has become very widespread and unavoidable. Smart cards are one of the most used tools in the process of providing electronic services. Regarding the expansion of the use of smart cards, the category of security and security vulnerability of this tool is equally important. In this research, our goal is to identify the most important vulnerabilities of this type of cards and extract solutions to reduce these vulnerabilities. For this purpose, while examining the types of smart card technologies, architecture, standards, as well as case studies in the field of threats and attacks applied to cards in the country and the world, a list of solutions to deal with these threats was extracted and then using the opinion of experts and implementation Friedman's test, solutions extracted, refined and in the form of four dimensions of software, hardware, operating system and standards, a framework for dealing with these vulnerabilities is presented, which can be considered as passive defense measures in this field. to be The results of this research have resulted in a set of 61         solutions in four areas of hardware, software, operating system and standards of smart cards, which can be noticed by developers and those in charge of smart cards at the national level.
 

Keywords

Smiley face

References

[1] J. D. Twizeyimana and A. Andersson, "The public value of   E-Government–A literature review," Government information quarterly, vol. 36, no. 2, pp. 167-178, 2019.
[2] A. Mohtarami, "Investigating the relationship between information technology and innovation capability of economies: towards a virtual national innovation system", International Journal of Technological Learning, Innovation and Development,  vol. 9, no. 3, pp. 230-249, 2017.
[3] S. R. Chohan, and G. Hu, "Strengthening digital inclusion through e-government: Cohesive ICT training programs to intensify digital competency. Information technology for development", vol. 28, no.1,pp.16-38, 2022.
[4] K. E. Markantonakis, and M. Konstantinos, "Smarty Cards/Tokens Security and Applications," University of London International Academy, vol. I, no. 5, pp. 55-60, ۲۰۰۷.
[5] Hendry, Mike. "Multi-application smart cards: technology and applications". Cambridge university press, 2007.
[6] J. I. den Hartog, and E. P. de Vink, "Virtual Analysis and Reduction of Side-Channel Vulnerabilities of Smartcards," Springer, vol. i, no. 14, p. 26, 2005.
[7] Rohatgi, Paul Kocher, Joshua Jaffe, Benjamin Jun, Pankaj, "Introduction to differential power analysis," Springer, vol. 1, no. 5, pp. 5-27, 2010.
[8] M. Neve, E. Peeters, D. Samyde, and J. Quisquater, "Memories: a survey of their secure uses in smart cards," ieee, vol. i, no. 13, pp. 1-10, 2003.
[9] L. Rivie`re, Julien Bringer, T. Ha Le, and H. Chabanne, "A Novel Simulation Approach for Fault Injection Resistance Evaluation on Smart cards," IEEE, vol. i, no. 12, pp. 1-8, 2015.
[10] B. Fouladi, Konstantinos Markantonakis and Keith Mayes, "Vulnerability Analysis of a Commercial .NET Smart Card," ieee, vol. II, no. 12, pp. 1-15, 2014.
[11] Shostack, Adam. Threat modeling: Designing for security. John Wiley & Sons, 2014.
[12] Mahanta, Hridoy Jyoti, Abul Kalam Azad, and Ajoy Kumar Khan. "Power analysis attack: A vulnerability to smart card security." In 2015 International Conference on Signal Processing and Communication Engineering Systems, pp. 506-510. IEEE, 2015.
[13] P. Hsieh-Tsen, H. W. Yang, and M. S. Hwang, "An enhanced secure smart card-based password authentication scheme." Int. J. Netw. Secur. 22, no. 2. pp. 358-363, 2020.
[14] H. Zhang and M. Li, "Security Vulnerabilities of An Remote Password Authentication Scheme with Smart Card," IEEE, vol. 3, no. 4, pp. 1-4, 2010.
[14] V. Singh, P. Dahiya, and S. Singh, "Smart Card Based Password Authentication and User Anonymity Scheme using ECC and Steganography," ieee, vol. II, no. 6, pp. 1-8, 2014.
[15]M. A. Nor Fazlina, N. Z. Abd Hashim, and H. Chizari, "Security Issues in ATM Smart Card Technology," International Journal of Mathematics and Computational Science, vol. I, no. 4, pp.       199-205, 2015. 
 [16] کاظمی آشتیانی، رسول، خادم، بهروز،   یک پروتکل احراز اصالت دوسویه در کارت هوشمند، نشریه علمی پدافند غیرعامل، دوره 3، شماره 3،  شهریور 1391.
[17] ترابی، میترا، شهیدی نژاد، علی، یک طبقه‌بندی از حملات تزریق SQL و روش‌های دفاع از این حملات در پدافند غیرعامل، نشریه علمی پدافند غیرعامل، دوره 9، شماره 3، صص 117-101، شهریور 1397. DOR:  20.1001.1.20086849.1397.9.3.10.9

Files

History

  • Receive Date: 20 January 2024
  • Revise Date: 28 April 2024
  • Accept Date: 29 June 2024
  • Publish Date: 26 October 2024

Share

How to cite

Statistics