Efficient Downloading and Updating Application on Smart Cards Yongsu Park, Junyoung Heo, Yookun Cho...
-
Upload
gabriel-howard -
Category
Documents
-
view
212 -
download
0
Transcript of Efficient Downloading and Updating Application on Smart Cards Yongsu Park, Junyoung Heo, Yookun Cho...
Efficient Downloading and Updating Application on Smart Cards
Yongsu Park, Junyoung Heo, Yookun Cho
School of Computer Science and Engineering
Seoul National University
Download of applications on Smart Cards 2 types of the smart card
Applications are loaded onto the ROM at the time of fabrication These cards should be used for some specific purpose.
Applications are downloaded onto the FLASH memory when they are required.
This provides flexibility and wide utilities. Small communication bandwidth, small size of he card’s RAM
=> Usually, application is divided into blocks, each of which is downloaded into the smart card.
Threats and Security Requirements Threats for downloading the applications
Downloaded application can be a malicious program. Downloaded application may be infected by a virus. Malicious program can illegally modify the files containing e-cash.
Security Requirements Source authentication of the downloaded blocks Data integrity of the downloaded blocks
Naive approach – Signing each block Computationally inefficient large communication overhead
Previous work CASCADE with hashes
Requires a large amount of FLASH memory and RAM
CASCADE without hashes Has a long verification delay of each block
OTA (Ordered Tree Authentication) Requires a large amount of FLASH memory
(e.g., If a block size is 256 bytes and SHA-1 is used, OTA requires 15.6 % overhead)
Proposed Scheme Proposed scheme
Based on hash-chaining technique
Parameterized scheme Provides a trade-off between the required FLASH memory size and the verification
delay of updating the application.
Two phases Authentication information generation phase Transmission phase
Sig(H1)
M1 M2 M3 M4
H(M4||M5)
H1 H2 H3 H4
H(M3||H4)H(M2||H3)H(M1||H2) M5
Downloading the application Authentication information generation phase
1. An application consists of blocks, M1, …, Mn.
2. A parameter k, k|n.
3. For every n/k chunks, AP computes a hash-chain (without a Sig()).
4. For S1, …, Sk, AP computes a hash chain.
H1 H4
M1
M2
M4
M5
H(M1||H1)
H(M2||M3) H(M5||M6)
H(M4||H4)
S1 S2 S3 S4
M3 M6
H7 H10
M7
M8
M10
M11
H(M7||H7)
H(M8||M9) H(M11||M12)
H(M11||H11)
M9 M12
An example (n=12, k=4)
SigAP(I1)
S1 S2 S3
S4H(S3||I4)H(S2||I3)H(S1||I2)
I1 I2 I3
Downloading the application (Cont’d) Transmission phase
1. AP transmits SigAP(I1), I1, (S1, I2), (S2, I3), …, (Sk-2, Ik-1), (Sk-1, Sk-2)
2. The card verifies Si and then stores SigAP(I1), S1, S2, …, Sk in the FLASH memory.
3. AP transmits each hash chain that corresponds to Si
4. The card verifies Mi and then stores it in the FLASH memory.
H1 H4
M1
M2
M4
M5
H(M1||H1)
H(M2||M3) H(M5||M6)
H(M4||H4)
S1 S2 S3 S4
M3 M6
H7 H10
M7
M8
M10
M11
H(M7||H7)
H(M8||M9) H(M11||M12)
H(M11||H11)
M9 M12
SigAP(I1)
S1 S2 S3
S4H(S3||I4)H(S2||I3)H(S1||I2)
I1 I2 I3
Updating the application Consider the case when a single block Mt is to be updated.
Authentication information generation phase1. AP recalculates all the hash-chains.
Transmission phase1. AP transmits SigAP(I1), I1, (S1, I2), (S2, I3), …, (Sk-2, Ik-1), (Sk-1, Sk-2)
2. The card verifies Si and then stores SigAP(I1), S1, S2, …, Sk in the FLASH memory.
3. AP transmits a single hash chain that corresponds to Si which contains Mt.
4. The card verifies data blocks and then stores them in the FLASH memory.
Analysis Amount of required RAM and FLASH memory
Required RAM size: O(1) FLASH memory overhead: O(k)
Verification Delay Verification delay of Mi: # of hashes to be downloaded for
verification after Mi is downloaded. Downloading the application: O(k). By the method in Section 4.2,
this can be reduced to O(1). Updating the application: O(k+n/k)
Comparison
Conclusion This paper presents an efficient method for authentication
of the application that is to be downloaded/updated into the smart card.
The proposed scheme is based on hash chain technique and provide a trade-off between the FLASH memory requirement (O(k)) and verification delay of updating the application (O(n/k))
Moreover, the the required RAM size and verification delay of downloading the application are O(1).