SC 2: Secure communication over smart cards - How to secure off-card matching in security-by-contract for open multi-application smart cards

Abstract

The Security-by-Contract (S×C) framework has recently been proposed to support software evolution in open multi-application smart cards. The key idea lies in the notion of contract, a specification of the security behavior of an application that must be compliant with the security policy of the card hosting the application. In this paper we address a key issue to realize the S×C idea, namely the outsourcing of the contract-policy matching service to a Trusted Third Party (TTP). In particular, we present the design and implementation of SC 2 (Secure Communication over Smart Cards), a system securing the communication between a smart card and the TTP which provides the S×C matching service. © 2012 Springer-Verlag.