Enhancement of Security Architecture for Smartcard Based Authentication Protocols
Mohammed, Lawan Ahmed (2004) Enhancement of Security Architecture for Smartcard Based Authentication Protocols. PhD thesis, Universiti Putra Malaysia.
Currently computer systems and software used by the average user offer less security due to rapid growth of vulnerability techniques. This dissertation presents an approach to increase the level of security provided to users when interacting with otherwise unsafe applications and computing systems. It provides a general framework for constructing and analyzing authentication protocols in realistic models of communication networks. This framework provides a sound formalization for the authentication problem and suggests simple and attractive design principles for general authentication protocols. The general approach uses trusted devices (specifically smartcards) to provide an area of secure processing and storage. The key element in this approach is a modular treatment of the authentication problem in cryptographic protocols; this applies to the definition of security, to the design of the protocols, and to their analysis. The definitions are drawn from previous ideas and formalizations and incorporate several aspects that were previously overlooked. To identify the best cryptographic algorithm suitable for smartcard applications, the dissertation also investigates the implementation of Elliptic Curve encryption techniques and presents performance comparisons based on similar techniques. The findings discovered that the proposed Elliptic Curve Cryptograpluc (ECC) method provides greater efficiency than similar method in terms of computational speed. Specifically, several aspects of authentication protocols were studied, and new definitions of this problem were presented in various settings depending on the underlying network. Further, the thesis shows how to systematically transform solutions that work in a model of idealized authenticated communications into solutions that are secure in the realistic setting of wired communication channels such as access control, and online transactions involving contact communication schemes. As with all software development, good design and engineering practices are important for software quality. Rather than thinking of security as an add-on feature to software systems, security should be designed into the system from the earliest stages of requirements gathering through development, testing, integration, and deployment. In view of this, a new approach for dealing with this problem in an object-oriented approach is presented. Some practical illustrations were analyzed based on the Unified Modeling Language (UML) as it applies to modeling authentication/access control schemes in online transactions. In particular, important issues such as how smartcard applications can be modeled using UML techniques and how UML can be used to sketch the operations for implementing a secure access using smartcard has been addressed.
Repository Staff Only: Edit item detail