Abstract
In real world smart card applications, smart card log files are mainly used for storing receipts for the successful or otherwise completion of certain events. In traditional single application smart card environments, the decision on which events to be logged was made by the application developer. We believe that in today’s multi-application environments the situation is rather more complicated. If more than one application shares the same smart card, a whole range of new events require logging. In this paper we provide suggestions as to the new events to be logged. Furthermore, we propose a standard format for smart card log files in order to make dispute reconciliation procedures easier and faster, and also to efficiently manage the valuable log file space. Finally, we provide some results from an implementation of the proposed standard format in a Java Card.
The author’s research is funded by Mondex International Ltd. This work is the opinion of the author and does not necessarily represent the view of the funding sponsor.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bishop, M.: A Standard Audit Log Format. In: Proceedings of the 19th National Information Systems Security Conference, pp. 136–145 (1995), Also available in http://seclab.cs.ucdavis.edu/~bishop/scriv/index.html
Bishop, M., Wee, C., Frank, J.: Goal Oriented Auditing and Logging. Technical report, Department of Computer Science, Univeristy of California at Davis (1996), Also available in http://seclab.cs.ucdavis.edu/~bishop/scriv/index.html
Bonyun, D.: The Role of a Well-Defined Auditing Process in the Enforcement of Privacy Policy and Data Security. In: Proceedings of the 1981 IEEE Symposium on Security and Privacy, pp. 19–26 (1981)
Coulouris, G., Dollimore, J., Kindberg, T.: Distributed Systems: Concepts and Design. Addison-Welsey Publishing Company Inc., London (1994)
Gemplus. GemXpresso Reference Manual, Gemplus (1998)
Haber, S., Stornetta, W.S.: How to time-stamp a digital document. Journal of Cryptology 3(2), 99–111 (1996)
Hartel, P., de Jong Frz, E.: Smart cards and card operating systems. In: Conference Proceedings, Int. Conf. UNIFORUM 1996, San-Francisco, California, pp. 725–730 (February 1996)
MAOSCO. MULTOS Reference Manual Ver 1.2. MAOSCO (1998)
MAOSCO. Multos, the smart card gets smarter (July 1998), http://www.multos.com
Markantonakis, C.: Secure Log File Download Mechanisms for Smart Cards. In: Third Smart Card Research and Advanced Application Conference Cardis 1998. LNCS (September 1998)
Markantonakis, C.: An architecture of Audit Logging in a Multiapplication Smart card Environment. In: EICAR 1999 Conference Proceedings, EICAR 1999 E-Commerce and New Media Managing Safety and Malware Challenges Effectively, Aalborg, Denmark (March 1999), ISBN: 87-98727-0-9
Markantonakis, C., Xenitellis, S.: Implementation of a Secure Log File Download Manager for the Java Card. In: CMS 1999 Communications and Multimedia Security, Katholieke Universiteit Leuven, Belgium. Kluwer Academic Publishers, Dordrecht (1999)
Sun Microsystems. The Java Card API Ver 2.0 specification (1998), http://www.javasoft.com/products/javacard/
Sun Microsystems. The Java Card API Ver 2.1 Specification. JavaSoft (1999)
Mondex. Brief description of the mondex log file (1996), http://www.mondex.com/mondex/cgi-bin/printpage.plenglish+global-technology-security
National Computer Security Center (NCSC). A Guide to Understanding Audit in Trusted Systems. Technical report, Department of Defense (DoD), NCSC-TG-001, Library no. S-228-470 (July 1987)
U.S. Department of Defence. Trusted Computer System Evaluation Criteria. Technical report, U.S Department of Defence, Computer Security Center (December 1985)
International Standard Organisation. ISO/IEC 7816-5, Information technology - Identification cards - Integrated Circuit(s) Cards with Contacts, Part 5, Numbering System and Registration Procedure for Application Identifiers. International Organization for Standardization (1994)
International Standard Organisation. ISO/IEC 7816-4, Information technology - Identification cards - Integrated circuits(s) cards with contacts – Inderindustry Commands for Interchange. International Organization for Standardization (1995)
Schneier, B., Kelsey, J.: Cryptographic Support for Secure Logs on Untrusted Machines. In: The Seventh USENIX Security Symposium Proceedings, pp. 53–62. Usenix Press (January 1998)
Simmons, G.J.: Contemporary Cryptology; The Science of Information Integrity. In: Institute of Electrical and Electronic Engineer, Ch.12 (December 1991)
Trane, P., Lecomte, S.: Failure Recovery Using Action Logs for Smart Cards Transactions Based Systems. In: Third IEEE International On-Line Testing Workshop (July 1997)
Vandewalle, J.-J., Vetillard, E.: Developing Smart Card Based Applications Using Java Card. In: Third Smart Card Research and Advanced Application Conference - CARDIS 1998. Springer, Heidelberg (1998) (to be published)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Markantonakis, C. (1999). Boundary Conditions that Influence Decisions about Log File Formats in Multi-application Smart Cards. In: Varadharajan, V., Mu, Y. (eds) Information and Communication Security. ICICS 1999. Lecture Notes in Computer Science, vol 1726. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-47942-0_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-47942-0_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66682-0
Online ISBN: 978-3-540-47942-0
eBook Packages: Springer Book Archive