SlideShare une entreprise Scribd logo

Smart k

Télécharger en tant que PPT, PDF
志芳 陈

SmartK-Smart cards in operating systems at kernel level

Périphériques & matériel
1  sur  28
SmartK-Smart cards in operating systems at kernel level Reporter: 志芳;易 霞;朱 倩;陈 华 钊 Department of Computer Science Hui Zhou University December 2014 Authors:Luigi Catuogno, Roberto Gassira’ , Michele Masullo, Ivan Visconti
OUTLINE •1. Introduction •2. Design and implementation of SmartK •3. Deploying SmartK •4. SalSA:A signed Linux OS distribution •5. Related work •6. Conclusion •7. References
Smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card with embedded integrated circuits. Smart cards can provide identity documentation, authentication, data storage, and application processing. EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions. SmartK is a kernel-level smart card development framework. SmartK provides a simple API that allows kernel modules to interact directly with smart card. SmartK provides a simple framework for smart card management at kernel level. 1. INTRODUCTION •Smart card •EMV •SmartK •Why SmartK The execution of OS functionalities composed of multiple components lying at both kernel and user level, may lead to reduced security and efficiency of the whole system. Instead the execution of kernel level- only services results in better performance and security.
The ATR(Answer To Reset) is a sequence of bytes (up to 33) that contains all information needed to establish the connection between card and reader, as the transfer rate, data representation and the communication protocol. The ISO 7816-3 document defines the format of ATR and the two communication protocols: T =0 and T =1. The T =0 protocol is byte- oriented, and allows one to send just one command per time; The T =1 is a block-oriented protocol and allows one to send sequences of commands. 1. INTRODUCTION •APDU •ATR •Protocol T=0 and protocol T=1 PDU(Protocol Data Unit): 数协议 据 元,是指 等 次之单 对 层 间传 数据的 位。递 单 APDU(Application Protocol Data Unit) 用 数据 元,一般应 协议 单 我 把们 smart card 插入 reader 后,都是通过 APDU Command 来对 smart card 下指令,从而 行并 卡号 号或者进 实现查询 账 卡号余 等功能。额
Leveraging user- level smart card frameworks at kernel level increases overhead due to switches between kernel and user levels. 它就相当于一个 kernel module ,一个具 着安全备 服 功能的务 kernel module ,而 个功能是这 smart card 提供的。 Fig.1
2. Design and implementation of SmartK • 2.1 The interface and modules • 2.2 Implementation details • 2.3 The test modules • 2.4 Implementation
2.1 the interface and modules The framework exports 3 functions: ▪ smartk_init_card(): to activate the card. ▪ smartk_data(BYTE *new_cmd, int len_cmd, BYTE *new_rsp, int *len_rsp): to send an APDU to the activated smart card( 已激活的卡 ) and to receive the answer (BYTE is a typedef of unsigned char). ▪ smartk_cleanup_card(): to disactivate the card. All the functions return -1 on error.
SmartK is composed by four modules: ▪ smartk.o: the core of the framework ▪ pt_t0_smartk.o: implements the API according to the T=0 protocol. ▪ ifd_towitoko_smartk.o: the Towitoko reader's driver ▪ io_serial_smartk.o: a simple interface with the serial port. 2.1 the interface and modules
The module smartk.o provides the methods register_protocol_smartk, register_ifd_smartk and register_io_smartk that are invoked to plug the components in the framework. These methods link the related objects to the object core. Once the smartk.o module has been loaded, it instantiates the object core. Then, during their initialization phase, the other modules instance their own objects and register them by means of the corresponding registration procedure. A pt_smartk object implements the communication protocol with the smart card (in our prototype, only the protocol T ?0 is provided). It features a very simple interface composed by three methods: activate_card, data and deactivate_card. An ifd_smartk object implements the functions required by the communication with the reader. Its methods allow one to enable and disable the reader and the card, to transmit/receive data and to power on/off the card. An io_smartk object takes care of maintaining the status of the communication with the I/O port. This object summarizes the status of the port (the serial port in our prototype) and provides a set of methods to init/free the port, set/get communication parameters (e.g., baud rate, parity), send/receive data to/from the port. 2.2 Implementation details Fig.2-- SmartK data structures
The communication protocol is implemented by the object t0 of the class pt_smartk (module pt_t0_smartk.o).This object implements the T =0 protocol as defined by the ISO 7816-3 document. The object towitoko of the class ifd_smartk (module ifd_-towitoko_smartk.o) implements the driver of the reader. The object serial of the class io_smartk (module io_serial_smartk.o) performs the communication with the serial. . 2.2 Implementation details Fig.2-- SmartK data structures
In order to set up the SmartK environment, we suggest to configure the kernel to load the module serial.o as a dynamic module. All modules should be loaded in this order: smartk.o, io_serial_smartk.o (that loads serial.o on its own), ifd_towitoko_smartk.o, and finally the module pt_t0_smartk.o. 2.2 Implementation details Fig.2-- SmartK data structures
2.3 The test modules The module test_mod is a practical example of a SmartK end user module. It was initially developed for debugging purposes, but it is a useful tool for the development of simple user-level card-aware applications. More precisely, this module is an example of how to write a kernel service that uses SmartK. Specifically, the service given by this module is to allow user applications the use of any reader, card and port by means of SmartK.
Fig.3--Size (in bytes) of the SmartK’s image in memory 2.4 Implementation SmartK has been implemented as a set of kernel modules that implement each aspect of the communication between applications and cards, and that communicate by means of a general interface. The design of SmartK is intended to be modular in order to allow system administrators to choose freely among different readers and cards. SmartK supports the update of any “plug-in” (e.g., card communication protocol, reader, reader connection port) at run-time. Moreover, SmartK does not significantly affect kernel performances and does not significantly increase the size of the kernel memory image. In Fig. 3 we show the size in bytes of each module. The whole framework uses about 25 Kb (the PC/SC lite libraries spans over 800 Kb)
3. Deploying SmartK 3.1 Accessing system-level kerberized services 3.2 Run-time verification of executables •3.2.1 WLF overview •3.2.2 The SmartK key management scheme for WLF 3.3 TCFS •3.3.1 TCFSCards
3.1 Accessing system-level kerberized services Kerberos is an authentication system based on the existence of a trusted third-party that authenticate users of a DCE. The security problem of Kerberos is that an attacker can use a password guessing approach (by means of an off-line attack) to obtain the credential of another user.
3.2 Run-time verification of executables •3.2.1 WLF overview •3.2.2 The SmartK key management scheme for WLF
3.2 Run-time verification of executables Run-time verification of the integrity of executables, is one of the approaches for preventing execution of malicious code on a networked computer. Informally, with this technique, the executables of the operating system are extended with a digital signature that the loader verifies each time the execution is invoked. The execution continues only if the verification process succeeds. In case an intrusion occurs, the malicious code possibly installed by the intruder (e.g., rootkits), will not be executed by the operating system.
3.2.1 WLF overview •WLF •Create Keys •Store Keys The WLF project proposes a prototypical implementation of an architecture for integrity checking of executables at run time for the Linux operating system. In a system equipped with WLF, all executables have been signed before their installation. The kernel (that is assumed to be safe) is provided with the public keys of the trusted software providers. Each time an execution is invoked, the kernel verifies the corresponding files. In case the verification succeeds, then the execution is performed as usual, otherwise the execution fails. In the Linux kernel, each executable is interpreted and executed by an appropriate handler. In a WLF system each handler includes a verify() function that accomplishes the signature verification task. Public keys are managed by a distinct module (that we call key agent), that takes care of retrieving keys from a given repository and of providing them to a WLF handler.
The signature of executable files is performed by running the following procedure: 1. The system is booted in secure mode (i.e., disconnected from the network and provided by the needed private keys). 2. The administrator installs all unsigned packages and then signs them with the signature tools (wlfsign and scriptsign). 3. The administrator removes private keys from the system and reboots it in normal mode updating the public-key repository with each new public key that is needed to verify the new signed executables.
3.2.2 The SmartK key management scheme for WLF The SmartK Key Management scheme (SKM) is a kernel module that implements a key agent for WLF. When SKM is run, it loads in memory all public keys that are stored on a given smart card, that we refer to as WLFCard, by means of the APIs of SmartK, and then, it provides to the WLF handlers all required public keys. Therefore, secure verification of executables is performed by running all steps at kernel level.
3.3 TCFS(Transparent Cryptographic File System A Linux kernel module named TCFS client provides all services of an NFS client and moreover, it features file and directory encryption per-file and per-user. In other words, on a TCFS file system, users can decide which files and/or directories have to be encrypted. Key management is a critical issue in cryptographic systems. In the design of TCFS, key management has been kept separated from the actual cryptographic file system. TCFS simply provides a raw interface to obtain the master key from the user by means of an ad-hoc ioctl call. Hence, in TCFS, a key management scheme is implemented on top of this interface as a suite of utilities that handle authenticated sessions with the user and once obtained the master key, simple push it into the core of TCFS.
3.3.1 TCFSCards TCFSCards stores the owner’s master key but never reveals it. two advantages: First, the master key is never exposed to the client machine. Moreover, communication with the card does not occur in user-space but is directly accomplished by the operating system out of the user responsibility, hence, a malicious client can obtain a certain number of file keys but not the master key. Second, adversaries who impersonate a legitimate user, can not obtain any file key if the user’s TCFSCard is not present in the reader.
4. SalSA:A signed Linux OS distribution The SalSA Linux Distribution is based on a vanilla Linux Kernel which natively features WLF and SmartK modules. SalSA is a Linux OS distribution in which, in short: • all interpreters, libraries and executables are natively signed; • only signed code can be run by the OS • a package distribution service allows the system administrator (subscriber) to securely download and install signed updates and software packages from a pre-configured set of trusted providers; • the system administrator is enabled to locally self-sign software she builds from third-party sources.
5. Related word In this section we briefly describe some architectures which embeds smart card/security devices management in the operating system.
•The Windows smart card subsystem •Trusted computing 5. Related word The Microsoft Windows smart card subsystem architecture consists of: reader driver library, device drivers, resource manager, and service providers. Trusted Computing (TC) aims at providing a framework to establish trust among the components of a heterogeneous computing environment.
6. Conclusion In this paper, we presented SmartK: a kernel-level framework for development of smart card applications for the Linux operating system.We argued that the integration in the kernel of such a tool, achieves a more compact and robust implementation of any intrinsically kernel-level security service based on smart card features. In order to validate our approach, we proposed to apply SmartK to three OS-level security services: 1) in-kernel security services authentication through Kerberos; 2) handling the key repository for a run-time code-signing infrastructure (WLF); 3) providing a secure keystore for a distributed cryptographic file system. We stress that all such applications are kernel-level oriented and thus they represent the natural “end-users” for SmartK. In addition, we presented the prototype of a new Linux OS distribution: SalSA Linux, which addresses the problem of securely deploying software over the Internet. SalSA Linux is built on top of SmartK and WLF. We stress that SalSA Linux is suitable for the security of critical network appliances and for embedded Linux-boxes as it provides a secure mechanism to manage system updates.
7. REFERENCES 1. Anderson R, http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html; 2003. 2. ArbaughW, Farber D, Smith J. A secure and reliable bootstrap architecture. In: Proceedings of 1997 IEEE symposiumonsecurity and privacy. IEEE Computer Society Press; 1997. p. 65e71. 3. Beattie SM, Black AP, Cowan C, Pu C, Yang LP. CryptoMark: locking the Stable door ahead of the Trojan Horse. White Paper, WireX Communications Inc; 2000. 4. Bovet DP, Cesati M. Understanding the Linux kernel. 2nd ed. O’Reilly Associates, Inc; 2002. 5. Cattaneo G, Catuogno L, Del Sorbo A, . Persiano G. The design and the implementation of a transparent cryptographic file-system for UNIX. In: Proceedings of the 2001 USENIX annual technical conference e FREENIX track Boston MA (US), June 25e30. Berkeley, CA: The USENIX Association; 2001. p. 199e212.
NKSTHA Q A

Recommandé

Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
FPGA Based IP Core Initialization for Ps2-Vga Peripherals Using Microblaze Pr...
FPGA Based IP Core Initialization for Ps2-Vga Peripherals Using Microblaze Pr...FPGA Based IP Core Initialization for Ps2-Vga Peripherals Using Microblaze Pr...
FPGA Based IP Core Initialization for Ps2-Vga Peripherals Using Microblaze Pr...IJERA Editor
 
Network and Computer security
Network and Computer securityNetwork and Computer security
Network and Computer securityDeepak John
 
585 589
585 589585 589
585 589Editor IJARCET
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
 

Recommandé

Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Building HMI with VB Tutorial [1998]
Building HMI with VB Tutorial [1998]Sarod Paichayonrittha
 
FPGA Based IP Core Initialization for Ps2-Vga Peripherals Using Microblaze Pr...
FPGA Based IP Core Initialization for Ps2-Vga Peripherals Using Microblaze Pr...FPGA Based IP Core Initialization for Ps2-Vga Peripherals Using Microblaze Pr...
FPGA Based IP Core Initialization for Ps2-Vga Peripherals Using Microblaze Pr...IJERA Editor
 
Network and Computer security
Network and Computer securityNetwork and Computer security
Network and Computer securityDeepak John
 
585 589
585 589585 589
585 589Editor IJARCET
 
Stuxnet dc9723
Stuxnet dc9723Stuxnet dc9723
Stuxnet dc9723Iftach Ian Amit
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Demystifying Secure enclave processor
Demystifying Secure enclave processorDemystifying Secure enclave processor
Demystifying Secure enclave processorPriyanka Aash
 
Step-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformStep-by-step Development of an Application for the Java Card Connected Platform
Step-by-step Development of an Application for the Java Card Connected PlatformEric Vétillard
 
Defense
DefenseDefense
DefenseTawfiq Shah
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsPriyanka Aash
 
Pc hardware
Pc hardwarePc hardware
Pc hardwarekim36881431
 
Java Card 2.x FAQ (2001)
Java Card 2.x FAQ (2001)Java Card 2.x FAQ (2001)
Java Card 2.x FAQ (2001)Julien SIMON
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseSajid Marwat
 
Rodrigo Almeida - Microkernel development from project to implementation
Rodrigo Almeida - Microkernel development from project to implementationRodrigo Almeida - Microkernel development from project to implementation
Rodrigo Almeida - Microkernel development from project to implementationFelipe Prado
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 
FIPS 201 / PIV
FIPS 201 / PIVFIPS 201 / PIV
FIPS 201 / PIVAnshuman Sinha
 
G05124550
G05124550G05124550
G05124550IOSR-JEN
 
La historia del perú
La historia del perúLa historia del perú
La historia del perúMelldr
 
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined No-Nonsense Products Of Hotels In Marrakech 5 Star Examined
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined rhetoricallabor11
 
Apuntes 08.10
Apuntes 08.10Apuntes 08.10
Apuntes 08.10Priscilla Sanches Salles
 
Excel libro celda
Excel libro celdaExcel libro celda
Excel libro celdamales11
 
Love Play UK, a sample of what you can find on our website.
Love Play UK, a sample of what you can find on our website.Love Play UK, a sample of what you can find on our website.
Love Play UK, a sample of what you can find on our website.Love Play UK at Nell's Emporium
 
Sangre
SangreSangre
SangreSebastian Castillo
 
Final RKIC CaseStudy Presentation
Final RKIC CaseStudy PresentationFinal RKIC CaseStudy Presentation
Final RKIC CaseStudy PresentationSanford Terrance
 
La historia del peru
La historia del peruLa historia del peru
La historia del peruWilder Orellana
 
13 de octubre de 2013
13 de octubre de 201313 de octubre de 2013
13 de octubre de 2013Maria Aguilar
 
Flood light revista
Flood light revista Flood light revista
Flood light revista 123gerardo5678
 
ProCure Norman transcript
ProCure Norman transcriptProCure Norman transcript
ProCure Norman transcriptCourtney Stephens
 
Scrittura scarabocchi
Scrittura scarabocchiScrittura scarabocchi
Scrittura scarabocchiimartini
 
La filosofía política
La filosofía políticaLa filosofía política
La filosofía políticaMartín De La Ravanal
 

Contenu connexe

Tendances

Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsPriyanka Aash
 
Java Card 2.x FAQ (2001)
Java Card 2.x FAQ (2001)Java Card 2.x FAQ (2001)
Java Card 2.x FAQ (2001)Julien SIMON
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseSajid Marwat
 
Rodrigo Almeida - Microkernel development from project to implementation
Rodrigo Almeida - Microkernel development from project to implementationRodrigo Almeida - Microkernel development from project to implementation
Rodrigo Almeida - Microkernel development from project to implementationFelipe Prado
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Byres Security Inc.
 

Tendances (9)

Defense
DefenseDefense
Defense
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
 
Pc hardware
Pc hardwarePc hardware
Pc hardware
 
Java Card 2.x FAQ (2001)
Java Card 2.x FAQ (2001)Java Card 2.x FAQ (2001)
Java Card 2.x FAQ (2001)
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing Base
 
Rodrigo Almeida - Microkernel development from project to implementation
Rodrigo Almeida - Microkernel development from project to implementationRodrigo Almeida - Microkernel development from project to implementation
Rodrigo Almeida - Microkernel development from project to implementation
 
Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2Mission Critical Security in a Post-Stuxnet World Part 2
Mission Critical Security in a Post-Stuxnet World Part 2
 
FIPS 201 / PIV
FIPS 201 / PIVFIPS 201 / PIV
FIPS 201 / PIV
 
G05124550
G05124550G05124550
G05124550
 

En vedette

La historia del perú
La historia del perúLa historia del perú
La historia del perúMelldr
 
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined No-Nonsense Products Of Hotels In Marrakech 5 Star Examined
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined rhetoricallabor11
 
Excel libro celda
Excel libro celdaExcel libro celda
Excel libro celdamales11
 
Love Play UK, a sample of what you can find on our website.
Love Play UK, a sample of what you can find on our website.Love Play UK, a sample of what you can find on our website.
Love Play UK, a sample of what you can find on our website.Love Play UK at Nell's Emporium
 
Final RKIC CaseStudy Presentation
Final RKIC CaseStudy PresentationFinal RKIC CaseStudy Presentation
Final RKIC CaseStudy PresentationSanford Terrance
 
13 de octubre de 2013
13 de octubre de 201313 de octubre de 2013
13 de octubre de 2013Maria Aguilar
 
Scrittura scarabocchi
Scrittura scarabocchiScrittura scarabocchi
Scrittura scarabocchiimartini
 
Relación entre urbanismo y corrupción
Relación entre urbanismo y corrupciónRelación entre urbanismo y corrupción
Relación entre urbanismo y corrupciónIbiza Melián
 
September 2013
September 2013September 2013
September 2013Dirk Vens
 

En vedette (18)

La historia del perú
La historia del perúLa historia del perú
La historia del perú
 
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined No-Nonsense Products Of Hotels In Marrakech 5 Star Examined
No-Nonsense Products Of Hotels In Marrakech 5 Star Examined
 
Apuntes 08.10
Apuntes 08.10Apuntes 08.10
Apuntes 08.10
 
Excel libro celda
Excel libro celdaExcel libro celda
Excel libro celda
 
Love Play UK, a sample of what you can find on our website.
Love Play UK, a sample of what you can find on our website.Love Play UK, a sample of what you can find on our website.
Love Play UK, a sample of what you can find on our website.
 
Sangre
SangreSangre
Sangre
 
Final RKIC CaseStudy Presentation
Final RKIC CaseStudy PresentationFinal RKIC CaseStudy Presentation
Final RKIC CaseStudy Presentation
 
La historia del peru
La historia del peruLa historia del peru
La historia del peru
 
13 de octubre de 2013
13 de octubre de 201313 de octubre de 2013
13 de octubre de 2013
 
Flood light revista
Flood light revista Flood light revista
Flood light revista
 
ProCure Norman transcript
ProCure Norman transcriptProCure Norman transcript
ProCure Norman transcript
 
Scrittura scarabocchi
Scrittura scarabocchiScrittura scarabocchi
Scrittura scarabocchi
 
La filosofía política
La filosofía políticaLa filosofía política
La filosofía política
 
Seminario ii
Seminario iiSeminario ii
Seminario ii
 
Notas de histologia 2014
Notas de histologia 2014Notas de histologia 2014
Notas de histologia 2014
 
Jdbc
Jdbc Jdbc
Jdbc
 
Relación entre urbanismo y corrupción
Relación entre urbanismo y corrupciónRelación entre urbanismo y corrupción
Relación entre urbanismo y corrupción
 
September 2013
September 2013September 2013
September 2013
 

Similaire à Smart k

International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...The Linux Foundation
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitiesYiannis Hatzopoulos
 
Fpga based encryption design using vhdl
Fpga based encryption design using vhdlFpga based encryption design using vhdl
Fpga based encryption design using vhdleSAT Publishing House
 
Understanding senetas layer 2 encryption
Understanding senetas layer 2 encryptionUnderstanding senetas layer 2 encryption
Understanding senetas layer 2 encryptionSenetas
 
Secure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationSecure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationeSAT Journals
 
Secure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationSecure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationeSAT Publishing House
 
EVALUATION OF ATM FUNCTIONING USING VHDL AND FPGA
EVALUATION OF ATM FUNCTIONING USING VHDL AND FPGA EVALUATION OF ATM FUNCTIONING USING VHDL AND FPGA
EVALUATION OF ATM FUNCTIONING USING VHDL AND FPGA VLSICS Design
 
Technical Report Vawtrak v2
Technical Report Vawtrak v2Technical Report Vawtrak v2
Technical Report Vawtrak v2Blueliv
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierAlireza Ghahrood
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET Journal
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
 
Fpga based heart rate monitoring system using gsm
Fpga based heart rate monitoring system using gsmFpga based heart rate monitoring system using gsm
Fpga based heart rate monitoring system using gsmAnuj Arora
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverijmnct
 
ProjectVault[VivekKumar_CS-C_6Sem_MIT].pptx
ProjectVault[VivekKumar_CS-C_6Sem_MIT].pptxProjectVault[VivekKumar_CS-C_6Sem_MIT].pptx
ProjectVault[VivekKumar_CS-C_6Sem_MIT].pptxVivek Kumar
 

Similaire à Smart k (20)

International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Sahil_Resume
Sahil_ResumeSahil_Resume
Sahil_Resume
 
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
XPDDS18: Design Session - SGX deep dive and SGX Virtualization Discussion, Ka...
 
VLSI
VLSIVLSI
VLSI
 
VLSI
VLSIVLSI
VLSI
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
 
Fpga based encryption design using vhdl
Fpga based encryption design using vhdlFpga based encryption design using vhdl
Fpga based encryption design using vhdl
 
Understanding senetas layer 2 encryption
Understanding senetas layer 2 encryptionUnderstanding senetas layer 2 encryption
Understanding senetas layer 2 encryption
 
Secure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationSecure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfiguration
 
Secure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationSecure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfiguration
 
EVALUATION OF ATM FUNCTIONING USING VHDL AND FPGA
EVALUATION OF ATM FUNCTIONING USING VHDL AND FPGA EVALUATION OF ATM FUNCTIONING USING VHDL AND FPGA
EVALUATION OF ATM FUNCTIONING USING VHDL AND FPGA
 
Technical Report Vawtrak v2
Technical Report Vawtrak v2Technical Report Vawtrak v2
Technical Report Vawtrak v2
 
Optional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet DossierOptional Reading - Symantec Stuxnet Dossier
Optional Reading - Symantec Stuxnet Dossier
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
 
Embedded two mark question
Embedded two mark questionEmbedded two mark question
Embedded two mark question
 
Proposal of a reliable embedded circuit to control a stepper motor using mic...
Proposal of a reliable embedded circuit to control a stepper motor using mic...Proposal of a reliable embedded circuit to control a stepper motor using mic...
Proposal of a reliable embedded circuit to control a stepper motor using mic...
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure Enclave
 
Fpga based heart rate monitoring system using gsm
Fpga based heart rate monitoring system using gsmFpga based heart rate monitoring system using gsm
Fpga based heart rate monitoring system using gsm
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa server
 
ProjectVault[VivekKumar_CS-C_6Sem_MIT].pptx
ProjectVault[VivekKumar_CS-C_6Sem_MIT].pptxProjectVault[VivekKumar_CS-C_6Sem_MIT].pptx
ProjectVault[VivekKumar_CS-C_6Sem_MIT].pptx
 

Dernier

VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...Suhani Kapoor
 
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...Call Girls in Nagpur High Profile
 
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Call Girls in Nagpur High Profile
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsPooja Nehwal
 
Call Girls Service Kolkata Aishwarya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Call Girls Service Kolkata Aishwarya 🤌 8250192130 🚀 Vip Call Girls KolkataCall Girls Service Kolkata Aishwarya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Call Girls Service Kolkata Aishwarya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Pooja Nehwal
 
Gaya Call Girls #9907093804 Contact Number Escorts Service Gaya
Gaya Call Girls #9907093804 Contact Number Escorts Service GayaGaya Call Girls #9907093804 Contact Number Escorts Service Gaya
Gaya Call Girls #9907093804 Contact Number Escorts Service Gayasrsj9000
 
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...nagunakhan
 
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...ur8mqw8e
 
Low Rate Call Girls Nashik Vedika 7001305949 Independent Escort Service Nashik
Low Rate Call Girls Nashik Vedika 7001305949 Independent Escort Service NashikLow Rate Call Girls Nashik Vedika 7001305949 Independent Escort Service Nashik
Low Rate Call Girls Nashik Vedika 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /WhatsappsBeautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsappssapnasaifi408
 
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Pooja Nehwal
 
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...Pooja Nehwal
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一ga6c6bdl
 
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...nagunakhan
 
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service ThanePallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service ThanePooja Nehwal
 
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 

Dernier (20)

VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
VIP Call Girls Hitech City ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With R...
 
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
(ZARA) Call Girls Jejuri ( 7001035870 ) HI-Fi Pune Escorts Service
 
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
 
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Thane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call GirlsThane Escorts, (Pooja 09892124323), Thane Call Girls
Thane Escorts, (Pooja 09892124323), Thane Call Girls
 
Call Girls Service Kolkata Aishwarya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Call Girls Service Kolkata Aishwarya 🤌 8250192130 🚀 Vip Call Girls KolkataCall Girls Service Kolkata Aishwarya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Call Girls Service Kolkata Aishwarya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
 
Gaya Call Girls #9907093804 Contact Number Escorts Service Gaya
Gaya Call Girls #9907093804 Contact Number Escorts Service GayaGaya Call Girls #9907093804 Contact Number Escorts Service Gaya
Gaya Call Girls #9907093804 Contact Number Escorts Service Gaya
 
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
Russian Call Girls In South Delhi Delhi 9711199012 💋✔💕😘 Independent Escorts D...
 
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
《伯明翰城市大学毕业证成绩单购买》学历证书学位证书区别《复刻原版1:1伯明翰城市大学毕业证书|修改BCU成绩单PDF版》Q微信741003700《BCU学...
 
Low Rate Call Girls Nashik Vedika 7001305949 Independent Escort Service Nashik
Low Rate Call Girls Nashik Vedika 7001305949 Independent Escort Service NashikLow Rate Call Girls Nashik Vedika 7001305949 Independent Escort Service Nashik
Low Rate Call Girls Nashik Vedika 7001305949 Independent Escort Service Nashik
 
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /WhatsappsBeautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
Beautiful Sapna Call Girls CP 9711199012 ☎ Call /Whatsapps
 
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
Kalyan callg Girls, { 07738631006 } || Call Girl In Kalyan Women Seeking Men ...
 
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls Kolkata Chhaya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
WhatsApp 9892124323 ✓Call Girls In Khar ( Mumbai ) secure service - Bandra F...
 
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
如何办理(NUS毕业证书)新加坡国立大学毕业证成绩单留信学历认证原版一比一
 
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
Slim Call Girls Service Badshah Nagar * 9548273370 Naughty Call Girls Service...
 
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service ThanePallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
Pallawi 9167673311 Call Girls in Thane , Independent Escort Service Thane
 
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 

Smart k

  • 1. SmartK-Smart cards in operating systems at kernel level Reporter: 志芳;易 霞;朱 倩;陈 华 钊 Department of Computer Science Hui Zhou University December 2014 Authors:Luigi Catuogno, Roberto Gassira’ , Michele Masullo, Ivan Visconti
  • 2. OUTLINE •1. Introduction •2. Design and implementation of SmartK •3. Deploying SmartK •4. SalSA:A signed Linux OS distribution •5. Related work •6. Conclusion •7. References
  • 3. Smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card with embedded integrated circuits. Smart cards can provide identity documentation, authentication, data storage, and application processing. EMV stands for Europay, MasterCard and Visa, a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions. SmartK is a kernel-level smart card development framework. SmartK provides a simple API that allows kernel modules to interact directly with smart card. SmartK provides a simple framework for smart card management at kernel level. 1. INTRODUCTION •Smart card •EMV •SmartK •Why SmartK The execution of OS functionalities composed of multiple components lying at both kernel and user level, may lead to reduced security and efficiency of the whole system. Instead the execution of kernel level- only services results in better performance and security.
  • 4. The ATR(Answer To Reset) is a sequence of bytes (up to 33) that contains all information needed to establish the connection between card and reader, as the transfer rate, data representation and the communication protocol. The ISO 7816-3 document defines the format of ATR and the two communication protocols: T =0 and T =1. The T =0 protocol is byte- oriented, and allows one to send just one command per time; The T =1 is a block-oriented protocol and allows one to send sequences of commands. 1. INTRODUCTION •APDU •ATR •Protocol T=0 and protocol T=1 PDU(Protocol Data Unit): 数协议 据 元,是指 等 次之单 对 层 间传 数据的 位。递 单 APDU(Application Protocol Data Unit) 用 数据 元,一般应 协议 单 我 把们 smart card 插入 reader 后,都是通过 APDU Command 来对 smart card 下指令,从而 行并 卡号 号或者进 实现查询 账 卡号余 等功能。额
  • 5. Leveraging user- level smart card frameworks at kernel level increases overhead due to switches between kernel and user levels. 它就相当于一个 kernel module ,一个具 着安全备 服 功能的务 kernel module ,而 个功能是这 smart card 提供的。 Fig.1
  • 6. 2. Design and implementation of SmartK • 2.1 The interface and modules • 2.2 Implementation details • 2.3 The test modules • 2.4 Implementation
  • 7. 2.1 the interface and modules The framework exports 3 functions: ▪ smartk_init_card(): to activate the card. ▪ smartk_data(BYTE *new_cmd, int len_cmd, BYTE *new_rsp, int *len_rsp): to send an APDU to the activated smart card( 已激活的卡 ) and to receive the answer (BYTE is a typedef of unsigned char). ▪ smartk_cleanup_card(): to disactivate the card. All the functions return -1 on error.
  • 8. SmartK is composed by four modules: ▪ smartk.o: the core of the framework ▪ pt_t0_smartk.o: implements the API according to the T=0 protocol. ▪ ifd_towitoko_smartk.o: the Towitoko reader's driver ▪ io_serial_smartk.o: a simple interface with the serial port. 2.1 the interface and modules
  • 9. The module smartk.o provides the methods register_protocol_smartk, register_ifd_smartk and register_io_smartk that are invoked to plug the components in the framework. These methods link the related objects to the object core. Once the smartk.o module has been loaded, it instantiates the object core. Then, during their initialization phase, the other modules instance their own objects and register them by means of the corresponding registration procedure. A pt_smartk object implements the communication protocol with the smart card (in our prototype, only the protocol T ?0 is provided). It features a very simple interface composed by three methods: activate_card, data and deactivate_card. An ifd_smartk object implements the functions required by the communication with the reader. Its methods allow one to enable and disable the reader and the card, to transmit/receive data and to power on/off the card. An io_smartk object takes care of maintaining the status of the communication with the I/O port. This object summarizes the status of the port (the serial port in our prototype) and provides a set of methods to init/free the port, set/get communication parameters (e.g., baud rate, parity), send/receive data to/from the port. 2.2 Implementation details Fig.2-- SmartK data structures
  • 10. The communication protocol is implemented by the object t0 of the class pt_smartk (module pt_t0_smartk.o).This object implements the T =0 protocol as defined by the ISO 7816-3 document. The object towitoko of the class ifd_smartk (module ifd_-towitoko_smartk.o) implements the driver of the reader. The object serial of the class io_smartk (module io_serial_smartk.o) performs the communication with the serial. . 2.2 Implementation details Fig.2-- SmartK data structures
  • 11. In order to set up the SmartK environment, we suggest to configure the kernel to load the module serial.o as a dynamic module. All modules should be loaded in this order: smartk.o, io_serial_smartk.o (that loads serial.o on its own), ifd_towitoko_smartk.o, and finally the module pt_t0_smartk.o. 2.2 Implementation details Fig.2-- SmartK data structures
  • 12. 2.3 The test modules The module test_mod is a practical example of a SmartK end user module. It was initially developed for debugging purposes, but it is a useful tool for the development of simple user-level card-aware applications. More precisely, this module is an example of how to write a kernel service that uses SmartK. Specifically, the service given by this module is to allow user applications the use of any reader, card and port by means of SmartK.
  • 13. Fig.3--Size (in bytes) of the SmartK’s image in memory 2.4 Implementation SmartK has been implemented as a set of kernel modules that implement each aspect of the communication between applications and cards, and that communicate by means of a general interface. The design of SmartK is intended to be modular in order to allow system administrators to choose freely among different readers and cards. SmartK supports the update of any “plug-in” (e.g., card communication protocol, reader, reader connection port) at run-time. Moreover, SmartK does not significantly affect kernel performances and does not significantly increase the size of the kernel memory image. In Fig. 3 we show the size in bytes of each module. The whole framework uses about 25 Kb (the PC/SC lite libraries spans over 800 Kb)
  • 14. 3. Deploying SmartK 3.1 Accessing system-level kerberized services 3.2 Run-time verification of executables •3.2.1 WLF overview •3.2.2 The SmartK key management scheme for WLF 3.3 TCFS •3.3.1 TCFSCards
  • 15. 3.1 Accessing system-level kerberized services Kerberos is an authentication system based on the existence of a trusted third-party that authenticate users of a DCE. The security problem of Kerberos is that an attacker can use a password guessing approach (by means of an off-line attack) to obtain the credential of another user.
  • 16. 3.2 Run-time verification of executables •3.2.1 WLF overview •3.2.2 The SmartK key management scheme for WLF
  • 17. 3.2 Run-time verification of executables Run-time verification of the integrity of executables, is one of the approaches for preventing execution of malicious code on a networked computer. Informally, with this technique, the executables of the operating system are extended with a digital signature that the loader verifies each time the execution is invoked. The execution continues only if the verification process succeeds. In case an intrusion occurs, the malicious code possibly installed by the intruder (e.g., rootkits), will not be executed by the operating system.
  • 18. 3.2.1 WLF overview •WLF •Create Keys •Store Keys The WLF project proposes a prototypical implementation of an architecture for integrity checking of executables at run time for the Linux operating system. In a system equipped with WLF, all executables have been signed before their installation. The kernel (that is assumed to be safe) is provided with the public keys of the trusted software providers. Each time an execution is invoked, the kernel verifies the corresponding files. In case the verification succeeds, then the execution is performed as usual, otherwise the execution fails. In the Linux kernel, each executable is interpreted and executed by an appropriate handler. In a WLF system each handler includes a verify() function that accomplishes the signature verification task. Public keys are managed by a distinct module (that we call key agent), that takes care of retrieving keys from a given repository and of providing them to a WLF handler.
  • 19. The signature of executable files is performed by running the following procedure: 1. The system is booted in secure mode (i.e., disconnected from the network and provided by the needed private keys). 2. The administrator installs all unsigned packages and then signs them with the signature tools (wlfsign and scriptsign). 3. The administrator removes private keys from the system and reboots it in normal mode updating the public-key repository with each new public key that is needed to verify the new signed executables.
  • 20. 3.2.2 The SmartK key management scheme for WLF The SmartK Key Management scheme (SKM) is a kernel module that implements a key agent for WLF. When SKM is run, it loads in memory all public keys that are stored on a given smart card, that we refer to as WLFCard, by means of the APIs of SmartK, and then, it provides to the WLF handlers all required public keys. Therefore, secure verification of executables is performed by running all steps at kernel level.
  • 21. 3.3 TCFS(Transparent Cryptographic File System A Linux kernel module named TCFS client provides all services of an NFS client and moreover, it features file and directory encryption per-file and per-user. In other words, on a TCFS file system, users can decide which files and/or directories have to be encrypted. Key management is a critical issue in cryptographic systems. In the design of TCFS, key management has been kept separated from the actual cryptographic file system. TCFS simply provides a raw interface to obtain the master key from the user by means of an ad-hoc ioctl call. Hence, in TCFS, a key management scheme is implemented on top of this interface as a suite of utilities that handle authenticated sessions with the user and once obtained the master key, simple push it into the core of TCFS.
  • 22. 3.3.1 TCFSCards TCFSCards stores the owner’s master key but never reveals it. two advantages: First, the master key is never exposed to the client machine. Moreover, communication with the card does not occur in user-space but is directly accomplished by the operating system out of the user responsibility, hence, a malicious client can obtain a certain number of file keys but not the master key. Second, adversaries who impersonate a legitimate user, can not obtain any file key if the user’s TCFSCard is not present in the reader.
  • 23. 4. SalSA:A signed Linux OS distribution The SalSA Linux Distribution is based on a vanilla Linux Kernel which natively features WLF and SmartK modules. SalSA is a Linux OS distribution in which, in short: • all interpreters, libraries and executables are natively signed; • only signed code can be run by the OS • a package distribution service allows the system administrator (subscriber) to securely download and install signed updates and software packages from a pre-configured set of trusted providers; • the system administrator is enabled to locally self-sign software she builds from third-party sources.
  • 24. 5. Related word In this section we briefly describe some architectures which embeds smart card/security devices management in the operating system.
  • 25. •The Windows smart card subsystem •Trusted computing 5. Related word The Microsoft Windows smart card subsystem architecture consists of: reader driver library, device drivers, resource manager, and service providers. Trusted Computing (TC) aims at providing a framework to establish trust among the components of a heterogeneous computing environment.
  • 26. 6. Conclusion In this paper, we presented SmartK: a kernel-level framework for development of smart card applications for the Linux operating system.We argued that the integration in the kernel of such a tool, achieves a more compact and robust implementation of any intrinsically kernel-level security service based on smart card features. In order to validate our approach, we proposed to apply SmartK to three OS-level security services: 1) in-kernel security services authentication through Kerberos; 2) handling the key repository for a run-time code-signing infrastructure (WLF); 3) providing a secure keystore for a distributed cryptographic file system. We stress that all such applications are kernel-level oriented and thus they represent the natural “end-users” for SmartK. In addition, we presented the prototype of a new Linux OS distribution: SalSA Linux, which addresses the problem of securely deploying software over the Internet. SalSA Linux is built on top of SmartK and WLF. We stress that SalSA Linux is suitable for the security of critical network appliances and for embedded Linux-boxes as it provides a secure mechanism to manage system updates.
  • 27. 7. REFERENCES 1. Anderson R, http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html; 2003. 2. ArbaughW, Farber D, Smith J. A secure and reliable bootstrap architecture. In: Proceedings of 1997 IEEE symposiumonsecurity and privacy. IEEE Computer Society Press; 1997. p. 65e71. 3. Beattie SM, Black AP, Cowan C, Pu C, Yang LP. CryptoMark: locking the Stable door ahead of the Trojan Horse. White Paper, WireX Communications Inc; 2000. 4. Bovet DP, Cesati M. Understanding the Linux kernel. 2nd ed. O’Reilly Associates, Inc; 2002. 5. Cattaneo G, Catuogno L, Del Sorbo A, . Persiano G. The design and the implementation of a transparent cryptographic file-system for UNIX. In: Proceedings of the 2001 USENIX annual technical conference e FREENIX track Boston MA (US), June 25e30. Berkeley, CA: The USENIX Association; 2001. p. 199e212.