Publicação
Web browser access to cryptographic hardware
| Resumo: | Cryptographic hardware such as Smart Cards (SCs) is being deployed globally in an increasingly broader spectrum of information services, credit and debit banking cards being a pervasive example of this trend. At the national level, the Portuguese Citizenship Card (PCC) is a high profile example of this technology, allowing users to do online authentication at the government Internet-based services. Despite this increasingly common scenario, web browsers — expect those from the Mozilla Foundation — still have limitations when accessing cryptographic hardware due to the absence of a standard — or at least uniform — mechanism accessible to the programming logic embeddable in web pages. In this project we propose a new mechanism to address such limitations, which will expose SCs to web applications in a clean and uniform way among web browsers. This mechanism is formed by two main elements: a web browser plugin, and a JavaScript (JS) Application Programming Interface (API). The plugin will be in charge of connecting the web browser to the SC. The JS API, accessible through the web browser plugin, will expose the SC features to web applications. With the conclusion of this project we managed to successfully create a web browser plugin which allows web applications to access SC related features, such as the creation of Digital Signature (DS). In our tests we were able to use and check all the features of the plugin across several web browsers (Google Chrome, Internet Explorer, and Firefox ) and operating systems (OSs) (Ubuntu, OS X, Windows). The security analysis that we performed helped us identify the likelihood of possible attacks which could led malicious agents to gain access to the users’ computers, or get their personal and sensitive data. |
|---|---|
| Autores principais: | Braga, Leonel João Fernandes |
| Assunto: | Web Browser Plugin Cryptography Smart Card Public-Key Cryptography Standards PKCS#11 Web Applications Criptografia Aplicações Web |
| Ano: | 2012 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade do Minho |
| Idioma: | inglês |
| Origem: | RepositóriUM - Universidade do Minho |
| Resumo: | Cryptographic hardware such as Smart Cards (SCs) is being deployed globally in an increasingly broader spectrum of information services, credit and debit banking cards being a pervasive example of this trend. At the national level, the Portuguese Citizenship Card (PCC) is a high profile example of this technology, allowing users to do online authentication at the government Internet-based services. Despite this increasingly common scenario, web browsers — expect those from the Mozilla Foundation — still have limitations when accessing cryptographic hardware due to the absence of a standard — or at least uniform — mechanism accessible to the programming logic embeddable in web pages. In this project we propose a new mechanism to address such limitations, which will expose SCs to web applications in a clean and uniform way among web browsers. This mechanism is formed by two main elements: a web browser plugin, and a JavaScript (JS) Application Programming Interface (API). The plugin will be in charge of connecting the web browser to the SC. The JS API, accessible through the web browser plugin, will expose the SC features to web applications. With the conclusion of this project we managed to successfully create a web browser plugin which allows web applications to access SC related features, such as the creation of Digital Signature (DS). In our tests we were able to use and check all the features of the plugin across several web browsers (Google Chrome, Internet Explorer, and Firefox ) and operating systems (OSs) (Ubuntu, OS X, Windows). The security analysis that we performed helped us identify the likelihood of possible attacks which could led malicious agents to gain access to the users’ computers, or get their personal and sensitive data. |
|---|