Publicação
Web browser access to cryptographic hardware
| Resumo: | Cryptographic hardware such as Smart Cards (SCs) is being deployed globally in an increasingly broader spectrum of information services, credit and debit banking cards being a pervasive example of this trend. At the national level, the Portuguese Citizenship Card (PCC) is a high profile example of this technology, allowing users to do online authentication at the government Internet-based services. Despite this increasingly common scenario, web browsers — expect those from the Mozilla Foundation — still have limitations when accessing cryptographic hardware due to the absence of a standard — or at least uniform — mechanism accessible to the programming logic embeddable in web pages. In this project we propose a new mechanism to address such limitations, which will expose SCs to web applications in a clean and uniform way among web browsers. This mechanism is formed by two main elements: a web browser plugin, and a JavaScript (JS) Application Programming Interface (API). The plugin will be in charge of connecting the web browser to the SC. The JS API, accessible through the web browser plugin, will expose the SC features to web applications. With the conclusion of this project we managed to successfully create a web browser plugin which allows web applications to access SC related features, such as the creation of Digital Signature (DS). In our tests we were able to use and check all the features of the plugin across several web browsers (Google Chrome, Internet Explorer, and Firefox ) and operating systems (OSs) (Ubuntu, OS X, Windows). The security analysis that we performed helped us identify the likelihood of possible attacks which could led malicious agents to gain access to the users’ computers, or get their personal and sensitive data. |
|---|---|
| Autores principais: | Braga, Leonel João Fernandes |
| Assunto: | Web Browser Plugin Cryptography Smart Card Public-Key Cryptography Standards PKCS#11 Web Applications Criptografia Aplicações Web |
| Ano: | 2012 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade do Minho |
| Idioma: | inglês |
| Origem: | RepositóriUM - Universidade do Minho |
Registos relacionados
school SmartCMD: access to the digital mobile key via a virtual smartcard
por: Santos, Manuel Augusto Capão Estrela
Publicado em: (2021)
por: Santos, Manuel Augusto Capão Estrela
Publicado em: (2021)
school Marca do Dia Electrónica em Smartphones: implementação de um serviço para envio de correio electrónico com marcas temporais
por: Sousa, Ricardo Jorge Gomes Maia de
Publicado em: (2012)
por: Sousa, Ricardo Jorge Gomes Maia de
Publicado em: (2012)
school Construção de um módulo de criptologia
por: Cruz, Sidnei Ramos da
Publicado em: (2008)
por: Cruz, Sidnei Ramos da
Publicado em: (2008)
school Minium Recorder: browser interaction recording
por: Morgado, José Miguel Morais
Publicado em: (2016)
por: Morgado, José Miguel Morais
Publicado em: (2016)
school Scanning the Web for Tor Browser Friendliness
por: Guerra, Tiago Manuel da Silva
Publicado em: (2025)
por: Guerra, Tiago Manuel da Silva
Publicado em: (2025)
article Secret cryptographic key sharing through the integer partition function
por: Nobrega, Daniel Fernandes da
Publicado em: (2025)
por: Nobrega, Daniel Fernandes da
Publicado em: (2025)
school A Mobile Secure Bluetooth-Enabled Cryptographic Provider
por: Rocha, Ivo Miguel da Silva
Publicado em: (2019)
por: Rocha, Ivo Miguel da Silva
Publicado em: (2019)
school Security and performance analysis of the chosen algorithms in the NIST-PQC standartization process
por: Rodrigues, João Carlos Pereira
Publicado em: (2024)
por: Rodrigues, João Carlos Pereira
Publicado em: (2024)
article A deductive verification platform for cryptographic software
por: Barbosa, Manuel
Publicado em: (2010)
por: Barbosa, Manuel
Publicado em: (2010)
school Smaller keys for McEliece cryptosystems using convolutional encoders
por: Sebastião, Cláudia Maria Ferreira
Publicado em: (2022)
por: Sebastião, Cláudia Maria Ferreira
Publicado em: (2022)
school A graphics pipeline for directtly rendering 3D scenes on web browsers
por: Pinto, Edgar Marchiel
Publicado em: (2009)
por: Pinto, Edgar Marchiel
Publicado em: (2009)
groups phpSAFE: A Security Analysis Tool for OOP Web Application Plugins
por: Nunes, Paulo
Publicado em: (2016)
por: Nunes, Paulo
Publicado em: (2016)
groups Digital object rights management: Interoperable client-side DRM middleware
por: Serrão, C.
Publicado em: (2006)
por: Serrão, C.
Publicado em: (2006)
school Criptoanálise quântica da cifra RSA
por: Machado, Pedro Dinis de Paulo
Publicado em: (2025)
por: Machado, Pedro Dinis de Paulo
Publicado em: (2025)
school Development of a browser-based Audio/Video Application using HTML5 and WebRTC
por: Matos, Luís Manuel Tavares de
Publicado em: (2013)
por: Matos, Luís Manuel Tavares de
Publicado em: (2013)
article Using Java and Linux to crack the DES challenge
por: Serrão, Carlos
Publicado em: (1999)
por: Serrão, Carlos
Publicado em: (1999)
school Utilização de reconhecimento de Web browsers para detecção de cliques fraudulentos
por: Carvalho, David Tschan
Publicado em: (2008)
por: Carvalho, David Tschan
Publicado em: (2008)
school PUFs based on Coupled Oscillators Static Entropy
por: Cabacinho, João Pereira
Publicado em: (2022)
por: Cabacinho, João Pereira
Publicado em: (2022)
school Incorporation of quantum technologies in secure communication and computation services
por: Matos, Diogo Filipe Tavares
Publicado em: (2025)
por: Matos, Diogo Filipe Tavares
Publicado em: (2025)
article Geração automática de interfaces web para sistemas de informação : metamorphosis
por: Ramalho, José Carlos
Publicado em: (2005)
por: Ramalho, José Carlos
Publicado em: (2005)
article HaaS - a platform for password cracking in distributed heterogeneous systems
por: Lima, Carlos
Publicado em: (2025)
por: Lima, Carlos
Publicado em: (2025)
school Enhancing E-ID cards authentication with NFC
por: Vale, Tariq Youssef Costa do
Publicado em: (2023)
por: Vale, Tariq Youssef Costa do
Publicado em: (2023)
assignment Identity based cryptography from bilinear pairings
por: Barbosa, Manuel
Publicado em: (2005)
por: Barbosa, Manuel
Publicado em: (2005)
school Esquemas de assinatura digital Lattice-based e experimentação de certificados híbridos com criptografia pós-quântica
por: Abreu, Maria Zita Fiqueli de
Publicado em: (2020)
por: Abreu, Maria Zita Fiqueli de
Publicado em: (2020)
article Quantum computing and its potential for breaking cryptographic ciphers: A technical-legal analysis
por: Sousa, João
Publicado em: (2026)
por: Sousa, João
Publicado em: (2026)
groups A convolutional variant of the McEliece cryptosystem with GRS codes
por: Almeida, Paulo
Publicado em: (2024)
por: Almeida, Paulo
Publicado em: (2024)
school Verificação de software criptográfico de elevado desempenho
por: Oliveira, Tiago Filipe Azevedo
Publicado em: (2012)
por: Oliveira, Tiago Filipe Azevedo
Publicado em: (2012)
school Security and Simulation in Modern Computer Hardware
por: Neves, Samuel Custódio Pereira
Publicado em: (2023)
por: Neves, Samuel Custódio Pereira
Publicado em: (2023)
school Towards secure layer-2 blockchain solution using TEEs
por: Ribeiro, Vítor Hugo da Silva
Publicado em: (2023)
por: Ribeiro, Vítor Hugo da Silva
Publicado em: (2023)
school Secure Share of Information in Web Groups
por: Lizardo, André Manuel Casaca
Publicado em: (2017)
por: Lizardo, André Manuel Casaca
Publicado em: (2017)
article A Survey of Key Bootstrapping Protocols Based on Public Key Cryptography in the Internet of Things
por: Malik, Manisha
Publicado em: (2019)
por: Malik, Manisha
Publicado em: (2019)
school Plataforma de teste a aplicações web suportando múltiplos web-browsers
por: Carvalho, Paulo Luciano Simões de
Publicado em: (2010)
por: Carvalho, Paulo Luciano Simões de
Publicado em: (2010)
article Energy Wars - Chrome vs. Firefox Which browser is more energy efficient?
por: Macedo, João
Publicado em: (2020)
por: Macedo, João
Publicado em: (2020)
school Modelo de desenvolvimento e avaliação de infra-estruturas de chave pública
por: Rodrigues, Paulo Miguel Ramos
Publicado em: (2005)
por: Rodrigues, Paulo Miguel Ramos
Publicado em: (2005)
school CRIPTOGRAFIA RSA CRIVO QUADRÁTICO
por: Songo, José Diogo
Publicado em: (2024)
por: Songo, José Diogo
Publicado em: (2024)
article Delegatable homomorphic encryption with applications to secure outsourcing of computation
por: Barbosa, Manuel
Publicado em: (2012)
por: Barbosa, Manuel
Publicado em: (2012)
school Cryptographic Key Exchange Protocols: Algebraic Structures, Stickel’s Protocol, and Monoid Investigations
por: Ascensão, Madalena Bravo Ferro da
Publicado em: (2024)
por: Ascensão, Madalena Bravo Ferro da
Publicado em: (2024)
article Machine-checked proofs for cryptographic standards indifferentiability of SPONGE and secure high-assurance implementations of SHA-3
por: Almeida, José Bacelar
Publicado em: (2019)
por: Almeida, José Bacelar
Publicado em: (2019)
school Novo paradigma de navegação Web : separadores hierárquicos com integração de favoritos e histórico
por: Costa, João Pedro da Cunha e Silva Martins
Publicado em: (2010)
por: Costa, João Pedro da Cunha e Silva Martins
Publicado em: (2010)
school Browser energy efficiency in android
por: Gonçalves, Nelson Adriano Sequeira
Publicado em: (2022)
por: Gonçalves, Nelson Adriano Sequeira
Publicado em: (2022)
Registos relacionados
-
school SmartCMD: access to the digital mobile key via a virtual smartcard
por: Santos, Manuel Augusto Capão Estrela
Publicado em: (2021) -
school Marca do Dia Electrónica em Smartphones: implementação de um serviço para envio de correio electrónico com marcas temporais
por: Sousa, Ricardo Jorge Gomes Maia de
Publicado em: (2012) -
school Construção de um módulo de criptologia
por: Cruz, Sidnei Ramos da
Publicado em: (2008) -
school Minium Recorder: browser interaction recording
por: Morgado, José Miguel Morais
Publicado em: (2016) -
school Scanning the Web for Tor Browser Friendliness
por: Guerra, Tiago Manuel da Silva
Publicado em: (2025)