A Generic Proxy for Secure Smart Card-Enabled Web Applications Guenther Starnberger, Lorenz Froihofer, and Karl M. Goeschka Vienna University of Technology Institute of Information Systems Argentinierstrasse 8/184-1 1040 Vienna, Austria {guenther.starnberger,lorenz.froihofer,karl.goeschka}@tuwien.ac.at Abstract. Smart cards are commonly used for tasks with high security requirements such as digital signatures or online banking. However, sys- tems that Web-enable smart cards often reduce the security and usability characteristics of the original application, e.g., by forcing users to exe- cute privileged code on the local terminal (computer) or by insufficient protection against malware. In this paper we contribute with techniques to generally Web-enable smart cards and to address the risks of malicious attacks. In particular, our contributions are: (i) A single generic proxy to allow a multitude of authorized Web applications to communicate with existing smart cards and (ii) two security extensions to mitigate the ef- fects of malware. Overall, we can mitigate the security risks of Web-based smart card transactions and—at the same time—increase the usability for users. Keywords: Smart cards, Web applications, Digital signatures, Security. 1 Introduction Despite ongoing efforts to Web-enable smart cards [1] there is still a media dis- continuity when using smart cards in combination with Web applications, as smart cards typically require a native helper application as proxy to commu- nicate with the Web browser. One reason is that the Web security model is fundamentally different from the smart card security model, leading to potential security issues even for simple questions such as: “Is a particular Web application allowed to access a particular smart card?”. Ongoing research to Web-enable smart cards typically either requires com- putational capabilities at smart cards higher than the capabilities provided by today’s smart cards or requires users to install software customized to particular types of Web applications [2]. In contrast, our generic mapping proxy enables access from arbitrary Web applications to arbitrary smart cards, while using access control to protect smart cards from malicious Web applications, without requiring any on-card software modifications. However, guarding only against malicious Web applications is not sufficient, if the local computer is potentially controlled by malware. Consequently, we B. Benatallah et al. (Eds.): ICWE 2010, LNCS 6189, pp. 370–384, 2010. c  Springer-Verlag Berlin Heidelberg 2010