{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T17:30:05Z","timestamp":1754155805518,"version":"3.41.2"},"reference-count":42,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2015,11,2]],"date-time":"2015-11-02T00:00:00Z","timestamp":1446422400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,11,2]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ijpcc-09-2015-0032","type":"journal-article","created":{"date-parts":[[2015,11,4]],"date-time":"2015-11-04T06:12:13Z","timestamp":1446617533000},"page":"374-397","source":"Crossref","is-referenced-by-count":6,"title":["A password-authenticated secure channel for App to Java Card applet communication"],"prefix":"10.1108","volume":"11","author":[{"given":"Michael","family":"H\u00f6lzl","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Endalkachew","family":"Asnake","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rene","family":"Mayrhofer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Roland","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121921173726400_b1","unstructured":"American National Standards Institute\n (2001), \n American National Standard for Financial Service X9.63-2001: Key Agreement and Key Transport Using Elliptic Curve Cryptography\n , American Bankers Association, available at: http:\/\/books.google.at\/books?id=vvzkPAAACAAJ"},{"key":"key2020121921173726400_b2","unstructured":"Anoop, M.S.\n (2007), \u201cElliptic curve cryptography\u201d, \n An Implementation Guide\n , available at: www.infosecwriters.com\/text_resources\/pdf\/Elliptic_Curve_AnnopMS.pdf"},{"key":"key2020121921173726400_b3","doi-asserted-by":"crossref","unstructured":"Barker, E.\n , \n Barker, W.\n , \n Burr, W.\n , \n Polk, W.\n , \n Smid, M.\n , \n Gallagher, P.D.\n and \n For, U.S.\n (2012), \n NIST Special Publication 800-57 Recommendation for Key Management \u2013 Part 1: General\n , NIST.","DOI":"10.6028\/NIST.SP.800-57p1r3"},{"key":"key2020121921173726400_b5","doi-asserted-by":"crossref","unstructured":"Bellare, M.\n , \n Canetti, R.\n and \n Krawczyk, H.\n (1996), \u201cKeying hash functions for message authentication\u201d, \n Advances in Cryptology-CRYPTO\n , pp. 1-15, available at: http:\/\/link.springer.com\/chapter\/10.1007\/3-540-68697-5_1","DOI":"10.1007\/3-540-68697-5_1"},{"key":"key2020121921173726400_b6","doi-asserted-by":"crossref","unstructured":"Bellare, M.\n , \n Kilian, J.\n and \n Rogaway, P.\n (2000), \u201cThe security of the cipher block chaining message authentication code\u201d, \n Journal of Computer and System Sciences\n , Vol. 61 No. 3, pp. 362-399, available at: http:\/\/dx.doi.org\/10.1006\/jcss.1999.1694.","DOI":"10.1006\/jcss.1999.1694"},{"key":"key2020121921173726400_b4","unstructured":"Bellare, M.\n and \n Rogaway, P.\n (2000), \u201cThe AuthA protocol for password-based authenticated key exchange\u201d, \n IEEE P1363\n , pp. 136-143."},{"key":"key2020121921173726400_b7","doi-asserted-by":"crossref","unstructured":"Bellovin, S.\n and \n Merritt, M.\n (1992), \u201cEncrypted key exchange: password-based protocols secure against dictionary attacks\u201d, \n IEEE Computer Society Symposium on Research in Security and Privacy\n , Oakland, CA, pp. 72-84.","DOI":"10.1109\/RISP.1992.213269"},{"key":"key2020121921173726400_b8","unstructured":"Ben-Asher, N.\n , \n Kirschnick, N.\n , \n Sieger, H.\n , \n Meyer, J.\n , \n Ben-Oved, A.\n and \n M\u00f6ller, S.\n (2011), \u201cOn the need for different security methods on mobile phones\u201d, Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services, ACM, New York, NY, pp. 465-473, available at: http:\/\/doi.acm.org\/10.1145\/2037373.2037442."},{"key":"key2020121921173726400_b9","unstructured":"Bichsel, P.\n , \n Camenisch, J.\n , \n Gro\u00df, T.\n and \n Shoup, V.\n (2009), \u201cAnonymous credentials on a standard Java Card\u201d, Proceedings of the 16th ACM Conference on Computer and Communications Security, ACM, pp. 600-610, available at: http:\/\/doi.acm.org\/10.1145\/1653662.1653734."},{"key":"key2020121921173726400_b10","doi-asserted-by":"crossref","unstructured":"Brands, S.A.\n (2000), \n Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy\n , MIT Press.","DOI":"10.7551\/mitpress\/5931.001.0001"},{"key":"key2020121921173726400_b11","unstructured":"Brickell, E.\n , \n Camenisch, J.\n and \n Chen, L.\n (2004), \u201cDirect anonymous attestation\u201d, Proceedings of the 11th ACM conference on Computer and Communications Security, ACM, New York, NY, pp. 132-145, available at: http:\/\/doi.acm.org\/10.1145\/1030083.1030103."},{"key":"key2020121921173726400_b12","unstructured":"Certicom Research\n (2010), \u201cSec 2: recommended elliptic curve domain parameters\u201d, Technical Report, available at: www.secg.org\/sec2-v2.pdf"},{"key":"key2020121921173726400_b13","unstructured":"Chin, E.\n , \n Felt, A.P.\n , \n Greenwood, K.\n and \n Wagner, D.\n (2011), \u201cAnalyzing inter-application communication in android\u201d, Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, ACM, New York, NY, pp. 239-252, available at: http:\/\/doi.acm.org\/10.1145\/1999995.2000018."},{"key":"key2020121921173726400_b14","doi-asserted-by":"crossref","unstructured":"Diffie, W.\n and \n Hellman, M.\n (1976), \u201cNew directions in cryptography\u201d, \n IEEE Transactions on Information Theory\n , Vol. 22 No. 6, pp. 644-654.","DOI":"10.1109\/TIT.1976.1055638"},{"key":"key2020121921173726400_b15","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.\n (2005), \u201cSP 800-38B. Recommendation for block cipher modes of operation: the CMAC mode for authentication\u201d, Technical Report, National Institute of Standards \n\t\t\t\t\t&\n\t\t\t\t Technology, Gaithersburg, MD.","DOI":"10.6028\/NIST.SP.800-38b-2005"},{"key":"key2020121921173726400_b16","unstructured":"European Network of Excellence in Cryptology II\n (2012), \u201cECRYPT II yearly report on algorithms and keysizes\u201d, pp. 29-34."},{"key":"key2020121921173726400_b17","doi-asserted-by":"crossref","unstructured":"Fournaris, A.\n and \n Koufopavlou, O.\n (2008), \u201cCreating an elliptic curve arithmetic unit for use in elliptic curve cryptography\u201d, IEEE International Conference on Emerging Technologies and Factory Automation, IEEE, Hamburg, pp. 1457-1464.","DOI":"10.1109\/ETFA.2008.4638588"},{"key":"key2020121921173726400_b18","doi-asserted-by":"crossref","unstructured":"Gayoso Martinez, V.\n , \n Sanchez Avila, C.\n , \n Espinosa Garcia, J.\n and \n Hernandez Encinas, L.\n (2005), \u201cElliptic curve cryptography: Java implementation issues\u201d, 39th Annual 2005 International Carnahan Conference on Security Technology, IEEE, pp. 238-241.","DOI":"10.1109\/CCST.2005.1594866"},{"key":"key2020121921173726400_b19","unstructured":"GlobalPlatform\n (2009), \u201cSecure channel protocol \u2013 GlobalPlatform card specification v2.2 \u2013 Amendment D\u201d."},{"key":"key2020121921173726400_b20","unstructured":"Han, J.-H.\n , \n Kim, Y.-J.\n , \n Jun, S.-I.\n , \n Chung, K.-I.\n and \n Seo, C.-H.\n (2002), \u201cImplementation of ECC\/ECDSA cryptography algorithms based on Java card\u201d, Proceedings of 22nd International Conference on Distributed Computing Systems Workshops, pp. 272-276."},{"key":"key2020121921173726400_b21","unstructured":"Hancke, G.\n (2005), \u201cA practical relay attack on ISO 14443 proximity cards\u201d, Technical Report."},{"key":"key2020121921173726400_b22","unstructured":"Hao, F.\n and \n Ryan, P.Y.A.\n (2011), \u201cPassword authenticated key exchange by juggling\u201d, Proceedings of the 16th International Conference on Security Protocols, Springer-Verlag, Berlin, Heidelberg, pp. 159-171, available at: http:\/\/dl.acm.org\/citation.cfm?id=2022815.2022838"},{"key":"key2020121921173726400_b23","unstructured":"H\u00f6barth, S.\n and \n Mayrhofer, R.\n (2011), \u201cA framework for on-device privilege escalation exploit execution on android\u201d, \n Proceedings of IWSSI\/SPMU\n ."},{"key":"key2020121921173726400_b24","doi-asserted-by":"crossref","unstructured":"H\u00f6lzl, M.\n , \n Mayrhofer, R.\n and \n Roland, M.\n (2013), \u201cRequirements analysis for an open ecosystem for embedded tamper resistant hardware on mobile devices\u201d, Proceedings of International Conference on Advances in Mobile Computing and Multimedia, ACM, Vienna.","DOI":"10.1145\/2536853.2536947"},{"key":"key2020121921173726400_b25","unstructured":"IEEE Computer Society\n (2009), \u201cIEEE standard specifications for password-based public-key cryptographic techniques\u201d, IEEE Std 1363.2-2008, pp. 1-127."},{"key":"key2020121921173726400_b26","unstructured":"Jablon, D.P.\n and \n Ma, W.\n (1996), \u201cStrong password-only authenticated key exchange\u201d, \n ACM SIGCOMM Computer Communication Review\n , Vol. 26 No. 5, pp. 5-26, available at: http:\/\/doi.acm.org\/10.1145\/242896.242897"},{"key":"key2020121921173726400_b27","doi-asserted-by":"crossref","unstructured":"Khan, S.\n , \n Nauman, M.\n , \n Othman, A.\n and \n Musa, S.\n (2012), \u201cHow secure is your smartphone: an analysis of smartphone security mechanisms\u201d, 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), IEEE, Kuala Lumpur, pp. 76-81.","DOI":"10.1109\/CyberSec.2012.6246082"},{"key":"key2020121921173726400_b28","doi-asserted-by":"crossref","unstructured":"Koblitz, N.\n (1987), \u201cElliptic curve cryptosystems\u201d, \n Mathematics of Computation\n , Vol. 48 No. 177, pp. 203-209, available at: www.ams.org\/mcom\/1987-48-177\/S0025-5718-1987-0866109-5\/","DOI":"10.1090\/S0025-5718-1987-0866109-5"},{"key":"key2020121921173726400_b29","doi-asserted-by":"crossref","unstructured":"La Polla, M.\n , \n Martinelli, F.\n and \n Sgandurra, D.\n (2013), \u201cA survey on security for mobile devices\u201d, \n IEEE Communications Surveys Tutorials\n , Vol. 15 No. 1, pp. 446-471.","DOI":"10.1109\/SURV.2012.013012.00028"},{"key":"key2020121921173726400_b30","unstructured":"Landman, M.\n (2010), \u201cManaging smart phone security risks\u201d, Information Security Curriculum Development Conference, ACM, pp. 145-155, available at: http:\/\/doi.acm.org\/10.1145\/1940941.1940971"},{"key":"key2020121921173726400_b31","doi-asserted-by":"crossref","unstructured":"Lochter, M.\n and \n Merkle, J.\n (2010), \u201cElliptic curve cryptography (ECC) brainpool standard curves and curve generation\u201d, \n RFC\n 5639, available at: www.ietf.org\/rfc\/rfc5639.txt","DOI":"10.17487\/rfc5639"},{"key":"key2020121921173726400_b32","unstructured":"Lucks, S.\n (1997), \u201cOpen key exchange: how to defeat dictionary attacks without encrypting public keys\u201d, Proceedings of the Security Protocols Workshop, LNCS 1361, Springer Berlin Heidelberg, pp. 79-90, available at: http:\/\/link.springer.com\/chapter\/10.1007\/BFb0028161"},{"key":"key2020121921173726400_b33","unstructured":"Mantoro, T.\n and \n Milisic, A.\n (2010), \u201cSmart card authentication for internet applications using NFC enabled phone\u201d, International Conference on Information and Communication Technology for the Muslim World (ICT4M), IEEE, Jakarta, pp. D13-D18."},{"key":"key2020121921173726400_b34","unstructured":"Mayrhofer, R.\n (2014), \u201cAn architecture for secure mobile devices\u201d, \n Security and Communication Networks\n , Vol. 8 No. 10, available at: http:\/\/onlinelibrary.wiley.com\/journal\/10.1002\/(ISSN)1939-0122"},{"key":"key2020121921173726400_b35","doi-asserted-by":"crossref","unstructured":"Roland, M.\n , \n Langer, J.\n and \n Scharinger, J.\n (2012), \u201cPractical attack scenarios on secure element-enabled mobile devices\u201d, \n 4th International Workshop on Near Field Communication (NFC\n ), IEEE, Helsinki, pp. 19-24.","DOI":"10.1109\/NFC.2012.10"},{"key":"key2020121921173726400_b36","doi-asserted-by":"crossref","unstructured":"Ruiz-Martinez, A.\n , \n Canovas, O.\n and \n Gomez-Skarmeta, A.\n (2007), \u201cSmartcard-based e-coin for electronic payments on the (mobile) internet\u201d, Third International IEEE Conference on Signal-Image Technologies and Internet-Based System, IEEE, Shanghai, pp. 361-368.","DOI":"10.1109\/SITIS.2007.14"},{"key":"key2020121921173726400_b37","unstructured":"Song, J.\n , \n Poovendran, R.\n , \n Lee, J.\n and \n Iwata, T.\n (2006), \u201cThe AES-CMAC algorithm\u201d, RFC 4493 (Informational), available at: http:\/\/tools.ietf.org\/html\/rfc4493"},{"key":"key2020121921173726400_b38","unstructured":"Sterckx, M.\n , \n Gierlichs, B.\n , \n Preneel, B.\n and \n Verbauwhede, I.\n (2009), \u201cEfficient implementation of anonymous credentials on java card smart cards\u201d, Information Forensics and Security, pp. 106-110, available at: http:\/\/ieeexplore.ieee.org\/xpls\/abs_all.jsp?arnumber=5386474"},{"key":"key2020121921173726400_b39","doi-asserted-by":"crossref","unstructured":"Taylor, D.\n , \n Wu, T.\n , \n Mavrogiannopoulos, N.\n and \n Perrin, T.\n (2007), \u201cUsing the secure remote password (SRP) protocol for TLS authentication\u201d, \n RFC\n 5054, available at: www.ietf.org\/rfc\/rfc5054.txt","DOI":"10.17487\/rfc5054"},{"key":"key2020121921173726400_b40","doi-asserted-by":"crossref","unstructured":"Tews, H.\n and \n Jacobs, B.\n (2009), \u201cPerformance issues of selective disclosure and blinded issuing protocols on java card\u201d, Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks, Springer, pp. 95-111, available at: http:\/\/link.springer.com\/chapter\/10.1007\/978-3-642-03944-7_8","DOI":"10.1007\/978-3-642-03944-7_8"},{"key":"key2020121921173726400_b41","unstructured":"Wu, T.\n (1998), \u201cThe secure remote password protocol\u201d, Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, Detroit, MI, pp. 97-111."},{"key":"key2020121921173726400_b42","unstructured":"Wu, T.\n (2002), \u201cSRP-6: improvements and refinements to the secure remote password protocol\u201d, available at: http:\/\/srp.stanford.edu\/"}],"container-title":["International Journal of Pervasive Computing and Communications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/IJPCC-09-2015-0032","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IJPCC-09-2015-0032\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IJPCC-09-2015-0032\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T22:05:47Z","timestamp":1753394747000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ijpcc\/article\/11\/4\/374-397\/161269"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,11,2]]},"references-count":42,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,11,2]]}},"alternative-id":["10.1108\/IJPCC-09-2015-0032"],"URL":"https:\/\/doi.org\/10.1108\/ijpcc-09-2015-0032","relation":{},"ISSN":["1742-7371"],"issn-type":[{"type":"print","value":"1742-7371"}],"subject":[],"published":{"date-parts":[[2015,11,2]]}}}