A User Centric Security Model for Tamper-Resistant Devices

6.4 Secure and Trusted Channel Protocol Smart Card
STCP SC -2. SP : SI = f kSP (g r SP
||N SP ||cm||SC IP )
SP → SC : V R||g r SP
||SP i ||N SP ||ALP ||SP Sel ||SI
SC : K = (g r SP
) r SC
mod p
SC : ek SC−SP = H K (N SP ||N SC || ′ 1 ′ )
SC : mk SC−SP = H K (N SP ||N SC || ′ 2 ′ )
The SP will also generate a Die-Hellman exponential and a random number. Finally, it
will calculate the SI which includes similar elements to those discussed in STCP SP except
for the inclusion of the commitment cm from the SC. The entire message is then appended
with the V R.
On receipt of this message, the SC veries the ALP. If the SC can accommodate the
requirements then it will proceed with the protocol. The SC can now generate the shared
secret K, which is used to generate the session encryption and MAC keys. Furthermore,
depending upon the decision of the SP as to whether it requests for an oine or online
attestation, the SC will proceed with the appropriate attestation mechanism.
STCP SC -3. SC : hs = (SC i ||SP i ||g r SC
||g r SP
||N SC ||N SP )
SC : AU SC = Sign SC (SC i ||SP i ||hs||V M)
SC : mE = ek SC−SP (AU SC ||CertS SC )
SC → SP : g r SC
||N SC ||SC Config ||mE||f mkSC−SP (mE)||SI
SP : cmc = f NSC (g r SC
||N SC )
The SC will reveal the g r SC and NSC , which is appended by a message that is encrypted and
MACed using the session keys. The encrypted and MACed message contains a signature
generated on the identities of SC and SP, hs, along with V M. If the SP requests the online
attestation then the AU SC will contain V M generated by the respective card manufacturer;
whereas, in case of oine attestation the AU SC will not include V M.
On receipt of the STCP SC -3, the SP will generate a commitment similar to the SC in
message one, which we term as cmc. If the cmc is equal to the cm, then the SP will
generate the shared secret, along with session encryption and MAC keys. The SP veries
the MAC and decrypts the message. It validates the CertS SC , and then veries the
signature. If the SP accepts the current state of the smart card as secure then it will
proceed with the next message.
STCP SC -4. SP : hp = (SP i ||SC i ||g r SP
||g r SC
||N SP ||N SC )
SP : AU SP = Sign SP (SP i ||SC i ||hp||ADP )
SP : mE = ek SC−SP (AU SP ||CertS SP )
SP → SC : mE||f mkSC−SP (mE)||SI
The SP will generate an authentication message AU SP that contains the identities of the
140