Information and Communication Technology Seminar, Vol. 1 No. 1, August 2005 ISSN 1858-1633 2005 ICTS 46 DESIGNING SECURE COMMUNICATION PROTOCOL FOR SMART CARD SYSTEM, STUDY CASE: E-PURSE APPLICATION Daniel Siahaan I Made Agus Informatics Department, Faculty of Information Technology, Sepuluh Nopember Institute of Technology Kampus ITS, Jl. Raya ITS, Sukolilo – Surabaya 60111, Tel. + 62 31 5939214, Fax. + 62 31 5913804 email : madeits-sby.edu, danielits-sby.edu ABSTRACT This paper discusses the high-level security protocol and the verification as used for developing a secure e-purse transaction between smart card applet and its terminal applications. This work is part of the E-Purse project, which is carried out in Software Engineering Laboratory, Informatics Engineering, ITS. There are four interfaces, which are used as communication channels between components in an e- purse system. These interfaces need to be secured from malicious actions. Therefore, we implemented two protocols, i.e. Bilateral Key Exchange and our version of corrected BKE algorithm. In order to verify that the protocols are indeed securing the interfaces, we use CasperFDR. And as the result, both protocols were successfully passed the verification process Keywords : Bilateral Key Exchange BKE, CasperFDR, E-purse, Smart Card System..

1. INTRODUCTION

This paper is a result of e-purse project, which is carried out at Software Engineering Laboratory, Informatics Engineering, ITS. It describes the high- level security protocols and the verification as used for developing a secure e-purse transaction between smart card applet and its terminal application. Furthermore, in order to verify our security protocol, we use CasperFDR [1] This paper is organized as follows. The second section describes the overview of the e-purse system. The third section explains the security protocol that is implemented for the communication between its components and its enhancement. The fourth concludes with some findings and further work.

3. E-PURSE

The e-purse application is targeted for a banking company that wants to provide its customers the possibility of using electronic cash, an application that Figure 18 E-Purse System Architecture. resemble our purse or wallet. Our product provides the software necessary for the customers’ smart cards and the reload and point-of-sale terminals POSs. Figure 18 describes the different parties in the e- purse model that we are trying to develop. Those components within the “Developed” rectangle are developed within the project. And thus, the access to the interfaces should be secure and restricted to satisfy requirements of the system, which are security and data integrity.

4. SECURITY PROTOCOL