Open Smart Card Infrastructure for Europe - Can these security recommendations be improved upon for healthcards today

Abstract

The use of smart cards within healthcare has increased within recent years. There are a number of standards and specifications surrounding the security design of such cards however these documents have not been updated recently. The aim of this research was to examine one particular set of specifications, the ¿Open Smart Card Infrastructure for Europe¿ (OSCIE) developed by the European Commission and published in 2003 to see if they could be improved upon by taking into consideration advances in smart card technology since publication of the guidelines and improved methods of attacks on smart cards. The research focused on the security of the following features of the smart card: Authentication Protocol, Operation System, Access Control, Cryptography The specification¿s recommended choice for each of the features was studied and known attacks against these choices were examined. Alternatives that provide protection against these attacks were suggested. These alternative choices have been sourced from published literature and proof of their security is provided.