A controllable and accountable state-oriented Card-Aided Firewall

Jyh W. Huang, Ting-Wei Hou

Research output: Contribution to journalArticle

Abstract

This paper proposes a new approach, named Card-Aided Firewall (CAF) that combines the simplified firewall and the state-oriented smart card technologies to construct a controllable and accountable Internet access framework. The idea suggests that a client computer, protected by a light-weight firewall, could establish diversified authenticated communication channels, controlled and accounted by "legal" states of the smart card. The program of a smart card is state-oriented or a state machine, which defines a chain of events involving various state transitions. The "legal" states of a smart card program are defined to be legal to communicate with surfing targets. A predefined Access Control List (ACL), stored in the same card, is necessary. An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. The proposed firewall decides acceptance or rejection messages by matching the current state of the card program and the ACL. In addition, a complete surfing account for tracing back is recorded. It is a by-product of the smart card authentication. The proposed Card-Aided Firewall framework is implemented to demonstrate its effectiveness. The implementation is done at the driver level. It keeps up with the high line speed. The driver takes 39K bytes and works well with other firewalls. The average packet processing time of the CAF driver is 31.74 μs. On the premise of secure authentication within the smart card, the Card-Aided Firewall would facilitate various rapidly growing applications in campus cards, family cards, and employee cards, etc. that require accurate controllability and accountability in the surfing boundary.

Original languageEnglish
Pages (from-to)66-76
Number of pages11
JournalComputer Standards and Interfaces
Volume31
Issue number1
DOIs
Publication statusPublished - 2009 Jan 1

Fingerprint

Smart cards
driver
Access control
Authentication
acceptance
employee
Computer system firewalls
Internet
responsibility
event
communication
Controllability
Byproducts
Personnel
Network protocols
Processing

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Software
  • Law

Cite this

@article{16e38de0f9dd406fb5ec7a87bd6cae22,
title = "A controllable and accountable state-oriented Card-Aided Firewall",
abstract = "This paper proposes a new approach, named Card-Aided Firewall (CAF) that combines the simplified firewall and the state-oriented smart card technologies to construct a controllable and accountable Internet access framework. The idea suggests that a client computer, protected by a light-weight firewall, could establish diversified authenticated communication channels, controlled and accounted by {"}legal{"} states of the smart card. The program of a smart card is state-oriented or a state machine, which defines a chain of events involving various state transitions. The {"}legal{"} states of a smart card program are defined to be legal to communicate with surfing targets. A predefined Access Control List (ACL), stored in the same card, is necessary. An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. The proposed firewall decides acceptance or rejection messages by matching the current state of the card program and the ACL. In addition, a complete surfing account for tracing back is recorded. It is a by-product of the smart card authentication. The proposed Card-Aided Firewall framework is implemented to demonstrate its effectiveness. The implementation is done at the driver level. It keeps up with the high line speed. The driver takes 39K bytes and works well with other firewalls. The average packet processing time of the CAF driver is 31.74 μs. On the premise of secure authentication within the smart card, the Card-Aided Firewall would facilitate various rapidly growing applications in campus cards, family cards, and employee cards, etc. that require accurate controllability and accountability in the surfing boundary.",
author = "Huang, {Jyh W.} and Ting-Wei Hou",
year = "2009",
month = "1",
day = "1",
doi = "10.1016/j.csi.2007.11.012",
language = "English",
volume = "31",
pages = "66--76",
journal = "Computer Standards and Interfaces",
issn = "0920-5489",
publisher = "Elsevier",
number = "1",

}

A controllable and accountable state-oriented Card-Aided Firewall. / Huang, Jyh W.; Hou, Ting-Wei.

In: Computer Standards and Interfaces, Vol. 31, No. 1, 01.01.2009, p. 66-76.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A controllable and accountable state-oriented Card-Aided Firewall

AU - Huang, Jyh W.

AU - Hou, Ting-Wei

PY - 2009/1/1

Y1 - 2009/1/1

N2 - This paper proposes a new approach, named Card-Aided Firewall (CAF) that combines the simplified firewall and the state-oriented smart card technologies to construct a controllable and accountable Internet access framework. The idea suggests that a client computer, protected by a light-weight firewall, could establish diversified authenticated communication channels, controlled and accounted by "legal" states of the smart card. The program of a smart card is state-oriented or a state machine, which defines a chain of events involving various state transitions. The "legal" states of a smart card program are defined to be legal to communicate with surfing targets. A predefined Access Control List (ACL), stored in the same card, is necessary. An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. The proposed firewall decides acceptance or rejection messages by matching the current state of the card program and the ACL. In addition, a complete surfing account for tracing back is recorded. It is a by-product of the smart card authentication. The proposed Card-Aided Firewall framework is implemented to demonstrate its effectiveness. The implementation is done at the driver level. It keeps up with the high line speed. The driver takes 39K bytes and works well with other firewalls. The average packet processing time of the CAF driver is 31.74 μs. On the premise of secure authentication within the smart card, the Card-Aided Firewall would facilitate various rapidly growing applications in campus cards, family cards, and employee cards, etc. that require accurate controllability and accountability in the surfing boundary.

AB - This paper proposes a new approach, named Card-Aided Firewall (CAF) that combines the simplified firewall and the state-oriented smart card technologies to construct a controllable and accountable Internet access framework. The idea suggests that a client computer, protected by a light-weight firewall, could establish diversified authenticated communication channels, controlled and accounted by "legal" states of the smart card. The program of a smart card is state-oriented or a state machine, which defines a chain of events involving various state transitions. The "legal" states of a smart card program are defined to be legal to communicate with surfing targets. A predefined Access Control List (ACL), stored in the same card, is necessary. An ACL is a sequential list of permit or deny statements that apply to addresses or upper-layer protocols. The proposed firewall decides acceptance or rejection messages by matching the current state of the card program and the ACL. In addition, a complete surfing account for tracing back is recorded. It is a by-product of the smart card authentication. The proposed Card-Aided Firewall framework is implemented to demonstrate its effectiveness. The implementation is done at the driver level. It keeps up with the high line speed. The driver takes 39K bytes and works well with other firewalls. The average packet processing time of the CAF driver is 31.74 μs. On the premise of secure authentication within the smart card, the Card-Aided Firewall would facilitate various rapidly growing applications in campus cards, family cards, and employee cards, etc. that require accurate controllability and accountability in the surfing boundary.

UR - http://www.scopus.com/inward/record.url?scp=54349087292&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=54349087292&partnerID=8YFLogxK

U2 - 10.1016/j.csi.2007.11.012

DO - 10.1016/j.csi.2007.11.012

M3 - Article

VL - 31

SP - 66

EP - 76

JO - Computer Standards and Interfaces

JF - Computer Standards and Interfaces

SN - 0920-5489

IS - 1

ER -