Smart Card Research and Advanced Applications

Frontmatter

Malicious Code on Java Card Smartcards: Attacks and Countermeasures

Abstract

When it comes to security, an interesting difference between Java Card and regular Java is the absence of an on-card bytecode verifier on most Java Cards. In principle this opens up the possibility of malicious, ill-typed code as an avenue of attack, though the Java Card platform offers some protection against this, notably by code signing.

This paper gives an extensive overview of vulnerabilities and possible runtime countermeasures against ill-typed code, and describes results of experiments with attacking actual Java Cards currently on the market with malicious code.

Wojciech Mostowski, Erik Poll

Static Program Analysis for Java Card Applets

Abstract

The Java Card API provides a framework of classes and interfaces that hides the details of the underlying smart card interface, thus relieving developers from going through the swamps of microcontroller programming. This allows application developers to concentrate most of their effort on the details of application, assuming proper use of the Java Card API calls regarding (i) the correctness of the methods’ invocation targets and their arguments and (ii) temporal safety, i.e. the requirement that certain method calls have to be used in certain orders. Several characteristics of the Java Card applets and their multiple-entry-point program structure make it possible for a potentially unhandled exception to reach the invoked entry point. This contingency opens a possibility to leave the applet in an unpredictable state that is potentially dangerous for the application’s security. Our work introduces automatic static program analysis as a means for the early detection of misused and therefore dangerous API calls. The shown analyses have been implemented within the FindBugs bug detector, an open source framework that applies static analysis functions on the applet bytecode.

Vasilios Almaliotis, Alexandros Loizidis, Panagiotis Katsaros, Panagiotis Louridas, Diomidis Spinellis

On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards

Abstract

In the multiapplicative context of smart cards, a strict control of underlying information flow between applications is highly desired. In this paper we propose a model to improve information flow usability in such systems by limiting the overhead for adding information flow security to a Java Virtual Machine. We define a domain specific language for defining security policies describing the allowed information flow inside the card. The applications are certified at loading time with respect to information flow security policies. We illustrate our approach on the LoyaltyCard, a multiapplicative smart card involving four loyalty applications sharing fidelity points.

Dorina Ghindici, Isabelle Simplot-Ryl

New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough

Abstract

In this paper we show a new differential fault analysis (DFA) on the AES-128 key scheduling process. We can obtain 96 bits of the key with 2 pairs of correct and faulty ciphertexts enabling an easy exhaustive key search of 2³² keys. Furthermore we can retrieve the entire 128 bits with 4 pairs. To the authors’ best knowledge, it is the smallest number of pairs to find the entire AES-128 key with a fault attack on the key scheduling process. Up to now 7 pairs by Takahashi et al. were the best. By corrupting state, not the key schedule, Piret and Quisquater showed 2 pairs are enough to break AES-128 in 2003. The advantage of DFA on the key schedule is that it can defeat some fault-protected AES implementations where the round keys are not rescheduled prior to the check. We implemented our algorithm on a 3.2 GHz Pentium 4 PC. With 4 pairs of correct and faulty ciphertexts, we could find 128 bits less than 2.3 seconds.

Chong Hee Kim, Jean-Jacques Quisquater

DSA Signature Scheme Immune to the Fault Cryptanalysis

Abstract

In this paper we analyse the Digital Signature Algorithm (DSA) and its immunity to the fault cryptanalysis that takes advantage of errors inducted into the private key a. The focus of our attention is on the DSA scheme as it is a widely adopted by the research community, it is known to be vulnerable to this type of attack, but neither sound nor effective modifications to improve its immunity have been proposed. In our paper we consider a new way of implementing the DSA that enhances its immunity in the presence of faults. Our proposal ensures that inducting errors into the private key has no benefits since the attacker cannot deduce any information about the private key given erroneous signatures. The overhead of our proposal is similar to the overhead of obvious countermeasure based on signature verification. However, our modification generates fewer security issues.

Maciej Nikodem

A Black Hen Lays White Eggs

Bipartite Multiplier Out of Montgomery One for On-Line RSA Verification

Abstract

This paper proposes novel algorithms for computing double-size modular multiplications with few modulus-dependent precomputations. Low-end devices such as smartcards are usually equipped with hardware Montgomery multipliers. However, due to progresses of mathematical attacks, security institutions such as NIST have steadily demanded longer bit-lengths for public-key cryptography, making the multipliers quickly obsolete. In an attempt to extend the lifespan of such multipliers, double-size techniques compute modular multiplications with twice the bit-length of the multipliers. Techniques are known for extending the bit-length of classical Euclidean multipliers, of Montgomery multipliers and the combination thereof, namely bipartite multipliers. However, unlike classical and bipartite multiplications, Montgomery multiplications involve modulus-dependent precomputations, which amount to a large part of an RSA encryption or signature verification. The proposed double-size technique simulates double-size multiplications based on single-size Montgomery multipliers, and yet precomputations are essentially free: in an 2048-bit RSA encryption or signature verification with public exponent e = 2¹⁶ + 1, the proposal with a 1024-bit Montgomery multiplier is 1.4 times faster than the best previous technique.

Masayuki Yoshino, Katsuyuki Okeya, Camille Vuillaume

Ultra-Lightweight Implementations for Smart Devices – Security for 1000 Gate Equivalents

Abstract

In recent years more and more security sensitive applications use passive smart devices such as contactless smart cards and RFID tags. Cost constraints imply a small hardware footprint of all components of a smart device. One particular problem of all passive smart devices such as RFID tags and contactless smart cards are the harsh power constraints. On the other hand, active smart devices have to minimize energy consumption. Recently, many lightweight block ciphers have been published. In this paper we present three different architecture of the ultra-lightweight algorithm present and highlight their suitability for both active and passive smart devices. Our implementation results of the serialized architecture require only 1000 GE. To the best of our knowledge this is the smallest hardware implementation of a cryptographic algorithm with a moderate security level.

Carsten Rolfes, Axel Poschmann, Gregor Leander, Christof Paar

Fast Hash-Based Signatures on Constrained Devices

Abstract

Digital signatures are one of the most important applications of microprocessor smart cards. The most widely used algorithms for digital signatures, RSA and ECDSA, depend on finite field engines. On 8-bit microprocessors these engines either require costly coprocessors, or the implementations become very large and very slow. Hence the need for better methods is highly visible. One alternative to RSA and ECDSA is the Merkle signature scheme which provides digital signatures using hash functions only, without relying on any number theoretic assumptions. In this paper, we present an implementation of the Merkle signature scheme on an 8-bit smart card microprocessor. Our results show that the Merkle signature scheme provides comparable timings compared to state of the art implementations of RSA and ECDSA, while maintaining a smaller code size.

Sebastian Rohde, Thomas Eisenbarth, Erik Dahmen, Johannes Buchmann, Christof Paar

Fraud Detection and Prevention in Smart Card Based Environments Using Artificial Intelligence

Abstract

This paper discusses the development and research for the detection of fraud in Smart-Card environments by using artificial intelligence. The current research deals with behaviour based detection engine, which will detect abnormalities by learning the usual behaviour of the user and detecting new unusual behaviours. The behaviour-based detection engines is based on ‘Neural Networks’. This work considers the feasibility of implementing ‘Neural Network’ fraud engine on a Smart card platforms.

Wael William Zakhari Malek, Keith Mayes, Kostas Markantonakis

The Trusted Execution Module: Commodity General-Purpose Trusted Computing

Abstract

This paper introduces the Trusted Execution Module (TEM); a high-level specification for a commodity chip that can execute user-supplied procedures in a trusted environment. The TEM is capable of securely executing partially-encrypted procedures/closures expressing arbitrary computation. These closures can be generated by any (potentially untrusted) party who knows the TEM’s public encryption key. Compared to a conventional smartcard, which is typically used by pre-programming a limited set of domain- or application- specific commands onto the smartcard, and compared to the Trusted Platform Module (TPM), which is limited to a fixed set of cryptographic functions that cannot be combined to provide general-purpose trusted computing, the TEM is significantly more flexible. Yet we present a working implementation using existing inexpensive Javacard smartcards that does not require any export-restricted technology. The TEM’s design enables a new style of programming, which in turn enables new applications. We show that the TEM’s guarantees of secure execution enable exciting applications that include, but are not limited to, mobile agents, peer-to-peer multiplayer online games, and anonymous offline payments.

Victor Costan, Luis F. G. Sarmenta, Marten van Dijk, Srinivas Devadas

Management of Multiple Cards in NFC-Devices

Abstract

Near Field Communication (NFC) currently is one of the most promising technologies in handsets for contactless applications like ticketing or payment. These applications require a secure store for keeping sensitive data. Combining NFC with integrated smartcard chips in a mobile device allows the emulation of different cards. Representing each secure element with different UIDs poses several problems. Thus we propose an approach with a fixed UID dedicated to a Secure Element Controller (SEC). This approach allows an optimized backwards compatibility to already established reader infrastructures but also the communication in peer-to-peer mode with other NFC devices. Additionally the communication over peer-to-peer as well as the internal mode of secure elements at the same time is possible. This is approach poses a flexible alternative to the implementations proposed so far. In addition when there are to multiple, removable secure elements in a device it is ensured that the secure elements are only used by authorized user/devices. The SEC in this case handles the communication between the secure elements as well as their authentication.

Gerald Madlmayr, Oliver Dillinger, Josef Langer, Josef Scharinger

Coupon Recalculation for the GPS Authentication Scheme

Abstract

Equipping branded goods with RFID tags is an effective measure to fight the growing black market of counterfeit products. Asymmetric cryptography is the technology of choice to achieve strong authentication but suffers from its ample demand of area and power resources. The GPS authentication scheme showed that a coupon-based approach can cope with the limited resources of passive RFID tags. This article extends the idea of coupons by recalculating coupons during the idle time of tags when they are powered but do not actively communicate. This approach relaxes latency requirements and allows to implement GPS hardware using only 800 gate equivalents plus storage for 560 bytes. In the average case it has the same performance as the classical coupon-based approach but does not suffer its susceptibility to denial-of-service attacks.

Georg Hofferek, Johannes Wolkerstorfer

Provably Secure Grouping-Proofs for RFID Tags

Abstract

We investigate an application of RFIDs referred to in the literature as group scanning, in which several tags are “simultaneously” scanned by a reader device. Our goal is to study the group scanning problem in strong adversarial models. We present a security model for this application and give a formal description of the attending security requirements, focusing on the privacy (anonymity) of the grouped tags, and/ or forward-security properties. Our model is based on the Universal Composability framework and supports re-usability (through modularity of security guarantees). We introduce novel protocols that realize the security models, focusing on efficient solutions based on off-the-shelf components, such as highly optimized pseudo-random function designs that require fewer than 2000 Gate-Equivalents.

Mike Burmester, Breno de Medeiros, Rossana Motta

Secure Implementation of the Stern Authentication and Signature Schemes for Low-Resource Devices

Abstract

In this paper we describe the first implementation on smartcard of the code-based authentication protocol proposed by Stern at Crypto’93 and we give a securization of the scheme against side channel attacks. On the whole, this provides a secure implementation of a very practical authentication (and possibly signature) scheme which is mostly attractive for light-weight cryptography.

Pierre-Louis Cayrel, Philippe Gaborit, Emmanuel Prouff

A Practical DPA Countermeasure with BDD Architecture

Abstract

We propose a logic-level DPA countermeasure called Dual-rail Pre-charge circuit with Binary Decision Diagram architecture (DP-BDD). The proposed countermeasure has a dual-rail pre-charge logic style and can be implemented using CMOS standard cell libraries, which is the similar property to Wave Dynamic Differential Logic (WDDL). By using novel approaches, we can successfully reduce the early propagation effect, which is one of the main factors of DPA leakage of WDDL. DP-BDD is suited to implementation of S-boxes. In our implementations of the AES S-box, DP-BDD can reduce the maximum difference of transition timing at outputs of S-box to about 1/6.5 compared to that of WDDL without delay adjustment. Moreover, by applying simple delay adjustment to the inputs of the S-box, we can reduce it to about 1/85 of that without the adjustment. We consider DP-BDD is a practical and effective DPA countermeasure for implementation of S-boxes.

Toru Akishita, Masanobu Katagi, Yoshikazu Miyato, Asami Mizuno, Kyoji Shibutani

SCARE of an Unknown Hardware Feistel Implementation

Abstract

Physical attacks based on Side Channel Analysis (SCA) or on Fault Analysis (FA) target a secret usually manipulated by a public algorithm. SCA can also be used for Reverse Engineering (SCARE) against the software implementation of a private algorithm. In this paper, we claim that an unknown Feistel scheme with an hardware design can be recovered with a chosen plaintexts SCA attack. First, we show that whatever is the input of the unknown Feistel function, its one-round output can be guessed by SCA. Using this relation, two attacks for recovering the algorithm are proposed : an expensive interpolation attack on a generic Feistel scheme and an improved attack on a specific but commonly used scheme. Then, a countermeasure is proposed.

Denis Réal, Vivien Dubois, Anne-Marie Guilloux, Frédéric Valette, Mhamed Drissi

Evaluation of Java Card Performance

Abstract

With the growing acceptance of the Java Card standard, understanding the performance behaviour of these platforms is becoming crucial. To meet this need, we present in this paper, a benchmark framework that enables performance evaluation at the bytecode and API levels. We also show, how we assign, from the measurements, a global mark to characterise the efficiency of a given Java Card platform, and to determine its performance according to distinct smart card profiles.

Samia Bouzefrane, Julien Cordry, Hervé Meunier, Pierre Paradinas

Application of Network Smart Cards to Citizens Identification Systems

Abstract

This paper proposes a new authentication and authorization architecture based on a network smart card with identification purposes: ID-NSCard. Thus, a citizen who holds this kind of device might be securely authenticated by a remote authoritative server in an identification system. This work shows how the standardized specifications are transparently reused and integrated in the proposed architecture. Details of the protocol and authentication mechanisms are provided for a Case of Study: Spanish National Electronic ID Card.

Joaquin Torres, Mildrey Carbonell, Jesus Tellez, Jose M. Sierra

SmartPro: A Smart Card Based Digital Content Protection for Professional Workflow

Abstract

This paper introduces SmartPro, a smart card based technology aiming at protecting content in professional workflows. It gives an overview on how SmartPro works. It also explains the design constrains that led to the use of smart cards and some of the extra difficulties implied by this choice in order to get to an implementation that may be industrially deployed.

Alain Durand, Marc Éluard, Sylvain Lelievre, Christophe Vincent

A Practical Attack on the MIFARE Classic

Abstract

The mifare Classic is the most widely used contactless smart card in the market. Its design and implementation details are kept secret by its manufacturer. This paper studies the architecture of the card and the communication protocol between card and reader. Then it gives a practical, low-cost, attack that recovers secret information from the memory of the card. Due to a weakness in the pseudo-random generator, we are able to recover the keystream generated by the CRYPTO1 stream cipher. We exploit the malleability of the stream cipher to read all memory blocks of the first sector of the card. Moreover, we are able to read any sector of the memory of the card, provided that we know one memory block within this sector. Finally, and perhaps more damaging, the same holds for modifying memory blocks.

Gerhard de Koning Gans, Jaap-Henk Hoepman, Flavio D. Garcia

A Chemical Memory Snapshot

Abstract

Smart cards and embedded systems are part of everyday life. A lot of them contain sensitive data like keys used in secure applications. These keys have to be transferred from non-volatile to static memory to generate signatures or encrypt data. Hence, the possibility to read out the static memory of a device is a crucial security threat. This paper presents a new technique to read out secret data from the internal static memory of a cryptographic device. A chemical reaction of the top metal layer of a decapsulated chip is used to identify lines connected to the positive power supply. Using this information, we are able to obtain the content of memory cells like the secret key of a cryptographic system.

Jörn-Marc Schmidt

Recent Advances in Electronic Cash Design

Abstract

Electronic cash (or e-cash) is an electronic payment solution that is usually viewed as an attempt to emulate electronically the main characteristics of regular cash. In particular, e-cash and other payment solutions should protect the privacy of users during a purchase. The main distinction of e-cash with respect to other electronic payment systems is that electronic coins are stored on a device controlled by the user, e.g. a smart card or a personal computer hard disk. Since the introduction by Chaum [10,11] of unconditionally untraceable electronic money, e-cash systems have been extensively studied. Recent work has mainly focused on the efficiency of the protocols with respect to several notions of anonymity. In this talk, we will review the main recent results and also discuss the possibility to transfer a coin without involving the bank which is considered as an important characteristic of regular cash.

Aline Gouget

Backmatter