Thursday, June 2, 2011
VAM2 workshop - day 1
Today was the first day of the ECRYPT II VAM2 Workshop on Practical Implementation Attacks. We had four interesting lectures, mostly from people from industry. Guillaume Dabosville from Oberthur talked about the security challenges in the smart card industry. The biggest challenge today is still the issue of how to secure systems which center around an insecure user devcie (be it a conventional desktop PC or a modern smart phone). Even if secure components like a SIM card are present, this is still an unsolved problem. Then, Steven Murdoch from Cambridge University presented their attacks on payment terminals which allowed to spy out user PINs, clone cards, and make unauthorized payments. These attacks are especially interesting as they pertain to a large group of EMV users (which encompasses the holders of about a billion EMV cards). Lex Schoonen from Brightsight evaluation labs discussed certification and compliance for the security industry, which mainly relates to Common Criteria certification. Finally, Marc Joye from Telecolor (formerly Thomson) showed details on his work on efficient and secure generation of primes for cryptographic use on smart cards. His talk gave a good insight on the interplay between design for efficiency and design for security.