Today was the first day of the CARDIS 2012 conference which focuses on both research and applications of smart card devices. The program for today was aimed at Java card security and Smart Card protocols. The pre-proceedings for the conference can be found here:
CARDIS 2012 Pre-proceedings - http://cardis.iaik.tugraz.at/proceedings2012.htm
This article is just a brief overview of the talks and presentations given during the session.
The first paper presents the problem of static verification with respect to Java Card applets and how the current standards do not efficiently detect fault injection attacks. The authors propose the use of type and bounds protection to achieve efficient run-time verification. The paper presents an attack which would normally compromise Java Card but is thwarted by the countermeasures proposed. The authors simulate and benchmark the countermeasures to show that a hardware implementation of the countermeasures will result in an additional overall overhead of 10%, compared with the software implementation at 115%. Further work is being carried out to develop a toolchain which will facilitate compatibility and transparency for Java Card developers. The follow-up Q&A session highlighted that there has not yet been any work on a hardware implementation and therefore the cost of the additional logic is not yet known.
The second paper focuses on the performance impact that software run-time verifiers have on a smart cards. The paper describes a method to implement dynamic security levels on a smart card which will allow the detection of an attack and activation additional security countermeasures. A trade-off is made to increase the performance of a card on a day-to-day basis with the cost of allowing an adversary a one-shot attack before the security level is raised. Several points were raised during the Q&A session about both the overall practicality of the scheme and the assumption that an attacker will not be able to influence the trigger for the additional security levels.
The third and final paper on Java Card security presented a fault injection attack which focused on low precision localised targets. The author describes a combination of both logical and hardware attacks to maximise the probability of successful fault injection. The results presented are from a simulation model of a fault injection set-up and it is therefore difficult to determine the feasibility of the attack. The theoretical outcome of the paper is that an attacker need not have a high degree of precision when injecting a fault to achieve a usable result. This is often a difficult task for an attacker in the real world.
The first paper on smart card protocols describes an improvement to the cryptoGPS Public-Key authentication protocol which is also practical for real world application. The original protocol requires the use of both a PRF and a hash function in order to generate a valid response. The proposed modifications allow for the use of a block cipher in place of both these functions. The net result offers an asymmetric authentication protocol which lowers the area requirements of the tag and improves the performance of the protocol. The Q&A session offered further insight into the practicality of the scheme. The limited memory of smart cards results in the need for regular updates to the tag in order to maintain a set of valid commitments.
The final paper for the day was focused on unlinkability and revocation of smart cards. The authors highlight the leakage of personal data from a smart card device during a legitimate transaction with a trusted entity. That is to say, given an entity is trusted, does not mean that a user will want to share all the details available on the smart card. Schemes exist to achieve this property but none which also allow for practical revocation and de-anonymisation of a corrupt user. The performance overheard was found to be fairly high in the majority of instances and therefore further work is being carried out to improve the scheme.