MAVROUDIS, Vasilios and Petr ŠVENDA. JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets. Online. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). Genoa, Italy: IEEE, 2020, p. 89-96. ISBN 978-1-7281-8597-2. Available from: https://dx.doi.org/10.1109/EuroSPW51379.2020.00022.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets
Authors MAVROUDIS, Vasilios (300 Greece) and Petr ŠVENDA (203 Czech Republic, guarantor, belonging to the institution).
Edition Genoa, Italy, 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), p. 89-96, 8 pp. 2020.
Publisher IEEE
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW URL
RIV identification code RIV/00216224:14330/20:00117152
Organization unit Faculty of Informatics
ISBN 978-1-7281-8597-2
Doi http://dx.doi.org/10.1109/EuroSPW51379.2020.00022
UT WoS 000630275400013
Keywords in English Cryptography; JavaCard; Auditability; Transparency; Elliptic Curves; Big Integers
Changed by Changed by: doc. RNDr. Petr Švenda, Ph.D., učo 4085. Changed: 5/1/2023 16:10.
Abstract
The JavaCard multi-application platform is now deployed to over twenty billion smartcards, used in various applications ranging from banking payments and authentication tokens to SIM cards and electronic documents. In most of those use cases, access to various cryptographic primitives is required. The standard JavaCard API provides a basic level of access to such functionality (e.g., RSA encryption) but does not expose low-level cryptographic primitives (e.g., elliptic curve operations) and essential data types (e.g., Integers). Developers can access such features only through proprietary, manufacturer-specific APIs. Unfortunately, such APIs significantly reduce the interoperability and certification transparency of the software produced as they require non-disclosure agreements (NDA) that prohibit public sharing of the applet’s source code. We introduce JCMathLib, an open library that provides an intermediate layer realizing essential data types and lowlevel cryptographic primitives from high-level operations. To achieve this, we introduce a series of optimization techniques for resource-constrained platforms that make optimal use of the underlying hardware, while having a small memory footprint. To the best of our knowledge, it is the first generic library for low-level cryptographic operations in JavaCards that does not rely on a proprietary API. Without any disclosure limitations, JCMathLib has the potential to increase transparency by enabling open code sharing, release of research prototypes, and public code audits. Moreover, JCMathLib can help resolve the conflict between strict open-source licenses such as GPL and proprietary APIs available only under an NDA. This is of particular importance due to the introduction of JavaCard API v3.1, which targets specifically IoT devices, where open-source development might be more common than in the relatively closed world of government-issued electronic documents.
Links
GA20-03426S, research and development projectName: Ověření a zlepšení bezpečnosti kryptografie eliptických křivek
Investor: Czech Science Foundation
PrintDisplayed: 18/10/2024 00:59