JCAlgTest: Robust identification metadata for certified
smartcards

D 2022

JCAlgTest: Robust identification metadata for certified smartcards

ŠVENDA, Petr, Rudolf KVAŠŇOVSKÝ, Imrich NAGY a Antonín DUFKA

Základní údaje

Originální název

JCAlgTest: Robust identification metadata for certified smartcards

Autoři

ŠVENDA, Petr (203 Česká republika, garant, domácí), Rudolf KVAŠŇOVSKÝ (703 Slovensko), Imrich NAGY (703 Slovensko) a Antonín DUFKA (203 Česká republika)

Vydání

Portugal, Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT 2022), od s. 597-604, 8 s. 2022

Nakladatel

INSTICC

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Portugalsko

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

Odkaz na autorský preprint

Kód RIV

RIV/00216224:14330/22:00127469

Organizační jednotka

Fakulta informatiky

ISBN

978-989-758-590-6

ISSN

DOI

http://dx.doi.org/10.5220/0011294000003283

UT WoS

000853004900065

Klíčová slova anglicky

smartcards javacard performance cryptography

Štítky

core_B, cryptography, firank_B, JavaCard, smart card security

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 14. 5. 2024 12:46, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

The certification of cryptographic smartcards under the Common Criteria or NIST FIPS140-2 is a well-established process, during which an evaluation facility validates the manufacturer's claims and issues a product certificate. The tested card is usually identified by its name, type, ATR, and Card Production Life Cycle (CPLC) data. While sufficient to pair the purchased card to its original certificate when bought from a trustworthy seller, such static metadata stored on the card can easily be manipulated. We extend the currently used card identification with a more descriptive set of metadata extracted from supported functionality, performance profiling, and properties of generated cryptographic keys. All of this information can be obtained directly by the evaluation facility, appended to the certificate, and later verified by the end-user with no need for any special knowledge or equipment, resulting in a better assurance about the purchased product. We developed a suite of open tools for the extraction of such characteristics and collected results for a set of more than 100 different smartcards. The database, openly available, demonstrates the significant variability in the measured properties and allows us to estimate the trends in support of different cryptographic algorithms as provided by the JavaCard platform.

Návaznosti

VJ02010010, projekt VaV

Název: Nástroje pro verifikaci bezpečnosti kryptografických zařízení s využitím AI (Akronym: AI-SecTools)

Investor: Ministerstvo vnitra ČR, Tools for AI-enhanced Security Verification of Cryptographic Devices

Citovat

ŠVENDA, Petr, Rudolf KVAŠŇOVSKÝ, Imrich NAGY a Antonín DUFKA. JCAlgTest: Robust identification metadata for certified smartcards. Online. In Sabrina De Capitani di Vimercati. Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT 2022). Portugal: INSTICC, 2022, s. 597-604. ISBN 978-989-758-590-6. Dostupné z: https://dx.doi.org/10.5220/0011294000003283.

@inproceedings{2240069,
   author = {Švenda, Petr and Kvašňovský, Rudolf and Nagy, Imrich and Dufka, Antonín},
   address = {Portugal},
   booktitle = {Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT 2022)},
   doi = {http://dx.doi.org/10.5220/0011294000003283},
   editor = {Sabrina De Capitani di Vimercati},
   keywords = {smartcards javacard performance cryptography},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Portugal},
   isbn = {978-989-758-590-6},
   pages = {597-604},
   publisher = {INSTICC},
   title = {JCAlgTest: Robust identification metadata for certified smartcards},
   url = {https://crocs.fi.muni.cz/papers/jcalgtest_secrypt22},
   year = {2022}
}

TY  - JOUR
ID  - 2240069
AU  - Švenda, Petr - Kvašňovský, Rudolf - Nagy, Imrich - Dufka, Antonín
PY  - 2022
TI  - JCAlgTest: Robust identification metadata for certified smartcards
PB  - INSTICC
CY  - Portugal
SN  - 9789897585906
KW  - smartcards javacard performance cryptography
UR  - https://crocs.fi.muni.cz/papers/jcalgtest_secrypt22
N2  - The certification of cryptographic smartcards under the Common Criteria or NIST FIPS140-2 is a well-established process, during which an evaluation facility validates the manufacturer's claims and issues a product certificate. The tested card is usually identified by its name, type, ATR, and Card Production Life Cycle (CPLC) data. While sufficient to pair the purchased card to its original certificate when bought from a trustworthy seller, such static metadata stored on the card can easily be manipulated. We extend the currently used card identification with a more descriptive set of metadata extracted from supported functionality, performance profiling, and properties of generated cryptographic keys. All of this information can be obtained directly by the evaluation facility, appended to the certificate, and later verified by the end-user with no need for any special knowledge or equipment, resulting in a better assurance about the purchased product. We developed a suite of open tools for the extraction of such characteristics and collected results for a set of more than 100 different smartcards. The database, openly available, demonstrates the significant variability in the measured properties and allows us to estimate the trends in support of different cryptographic algorithms as provided by the JavaCard platform.
ER  -

ŠVENDA, Petr, Rudolf KVAŠŇOVSKÝ, Imrich NAGY a Antonín DUFKA. JCAlgTest: Robust identification metadata for certified smartcards. Online. In Sabrina De Capitani di Vimercati. \textit{Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT 2022)}. Portugal: INSTICC, 2022, s.~597-604. ISBN~978-989-758-590-6. Dostupné z: https://dx.doi.org/10.5220/0011294000003283.

Podrobný výpis o publikaci