ŠVENDA, Petr, Rudolf KVAŠŇOVSKÝ, Imrich NAGY and Antonín DUFKA. JCAlgTest: Robust identification metadata for certified smartcards. Online. In Sabrina De Capitani di Vimercati. Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT 2022). Portugal: INSTICC, 2022, p. 597-604. ISBN 978-989-758-590-6. Available from: https://dx.doi.org/10.5220/0011294000003283.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name JCAlgTest: Robust identification metadata for certified smartcards
Authors ŠVENDA, Petr (203 Czech Republic, guarantor, belonging to the institution), Rudolf KVAŠŇOVSKÝ (703 Slovakia), Imrich NAGY (703 Slovakia) and Antonín DUFKA (203 Czech Republic).
Edition Portugal, Proceedings of the 19th International Conference on Security and Cryptography (SECRYPT 2022), p. 597-604, 8 pp. 2022.
Publisher INSTICC
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10200 1.2 Computer and information sciences
Country of publisher Portugal
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW Odkaz na autorský preprint
RIV identification code RIV/00216224:14330/22:00127469
Organization unit Faculty of Informatics
ISBN 978-989-758-590-6
ISSN 2184-7711
Doi http://dx.doi.org/10.5220/0011294000003283
UT WoS 000853004900065
Keywords in English smartcards javacard performance cryptography
Tags cryptography, firank_B, JavaCard, smart card security
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 14/5/2024 12:46.
Abstract
The certification of cryptographic smartcards under the Common Criteria or NIST FIPS140-2 is a well-established process, during which an evaluation facility validates the manufacturer's claims and issues a product certificate. The tested card is usually identified by its name, type, ATR, and Card Production Life Cycle (CPLC) data. While sufficient to pair the purchased card to its original certificate when bought from a trustworthy seller, such static metadata stored on the card can easily be manipulated. We extend the currently used card identification with a more descriptive set of metadata extracted from supported functionality, performance profiling, and properties of generated cryptographic keys. All of this information can be obtained directly by the evaluation facility, appended to the certificate, and later verified by the end-user with no need for any special knowledge or equipment, resulting in a better assurance about the purchased product. We developed a suite of open tools for the extraction of such characteristics and collected results for a set of more than 100 different smartcards. The database, openly available, demonstrates the significant variability in the measured properties and allows us to estimate the trends in support of different cryptographic algorithms as provided by the JavaCard platform.
Links
VJ02010010, research and development projectName: Nástroje pro verifikaci bezpečnosti kryptografických zařízení s využitím AI (Acronym: AI-SecTools)
Investor: Ministry of the Interior of the CR
PrintDisplayed: 20/7/2024 19:17