The adoption rate of JavaCard features by certified products
and open-source projects

D 2024

The adoption rate of JavaCard features by certified products and open-source projects

ZAORAL, Lukáš, Antonín DUFKA a Petr ŠVENDA

Základní údaje

Originální název

The adoption rate of JavaCard features by certified products and open-source projects

Autoři

ZAORAL, Lukáš (203 Česká republika), Antonín DUFKA (203 Česká republika, domácí) a Petr ŠVENDA (203 Česká republika, garant, domácí)

Vydání

Springer Nature Switzerland, Smart Card Research and Advanced Applications, od s. 169-189, 21 s. 2024

Nakladatel

Springer, Cham

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

Odkaz na autorský pre-print

Organizační jednotka

Fakulta informatiky

ISBN

978-3-031-54408-8

DOI

http://dx.doi.org/10.1007/978-3-031-54409-5_9

Klíčová slova anglicky

Smartcard;JavaCard;Security certification;Open-source

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 15. 10. 2024 10:15, RNDr. Antonín Dufka

Anotace

V originále

JavaCard is the most prevalent platform for cryptographic smartcards nowadays. Despite having more than 20 billion smartcards shipped with it and thirteen revisions since the JavaCard API specification was first published more than two decades ago, uptake of newly added features, cryptographic algorithms or their parameterizations, and systematic analysis of overall activity is missing. We fill this gap by mapping the activity of the JavaCard ecosystem from publicly available sources with a focus on 1) security certification documents available under Common Criteria and FIPS140 schemes and 2) activity and resources required by JavaCard applets released in an open-source domain. The analysis performed on all certificates issued between the years 1997-2023 and on more than 200 public JavaCard applets shows that new features from JavaCard specification are adopted slowly, typically taking six or more years. Open-source applets utilize new features even later, likely due to the unavailability of recent performant smartcards in smaller quantities. Additionally, almost 70% of constants defined in JavaCard API specification are completely unused in open-source applets. The applet portability improves with recent cards, and transient memory requirements (scarce resource on smartcards) are typically small. While twenty or more products have been consistently certified every year since 2009, the open-source ecosystem became more active around 2013 but seemed to decline in the past two years. As a result, the whole smartcard ecosystem might be negatively impacted by limited exposure to new ideas and usage scenarios, serving only well-established domains and potentially harming its long-term competitiveness.

Návaznosti

MUNI/A/1389/2022, interní kód MU

Název: Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur s forenzními aspekty, zpracování dat pokročilých sensorů a algoritmy plánování v dopravě a logistice

Investor: Masarykova univerzita, Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur s forenzními aspekty, zpracování dat pokročilých sensorů a algoritmy plánování v dopravě a logistice

VJ02010010, projekt VaV

Název: Nástroje pro verifikaci bezpečnosti kryptografických zařízení s využitím AI (Akronym: AI-SecTools)

Investor: Ministerstvo vnitra ČR, Tools for AI-enhanced Security Verification of Cryptographic Devices

Citovat

ZAORAL, Lukáš, Antonín DUFKA a Petr ŠVENDA. The adoption rate of JavaCard features by certified products and open-source projects. Online. In Bhasin, S., Roche, T. Smart Card Research and Advanced Applications. Springer Nature Switzerland: Springer, Cham, 2024, s. 169-189. ISBN 978-3-031-54408-8. Dostupné z: https://dx.doi.org/10.1007/978-3-031-54409-5_9.

@inproceedings{2368320,
   author = {Zaoral, Lukáš and Dufka, Antonín and Švenda, Petr},
   address = {Springer Nature Switzerland},
   booktitle = {Smart Card Research and Advanced Applications},
   doi = {http://dx.doi.org/10.1007/978-3-031-54409-5_9},
   editor = {Bhasin, S., Roche, T.},
   keywords = {Smartcard;JavaCard;Security certification;Open-source},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Springer Nature Switzerland},
   isbn = {978-3-031-54408-8},
   pages = {169-189},
   publisher = {Springer, Cham},
   title = {The adoption rate of JavaCard features by certified products and open-source projects},
   url = {https://crocs.fi.muni.cz/_media/publications/pdf/2023-cardis-javacard.pdf},
   year = {2024}
}

TY  - JOUR
ID  - 2368320
AU  - Zaoral, Lukáš - Dufka, Antonín - Švenda, Petr
PY  - 2024
TI  - The adoption rate of JavaCard features by certified products and open-source projects
PB  - Springer, Cham
CY  - Springer Nature Switzerland
SN  - 9783031544088
KW  - Smartcard;JavaCard;Security certification;Open-source
UR  - https://crocs.fi.muni.cz/_media/publications/pdf/2023-cardis-javacard.pdf
N2  - JavaCard is the most prevalent platform for cryptographic smartcards nowadays. Despite having more than 20 billion smartcards shipped with it and thirteen revisions since the JavaCard API specification was first published more than two decades ago, uptake of newly added features, cryptographic algorithms or their parameterizations, and systematic analysis of overall activity is missing. We fill this gap by mapping the activity of the JavaCard ecosystem from publicly available sources with a focus on 1) security certification documents available under Common Criteria and FIPS140 schemes and 2) activity and resources required by JavaCard applets released in an open-source domain. The analysis performed on all certificates issued between the years 1997-2023 and on more than 200 public JavaCard applets shows that new features from JavaCard specification are adopted slowly, typically taking six or more years. Open-source applets utilize new features even later, likely due to the unavailability of recent performant smartcards in smaller quantities. Additionally, almost 70% of constants defined in JavaCard API specification are completely unused in open-source applets. The applet portability improves with recent cards, and transient memory requirements (scarce resource on smartcards) are typically small. While twenty or more products have been consistently certified every year since 2009, the open-source ecosystem became more active around 2013 but seemed to decline in the past two years. As a result, the whole smartcard ecosystem might be negatively impacted by limited exposure to new ideas and usage scenarios, serving only well-established domains and potentially harming its long-term competitiveness.
ER  -

ZAORAL, Lukáš, Antonín DUFKA a Petr ŠVENDA. The adoption rate of JavaCard features by certified products and open-source projects. Online. In Bhasin, S., Roche, T. \textit{Smart Card Research and Advanced Applications}. Springer Nature Switzerland: Springer, Cham, 2024, s.~169-189. ISBN~978-3-031-54408-8. Dostupné z: https://dx.doi.org/10.1007/978-3-031-54409-5\_{}9.

Podrobný výpis o publikaci