LORENC, Václav, Tobiáš SMOLKA and Petr ŠVENDA. Automatic source code transformations for strengthening practical security of smart card applications. In Sborník příspěvků z 36. konference EurOpen.CZ. Plzeň: EurOpen.CZ. p. 93-115, 118 pp. ISBN 978-80-86583-19-8. 2010.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Automatic source code transformations for strengthening practical security of smart card applications
Name in Czech Automatická modifikace zdrojových kódů aplikací pro zvýšení bezpečnosti čipových karet
Authors LORENC, Václav (203 Czech Republic), Tobiáš SMOLKA (703 Slovakia) and Petr ŠVENDA (203 Czech Republic, guarantor).
Edition Plzeň, Sborník příspěvků z 36. konference EurOpen.CZ, p. 93-115, 118 pp. 2010.
Publisher EurOpen.CZ
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher Czech Republic
Confidentiality degree is not subject to a state or trade secret
WWW URL
RIV identification code RIV/00216224:14330/10:00044029
Organization unit Faculty of Informatics
ISBN 978-80-86583-19-8
Keywords in English smart card; power analysis; source code analysis; platform security
Tags Reviewed
Changed by Changed by: doc. RNDr. Petr Švenda, Ph.D., učo 4085. Changed: 31/5/2010 17:33.
Abstract
Smart card platforms like Java Card or .NET allow to implement portable applications that can be run on different smart card hardware. The resulting overall security of the applet is strongly dependent on the implementation of the smart card operating system, related libraries, as well as physical resistance and information leakage of the underlying hardware. Defenses implementable on the source code level for later case might exist, but such a situation is unfavorable for applet developer as multiple versions of applet must be maintained to support a wider range of smart cards (although all providing Java Card platform). In this paper we describe several practical attacks on modern smart cards, discuss possible defenses and propose a general framework for automatic replacement of vulnerable operations by safe equivalents. A code strengthening constructions can be also automatically inserted. Practical implementation and examples of usage are presented and discussed.
Abstract (in Czech)
Popis zranitelností platformy Java Card a nástroje pro automatickou modifikaci zdrojového kódu.
Links
LA09016, research and development projectName: Účast ČR v European Research Consortium for Informatics and Mathematics (ERCIM) (Acronym: ERCIM)
Investor: Ministry of Education, Youth and Sports of the CR, Czech Republic membership in the European Research Consortium for Informatics and Mathematics
PrintDisplayed: 20/4/2024 01:23