Podrobný výpis o publikaci

ŠVENDA, Petr. APDUPlay 1.0. 2011.

Další formáty: BibTeX LaTeX RIS

Základní údaje
Originální název	APDUPlay 1.0
Autoři	ŠVENDA, Petr (203 Česká republika, garant, domácí).
Vydání	2011.

Další údaje
Originální jazyk	angličtina
Typ výsledku	Software
Obor	10201 Computer sciences, information science, bioinformatics
Stát vydavatele	Česká republika
Utajení	není předmětem státního či obchodního tajemství
WWW	Application download and documentation
Kód RIV	RIV/00216224:14330/11:00056811
Organizační jednotka	Fakulta informatiky
Klíčová slova anglicky	smart card; logging; packet manipulation; security
Technické parametry	Platforma: MS Windows, Jazyk: C++
Změnil	Změnil: RNDr. Pavel Šmerk, Ph.D., učo 3880. Změněno: 18. 4. 2012 10:56.

Anotace
Security evaluation of implementation of cryptographic protocols between application and smart card may require tampering with communication channel, redirection to different device or capture and analysis of transported traffic. By introduction of random or patterned faults, implementation robustness can be tested. If the traffic is redirected to measurement device SCSAT04 (extended oscilloscope developed on VUT Brno), power analysis of smart card can be performed. Both operations are not currently supported by ordinary software applications commonly used with PC/SC interface and therefore own application APDUPlay was implemented to facilitate this task. APDUPlay works as transparent proxy between application and smart card by introduction of additional layer into PC/SC subsystem on MS Windows XP/Vista/7 platform. The project APDUPlay allows to log and manipulate communication realized via PC/SC interface and is providing following functionality: 1) Log content and additional information about exchanged PC/SC communication, visualize and prepare for further processing 2) Manipulate communication in real time based on predefined rules 3) Redirect communication via socket to other device/computer The project was developed to support security evaluation and testing of smart card applications both on data level (apdu packet visualization and manipulation to test correctness of implementation of security functions) and side channel level (power analysis consumption potentially resulting in code reverse engineering and cryptographic secret exposure).

Anotace

Security evaluation of implementation of cryptographic protocols between application and smart card may require tampering with communication channel, redirection to different device or capture and analysis of transported traffic. By introduction of random or patterned faults, implementation robustness can be tested. If the traffic is redirected to measurement device SCSAT04 (extended oscilloscope developed on VUT Brno), power analysis of smart card can be performed. Both operations are not currently supported by ordinary software applications commonly used with PC/SC interface and therefore own application APDUPlay was implemented to facilitate this task. APDUPlay works as transparent proxy between application and smart card by introduction of additional layer into PC/SC subsystem on MS Windows XP/Vista/7 platform. The project APDUPlay allows to log and manipulate communication realized via PC/SC interface and is providing following functionality: 1) Log content and additional information about exchanged PC/SC communication, visualize and prepare for further processing 2) Manipulate communication in real time based on predefined rules 3) Redirect communication via socket to other device/computer The project was developed to support security evaluation and testing of smart card applications both on data level (apdu packet visualization and manipulation to test correctness of implementation of security functions) and side channel level (power analysis consumption potentially resulting in code reverse engineering and cryptographic secret exposure).

Návaznosti
LA09016, projekt VaV	Název: Účast ČR v European Research Consortium for Informatics and Mathematics (ERCIM) (Akronym: ERCIM)
LA09016, projekt VaV	Investor: Ministerstvo školství, mládeže a tělovýchovy ČR, Účast ČR v European Research Consortium for Informatics and Mathematics