[26/06/08] CORRECTION: Misunderstanding about the meaning of “smart card” …
UPDATE: Sadly, it seems that I was wrong about the fact that the project includes a full software stack. Radboud researchers will only design a new application. Most of what I said still holds, but the implications are less dramatic, because we are not talking about an operating system, but just about an application.
This project sounds very exciting, for at least three reasons:
- It is an open source smart card project, and to my knowledge, the first one to include a full software stack.
- One of the arguments for going open source is security, as one of the goals of the project is to improve the privacy of transport cards.
- The main reason for the project is to protect the interest of society-at-large, by protecting both the end user’s privacy and the public investment, and their idea is to use an open specification and development process to do so.
This project should be taken seriously. It starts with a reasonably small target, since transport cards are rather simple. It does not include complicated things like application management. Nevertheless, it will include some cryptography, some protections for sensitive information, and other interesting security features. And since the target looks achievable, the project has more chances to be a success.
One of the objectives of the project is to organize peer reviews. This means that security buffs from around the world will be able to take a look at the code and suggest how to improve it. It also means that laboratories are likely to have access to this software and attempt to break it. And since this is an open source project, it will be possible to publish the results.
If this project is successful, it has the potential to have a great influence on smart card security, and more globally, on the way smart card-based systems work. The security level of that project, whatever it is, will become the minimum requirement on all smart card projects, since security analyses are likely to be public and therefore available to everybody, including bad guys. And don’t get me wrong, I have nothing against bad guys having access to this kind of information. They most likely already have access to it anyway, and it is better for the good guys to have a clear and shared idea of the state-of-the-art of attacks.
Not everything will be easy, though. Designing a new smart card application is not easy, and there are many constraints to be considered, from engineering issues like footprint and performance, to industrial issues like the management of secrets and the constraints on the production of the cards. I hope that people outside of Radboud University will be able to get involved in the project before the peer review, and I must admit that I will definitely try to get involved in some way or another.