[26/06/08] CORRECTION: Misunderstanding about the meaning of “smart card” …
UPDATE: Sadly, it seems that I was wrong about the fact that the project includes a full software stack. Radboud researchers will only design a new application. Most of what I said still holds, but the implications are less dramatic, because we are not talking about an operating system, but just about an application.
The team that published a nice security flaw in Mifare Classic is going to work on fixing that bug, and they are going to open source the result. They will be funded by th NLnet Foundation to do so.
This project sounds very exciting, for at least three reasons:
- It is an open source smart card project, and to my knowledge, the first one to include a full software stack.
- One of the arguments for going open source is security, as one of the goals of the project is to improve the privacy of transport cards.
- The main reason for the project is to protect the interest of society-at-large, by protecting both the end user’s privacy and the public investment, and their idea is to use an open specification and development process to do so.
This project should be taken seriously. It starts with a reasonably small target, since transport cards are rather simple. It does not include complicated things like application management. Nevertheless, it will include some cryptography, some protections for sensitive information, and other interesting security features. And since the target looks achievable, the project has more chances to be a success.
One of the objectives of the project is to organize peer reviews. This means that security buffs from around the world will be able to take a look at the code and suggest how to improve it. It also means that laboratories are likely to have access to this software and attempt to break it. And since this is an open source project, it will be possible to publish the results.
If this project is successful, it has the potential to have a great influence on smart card security, and more globally, on the way smart card-based systems work. The security level of that project, whatever it is, will become the minimum requirement on all smart card projects, since security analyses are likely to be public and therefore available to everybody, including bad guys. And don’t get me wrong, I have nothing against bad guys having access to this kind of information. They most likely already have access to it anyway, and it is better for the good guys to have a clear and shared idea of the state-of-the-art of attacks.
Not everything will be easy, though. Designing a new smart card application is not easy, and there are many constraints to be considered, from engineering issues like footprint and performance, to industrial issues like the management of secrets and the constraints on the production of the cards. I hope that people outside of Radboud University will be able to get involved in the project before the peer review, and I must admit that I will definitely try to get involved in some way or another.
Eric, thank You for this blog entry. Can you maybe tag it so it goes together with two earlier blog posts about open source Java Card OS?
http://javacard.vetilles.com/2007/05/09/open-source-java-card/
http://javacard.vetilles.com/2007/05/22/open-source-or-security-through-obscurity/
You know from my comments that I support such a movement. I would like to have it extended though: also the chip design should go with it and be an open hardware. But maybe this would be too much to ask for.
Sadly indeed this isn’t a complete stack.
Recently I surveyed what’s available as open-source software/technologies around smart card, see link at http://pierreheuze.blogspot.com/2008/06/open-source-card-projects.html
To me it would make a lot of sense for a open-source community to emerge as the market is too fragmented. The attempts so far haven’t been encouraging. So it would be interesting to see what emerges from the project at the Radboud University.