Category Archives: Security

Topics about the security of Java Card programs, and more particularly about the possible countermeasures.

JC101-19C: Secure channel protocol

Starting a session Protocol For our session start, we will here use a classical architecture, but with slightly different commands. First, here is a definition of the exchanges between two actors (say, Alice and Bob) to start a secure session: Alice sends a 16-byte random number to a1 … a16 to Bob. Bob replies with […]

JC101-18C: Defining a secure channel from scratch

In the few coming posts, we will define a secure channel protocol from scratch as an example, and provide an implementation for it. This example will also be used as a way to introduce the cryptographic mechanisms that exist in Java Card. Be careful, this is not a tutorial on cryptography. I am not a […]

Live from e-Smart: Nijmegen strikes again

Wojciech Mostowski is a researcher from the Radboud University Nijmegen, and he is a frequent speaker at e-Smart. He even wa a finalist for the Java Card Forum a while ago. He has been spending years looking very closely at the Java Card specifications, trying to find issues in cards. Today, he is getting at […]

JC101-12C: Defending against attacks

UPDATED (05/06/08): Fixed problem with loops that zapped examples. UPDATED (06/06/08): Fixed some bugs. In the previous entry, we have looked at a few common attacks on smart cards. In this one, we will look at possible defenses against such attacks. Instead of applying them to our example, we will look at one simple example, […]

JC101-9C: Authentication and lifecycle

We now have reached the point where we have a fully functional password manager, which is able to store login information. However, this application is not complete, since it does not include any protection of these sensitive assets. Anybody who is able to select the application and who knows the application’s protocol will be able […]

Fault induction for dummies

Yesterday, I gave a talk at the SIT Smart Card Workshop in Darmstadt, a German conference on smart cards. It was my first appearance talking about Java Card 3, and the presentation was prepared on short notice. Still, there was a great welcome, although not everybody was convinced that this move was realistic. We’ll get […]

Should we deprecate DESKey.getKey() ?

The DESKey.getKey(byte[], short) method definitely is one of the most controversial methods of the Java Card 2.1 API. This method is quite simple; as stated in its description, it “Returns the Key data in plain text”. This definition is of course a nightmare for smart card security people: not only does it access the value […]

Open Source or Security through Obscurity ?

I strongly believe that keeping things secret is not a good idea, and that security cannot be achieved through obscurity. There are many convincing examples of this, even in the smart card industry. The infamous GSM algorithms are a perfect example: cryptography using secret algorithms is a bad idea, because the algorithms get broken. Following […]

Cards are OK, but is Chip & PIN OK ?

A significant part of my job is to evaluate the security of smart cards, in particular in the banking sector. The level of security achieved in today’s card is definitely quite good, and getting a PIN out of a banking smart card remains a very difficult task. Nevertheless, the latest paper of Cambridge’s research lab […]

Defensive virtual machines

The notion of defensive virtual machine is a bit awkward. The official presentation of the Java (Card) Virtual Machine describes it as inherently secure, so the notion of defensive is a bit contradictory with this message. In fact, the notion of defensive virtual machine is the result of a long process: Virtual machines usually present […]