In the few coming posts, we will define a secure channel protocol from scratch as an example, and provide an implementation for it. This example will also be used as a way to introduce the cryptographic mechanisms that exist in Java Card. Be careful, this is not a tutorial on cryptography. I am not a […]
Category Archives: Miscellaneous
JC301-2: Why change Java Card?
I have recented commented on the fact that parts of the Multos specification have not evolved since August 1997. Java Card was then at its 1.0 version, and in 10 years, has known 3 major releases: 2.0 introduced the new framework, 2.1 made it mature by defining binary-level interoperability, and 2.2 added a few missing […]
Large Card Collider
Today, CERN’S Large Hadron Collider has started working for the first time. It is not collecting data yet, but when it will, it will generate 300 Gb/second, requiring a significant amount of computing resources. This raw input will be filtered locally into a more reasonable stream of 300Mb/second. That stream will be again processed at […]
A few cards
The picture below is the face of the first GemXpresso card produced at Gemplus, for the Cartes 1997 demo. Those were not the firts Java Card cards (those would have to be Cyberflex cards), but they were the first cards compatible with Java Card 2.0. If you look at it in detail, you can see […]
JC301-1: Introducing Java Card 3.0
Foreword: The JC101 tutorial about Java Card 2 is getting closer to the end, now dealing with the subtleties of cryptography, testing, and other difficult tasks. As progress may slow to a crawl, it is time to start discussing the technology that actually started this blog, Java Card 3. – o – Your first program […]
JC101-17C: Communication Security Rationale
Foreword: If you have been following the tutorial, you may have noticed that the last post was numbered 13. There are therefore 3 missing posts. Like post 13, they should be dedicated to testing techniques (building a test plan, writing tests, etc.). However, writing tests without using proprietary tools is not as easy as I […]
NFC market in the coming years
Juniper Research has just published a study on Mobile Payments, 2008-2013, which is announced in a press release. The report promises wonderful things, like $75 billion in yearly mobile payments by 2013. The author of the report, Howard Wilcox, is however quite cautious, and he is cited in the press release as saying: Whilst trial […]
JC101-13C: Testing Java Card applications
My first intention was to continue on my security tutorial, by showing how we can include countermeasures in the password manager. However, since then, my colleagues tried to use this application in a training session, and I had to face a hard truth: my programs are buggy. Some of their bugs are not even subtle; […]
JC101-12C: Defending against attacks
UPDATED (05/06/08): Fixed problem with loops that zapped examples. UPDATED (06/06/08): Fixed some bugs. In the previous entry, we have looked at a few common attacks on smart cards. In this one, we will look at possible defenses against such attacks. Instead of applying them to our example, we will look at one simple example, […]
JC101-11C: Attacks on smart cards
Even without Java Card 3, there are many similarities between smart cards and web servers: They both receive requests from unknown origin and process them. They both manage potentially sensitive data that they need to protect. Of course, the exact attacks are different. Cross-site scripting is not really a smart card threat, but the countermeasure […]